Fortinet FortiGate 4000 Benutzerhandbuch

You typically use a FortiGate-4000 unit in Transparent mode on a private network 
behind an existing firewall or behind a router. The FortiGate-4000 unit performs 
firewall functions as well as antivirus and content scanning but not VPN.

The following interfaces are available in Transparent mode: 

• External: the interface to the external network (usually the Internet). 
• Internal: the interface to the internal network. 

Using HA, you can group two or more FortiGate-4000 units into an HA cluster. The HA 
cluster can operate in active-active mode or active-passive mode. 

An active-active HA cluster can increase virus scanning throughput by using load 
balancing to distribute virus scanning to all of the FortiGate units in the cluster.

An active-passive HA cluster provides failover so that if a functioning FortiGate-4000 
unit fails, processing is transferred to another FortiGate-4000 unit in the cluster 
without interrupting network service.

Once the FortiGate-4000 units are added to the HA cluster, the cluster functions on 
your network as a single FortiGate-4000 unit with one internal interface, one external 
interface, and one out of band management IP address. The cluster manages 
communication and load balancing between the FortiGate-4000 units in the cluster.

Because you can install up to 10 FortiGate-4000 units in a single FortiGate-4000 
chassis, you can configure multiple HA clusters. Each FortiGate-4000 unit can only 
belong to one cluster.

You can operate an HA cluster in NAT/Route or Transparent mode. A single 
FortiGate-4000 chassis can contain clusters operating in NAT/Route mode and 
clusters operating in Transparent mode. For more information on HA, see