Fortinet white logo
Fortinet white logo

Admin Guide (Standalone)

Configure a private network

Configure a private network

Private network wireless solutions provide seamless, secure access to your corporate network. You can enable private network on your FortiExtender using the following commands:

config lte plan

edit test

set private-network enable

end

end

Configure Virtual-WAN interface

Step 1: Config VWAN health check

config hmon hchk

edit vw_mb1_hc

set protocol ping

set interval 5

set probe-cnt 1

set probe-tm 2

set probe-target 8.8.8.8

set interface wan

set src-type none

set filter rtt loss

next

edit vw_mb2_hc

set protocol ping

set interval 5

set probe-cnt 1

set probe-tm 2

set probe-target 8.8.8.8

set interface lte1

set src-type none

set filter rtt loss

next

end

Step 2: Configure VWAN members

config system vwan-member

edit mb1

set target target.wan

set priority 1

set weight 1

set in-bandwidth-threshold 0

set out-bandwidth-threshold 0

set total-bandwidth-threshold 0

set health-check vw_mb1_hc

set health-check-fail-threshold 5

set health-check-success-threshold 5

next

edit mb2

set target target.lte1

set priority 10

set weight 1

set in-bandwidth-threshold 0

set out-bandwidth-threshold 0

set total-bandwidth-threshold 0

set health-check vw_mb2_hc

set health-check-fail-threshold 5

set health-check-success-threshold 5

next

end

Step 3: Configure VWAN interface

config system interface

edit vwan1

set type virtual-wan

set status up

set algorithm redundant

set redundant-by priority

set FEC source_dest_ip_pair

set session-timeout 60

set grace-period 0

set members mb1 mb2

next

end

Step 4: Confirm the subnet of LAN, and configure a network address instance

config network address

edit lan

set type ipmask

set subnet 192.168.2.0/24

next

end

Step 5: Configure firewall policies

config firewall policy

edit vwan_permit_out

set srcintf any

set dstintf vwan1

set srcaddr lan

set dstaddr all

set action accept

set status enable

set service ALL

set nat disable

next

edit vw_mb1_nat

set srcintf any

set dstintf wan

set srcaddr lan

set dstaddr all

set action accept

set status enable

set service ALL

set nat enable

next

edit vw_mb2_nat

set srcintf any

set dstintf lte1

set srcaddr lan

set dstaddr all

set action accept

set status enable

set service ALL

set nat enable

next

end

Step 6: Configure router policy

config router policy

edit to_vwan

set input-device

set srcaddr lan

set dstaddr all

set service ALL

set target target.vwan1

set status enable

set comment

next

end

Configure a private network

Configure a private network

Private network wireless solutions provide seamless, secure access to your corporate network. You can enable private network on your FortiExtender using the following commands:

config lte plan

edit test

set private-network enable

end

end

Configure Virtual-WAN interface

Step 1: Config VWAN health check

config hmon hchk

edit vw_mb1_hc

set protocol ping

set interval 5

set probe-cnt 1

set probe-tm 2

set probe-target 8.8.8.8

set interface wan

set src-type none

set filter rtt loss

next

edit vw_mb2_hc

set protocol ping

set interval 5

set probe-cnt 1

set probe-tm 2

set probe-target 8.8.8.8

set interface lte1

set src-type none

set filter rtt loss

next

end

Step 2: Configure VWAN members

config system vwan-member

edit mb1

set target target.wan

set priority 1

set weight 1

set in-bandwidth-threshold 0

set out-bandwidth-threshold 0

set total-bandwidth-threshold 0

set health-check vw_mb1_hc

set health-check-fail-threshold 5

set health-check-success-threshold 5

next

edit mb2

set target target.lte1

set priority 10

set weight 1

set in-bandwidth-threshold 0

set out-bandwidth-threshold 0

set total-bandwidth-threshold 0

set health-check vw_mb2_hc

set health-check-fail-threshold 5

set health-check-success-threshold 5

next

end

Step 3: Configure VWAN interface

config system interface

edit vwan1

set type virtual-wan

set status up

set algorithm redundant

set redundant-by priority

set FEC source_dest_ip_pair

set session-timeout 60

set grace-period 0

set members mb1 mb2

next

end

Step 4: Confirm the subnet of LAN, and configure a network address instance

config network address

edit lan

set type ipmask

set subnet 192.168.2.0/24

next

end

Step 5: Configure firewall policies

config firewall policy

edit vwan_permit_out

set srcintf any

set dstintf vwan1

set srcaddr lan

set dstaddr all

set action accept

set status enable

set service ALL

set nat disable

next

edit vw_mb1_nat

set srcintf any

set dstintf wan

set srcaddr lan

set dstaddr all

set action accept

set status enable

set service ALL

set nat enable

next

edit vw_mb2_nat

set srcintf any

set dstintf lte1

set srcaddr lan

set dstaddr all

set action accept

set status enable

set service ALL

set nat enable

next

end

Step 6: Configure router policy

config router policy

edit to_vwan

set input-device

set srcaddr lan

set dstaddr all

set service ALL

set target target.vwan1

set status enable

set comment

next

end