Transparent Mode

Video Activity

In this video, you will learn how to configure SSL VPN for a remote worker to connect to a FortiGate-protected network, and enforce your security policies. You will create a remote worker named Jack. When Jack works at home, or on his travels, he can go to the web portal using any device with Internet access and FortiClient. The SSL VPN tunnel prov...

Join over 3 million cybersecurity professionals advancing their career
Sign up with
Required fields are marked with an *
or

Already have an account? Sign In »

Time
1 hour 35 minutes
Difficulty
Beginner
CEU/CPE
2
Video Description

In this video, you will learn how to configure SSL VPN for a remote worker to connect to a FortiGate-protected network, and enforce your security policies. You will create a remote worker named Jack. When Jack works at home, or on his travels, he can go to the web portal using any device with Internet access and FortiClient. The SSL VPN tunnel provides an encrypted communication path for Jack to connect to internal network connections and protected Internet access. Visit Fortinet's documentation library at http://docs.fortinet.com.

Video Transcription
00:00
>> In this video, you will learn how to add a FortiGate
00:00
in transparent mode to
00:00
your existing network configuration.
00:00
Adding security with no added complexity.
00:00
A FortiGate in transparent mode performs
00:00
no routing or network address translation,
00:00
but can still filter and scan traffic.
00:00
It will silently log traffic and apply
00:00
security profiles like application control, antivirus,
00:00
and web filtering with
00:00
no indication that the FortiGate is there,
00:00
giving you an invisible line of security
00:00
between the Internet and your internal network.
00:00
First, open the FortiGate dashboard to change
00:00
the FortiGate's operation mode from NAT to transparent.
00:00
Changing it will remove some of your configuration.
00:00
We recommend you select backup in
00:00
the system information widget before continuing.
00:00
Select "Change" next to operation mode.
00:00
Set the operation mode to
00:00
transparent and enter a management IP net mask,
00:00
and the default gateway IP to the Internet.
00:00
Visit the new management IP
00:00
>> to get back to the interface.
00:00
>> Now, you'll need to create a policy
00:00
to allow traffic through the FortiGate,
00:00
go to "Policy and Objects",
00:00
"IPV4", and create a new policy.
00:00
Set the incoming interface to the interface
00:00
>> that will connect to the internal network,
00:00
>> and set the outgoing interface to
00:00
the interface that will connect to
00:00
the router and Internet.
00:00
Configure the rest as normal, setting addresses
00:00
and services to all to allow all traffic through.
00:00
Skip enabling security features for now,
00:00
so you can be sure that the network setup is working.
00:00
Scroll down to logging options
00:00
and enable log allowed traffic.
00:00
Selecting all sessions to
00:00
ensure that all traffic is logged.
00:00
Now go to "System", "Dashboard",
00:00
"Status", and find the system resources widget.
00:00
Select "Shutdown" to power off the FortiGate unit,
00:00
or enter execute shut down in the CLI console.
00:00
Wait until the device powers off completely,
00:00
and then connect the router to the Internet facing
00:00
interface and the internal network
00:00
to the internal port interface.
00:00
Power on the FortiGate unit and wait for it to load.
00:00
Open a browser from a computer
00:00
on the internal network and browse
00:00
the Internet to ensure that you've
00:00
connected the devices properly.
00:00
Once you've verified that the setup is working,
00:00
open the FortiGate interface and go
00:00
to "Policy and Objects", "IPV4",
00:00
and edit your internal to Internet policy.
00:00
Scroll down to the security profile section
00:00
and enable some default profiles,
00:00
such as antivirus,
00:00
application control, and web filtering.
00:00
They can be configured further by going to
00:00
security profiles in the interface.
00:00
Open a browser and browse the Internet again.
00:00
You will have direct access to any Internet resources.
00:00
Meanwhile, the FortiGate will
00:00
be scanning your traffic for
00:00
viruses and logging your application use.
00:00
You can view the log traffic by going to
00:00
"Log and Report", "Forward Traffic" log.
00:00
Thank you for watching.
00:00
If you need further details,
00:00
you can visit docs.fortinet.com at
00:00
anytime to access our complete documentation library.
Up Next