18 Fortinet Inc.
VLAN Introduction
Transparent mode
Transparent mode provides the same basic firewall protection as NAT mode. Packets
received by the FortiGate unit are intelligently forwarded or blocked according to
firewall policies. The FortiGate unit can be inserted in your network at any point
without the need to make changes to your network or any of its components.
However, VPN, VLAN, multi-zone functionality, and some advanced firewall features
are only available in NAT/Route mode.
VLAN
Fortigate Antivirus Firewalls support IEEE 802.1Q-compliant virtual LAN (VLAN) tags.
Using VLAN technology a single FortiGate unit can provide security services to, and
control connections between multiple security domains according to the VLAN IDs
added to VLAN packets. The FortiGate unit can recognize VLAN IDs and apply
security policies to secure network and IPSec VPN traffic between each security
domain. It can also apply authentication, content filtering, and antivirus protection to
VLAN-tagged network and VPN traffic.
Network intrusion detection
The FortiGate Network Intrusion Detection System (NIDS) is a real-time network
intrusion detection sensor that detects and prevents a wide variety of suspicious
network activity. NIDS detection uses attack signatures to identify over 1000 attacks.
You can enable and disable the attacks that the NIDS detects. You can also write your
own user-defined detection attack signatures.
NIDS prevention detects and prevents many common denial of service and packet-
based attacks. You can enable and disable prevention attack signatures and
customize attack signature thresholds and other parameters.
To notify system administrators of the attack, the NIDS records the attack and any
suspicious traffic to the attack log and can be configured to send alert emails.
Fortinet updates NIDS attack definitions periodically. You can download and install
updated attack definitions manually, or you can configure the FortiGate to
automatically check for and download attack definition updates.
