Typically in transparent mode, you do not permit packets to move between different VLANs. If required, you create another security policy to permit packets to flow from the external VLAN interface to the internal VLAN interface. You then create a security policy to permit packets to flow from the internal VLAN interface to the external VLAN interface. To pass VLAN traffic through the FortiGate unit, you add two VLAN subinterfaces with the same VLAN ID, one to the internal interface and the other to the external interface. You can configure the unit to apply different policies for traffic on each VLAN in the trunk. The FortiGate external interface forwards VLAN-tagged packets through another VLAN trunk to an external VLAN switch or router and on to external networks such as the Internet. In a typical configuration, the FortiGate unit internal interface accepts VLAN packets on a VLAN trunk from a VLAN switch or router connected to internal network VLANs. You can insert the FortiGate unit operating in transparent mode into the VLAN trunk without making changes to your network. The limits in transparent mode apply to IEEE 802.1Q VLAN trunks passing through the unit.
There are some limitations in transparent mode in that you cannot use SSL VPN, PPTP/L2TP VPN, DHCP server, or easily perform NAT on traffic.
In transparent mode, the FortiGate unit behaves like a layer-2 bridge but can still provide services such as antivirus scanning, web filtering, spam filtering and intrusion protection to traffic.
0 kommentar(er)
