Fortinet black logo

Admin Guide

Home FortiExtender 4.1.2 Admin Guide

Interface configuration guideline

4.1.2
4.2.2
4.2.1
4.2.0
4.1.3
4.1.2
4.1.1
4.0.2
4.0.0
Copy Link
Copy Doc ID f815156d-f108-11e9-8977-00505692583a:136078
Download PDF

Interface configuration guideline

The following are the general guidelines regarding system interface configurations.

Physical interface(s)

FortiExtender LAN interface(s) can be configured in DHCP or static IP addressing mode. When FortiExtender is in NAT mode, you can also configure a DHCP server to distribute IP addresses from the FortiExtender physical Ethernet interface to the devices behind it.

FortiExtender-201E also comes with a WAN physical interface.

LTE interface

The LTE interface only works in DHCP mode and acquires IP addresses directly from wireless NSPs. See Cellular capabilities.

Tunnel interface

Tunnel interfaces are automatically created when IPsec VPN Tunnels are created. A tunnel interface is a Layer-3 interface which doesn’t have an IP address. All traffic sent to the tunnel interface is encapsulated in a VPN tunnel and received from the other end point of the tunnel. It can be used by firewall, routing, and SD-WAN, but cannot be used by VPN.

Virtual-WAN interface

A Virtual-WAN interface is an aggregation of multiple up-links. It works as a common interface because all traffic to it is load-balanced among multiple links.

It can be used by firewall, routing, but cannot be used by SD-WAN or VPN.

Interface configuration example:

# config system interface

(interface) # edit lan

(lan) # set type physical

(lan) # set status up

(lan) # set mode static

(lan) # set ip 192.168.2.1/24

(lan) # set mtu 1400

(lan) # set allowaccess http ping telnet

(lan) # end

Previous
Next

Interface configuration guideline

The following are the general guidelines regarding system interface configurations.

Physical interface(s)

FortiExtender LAN interface(s) can be configured in DHCP or static IP addressing mode. When FortiExtender is in NAT mode, you can also configure a DHCP server to distribute IP addresses from the FortiExtender physical Ethernet interface to the devices behind it.

FortiExtender-201E also comes with a WAN physical interface.

LTE interface

The LTE interface only works in DHCP mode and acquires IP addresses directly from wireless NSPs. See Cellular capabilities.

Tunnel interface

Tunnel interfaces are automatically created when IPsec VPN Tunnels are created. A tunnel interface is a Layer-3 interface which doesn’t have an IP address. All traffic sent to the tunnel interface is encapsulated in a VPN tunnel and received from the other end point of the tunnel. It can be used by firewall, routing, and SD-WAN, but cannot be used by VPN.

Virtual-WAN interface

A Virtual-WAN interface is an aggregation of multiple up-links. It works as a common interface because all traffic to it is load-balanced among multiple links.

It can be used by firewall, routing, but cannot be used by SD-WAN or VPN.

Interface configuration example:

# config system interface

(interface) # edit lan

(lan) # set type physical

(lan) # set status up

(lan) # set mode static

(lan) # set ip 192.168.2.1/24

(lan) # set mtu 1400

(lan) # set allowaccess http ping telnet

(lan) # end

Previous
Next