Version:

Version:


Table of Contents

Download PDF
Copy Link

LAN extension configuration in a profile

The following example shows the lan extension configuration in an LAN extension profile.

FortiGate (extender-profile) # get FX200F-lanext-default
name : FX200F-lanext-default
id : 4
model : FX200F
extension : lan-extension
allowaccess :
login-password-change: no
enforce-bandwidth : enable
bandwidth-limit : 200
lan-extension:
link-loadbalance : loadbalance
ipsec-tunnel : fext-ipsec-rthk
backhaul-interface : lan
backhaul-ip :
backhaul:
== [ 1 ]
name: 1
== [ 2 ]
name: 2
Parameter Description
name The profile entry name
id The profile ID (for system internal record)
model The FortiExtender model for this profile
extension [lan-extension | wan-extension] The extension type for this profile
alloweaccess [telent|http|https|snmp|ping|ssh] The multi-option setting for the lan-extension switch interface of the FortiExtender. For more details, refer to "Allowaccess for LAN extension".
login-password-change [yes|no|default] The setting of admin password of FortiExtenders. For more details, ones can refer to the section of "Admin login password"
enforce-bandwidth [enable|disable]

Enable or disable enforcement of bandwidth limit.

Note: "enforce-bandwidth", which is disabled by default, is used to limit the egress bandwidth used to send traffic from FortiExtender. For more details, refer to "Bandwidth limit for LAN extension".

bandwidth-limit Specify the bandwidth limit.

link-loadbalance [activebackup | loadbalance]

Two ports are configured for FortiExtender for load-balancing. For activebackup mode, you can configure "role" (primary or secondary) on the two backhaul ports. For loadbalance mode, you can configure "weight" on each backhaul port.

ipsec-tunnel

This is the IPsec tunnel interface that will be used in underlying data transportation. It provide secure connection between a FortiExtender and a FortiGate. This entry will be auto-generated and the setting here is for information.

backhaul-interface

This is the egress interface for data transportation between the FortiGate and the other FortiExtenders using this profile. The default will be automatically filled with the interface that is used to manage FortiExtender. You can configure it based on your network topology.

backhaul-ip

This is used for FortiGate behind a NAT device (or DNAT, LoadBalancer, etc.). The backhaul-ip is the external IP of the NAT device. For more details, refer to "The backhaul IP for LAN extension".

The following is an example of backhaul configuration.

FortiGate (backhaul) # edit 1
   FortiGate (1) # get
   name : 1
   port : port1
   weight : 1

If link-loadbalance is configured as "activebackup", the following will be shown.

name : 1

port : port1

role : primary

Parameter Description
name The name of the backhaul entry.
port The port in FortiExtender that sends traffic to FortiGate in LAN extension.
weight

Enter the weight if the link-loadbalance is configured as "loadbalance"

role [primary | secondary]

Specify whether the port is primary or secondary.

 

LAN extension configuration in a profile

The following example shows the lan extension configuration in an LAN extension profile.

FortiGate (extender-profile) # get FX200F-lanext-default
name : FX200F-lanext-default
id : 4
model : FX200F
extension : lan-extension
allowaccess :
login-password-change: no
enforce-bandwidth : enable
bandwidth-limit : 200
lan-extension:
link-loadbalance : loadbalance
ipsec-tunnel : fext-ipsec-rthk
backhaul-interface : lan
backhaul-ip :
backhaul:
== [ 1 ]
name: 1
== [ 2 ]
name: 2
Parameter Description
name The profile entry name
id The profile ID (for system internal record)
model The FortiExtender model for this profile
extension [lan-extension | wan-extension] The extension type for this profile
alloweaccess [telent|http|https|snmp|ping|ssh] The multi-option setting for the lan-extension switch interface of the FortiExtender. For more details, refer to "Allowaccess for LAN extension".
login-password-change [yes|no|default] The setting of admin password of FortiExtenders. For more details, ones can refer to the section of "Admin login password"
enforce-bandwidth [enable|disable]

Enable or disable enforcement of bandwidth limit.

Note: "enforce-bandwidth", which is disabled by default, is used to limit the egress bandwidth used to send traffic from FortiExtender. For more details, refer to "Bandwidth limit for LAN extension".

bandwidth-limit Specify the bandwidth limit.

link-loadbalance [activebackup | loadbalance]

Two ports are configured for FortiExtender for load-balancing. For activebackup mode, you can configure "role" (primary or secondary) on the two backhaul ports. For loadbalance mode, you can configure "weight" on each backhaul port.

ipsec-tunnel

This is the IPsec tunnel interface that will be used in underlying data transportation. It provide secure connection between a FortiExtender and a FortiGate. This entry will be auto-generated and the setting here is for information.

backhaul-interface

This is the egress interface for data transportation between the FortiGate and the other FortiExtenders using this profile. The default will be automatically filled with the interface that is used to manage FortiExtender. You can configure it based on your network topology.

backhaul-ip

This is used for FortiGate behind a NAT device (or DNAT, LoadBalancer, etc.). The backhaul-ip is the external IP of the NAT device. For more details, refer to "The backhaul IP for LAN extension".

The following is an example of backhaul configuration.

FortiGate (backhaul) # edit 1
   FortiGate (1) # get
   name : 1
   port : port1
   weight : 1

If link-loadbalance is configured as "activebackup", the following will be shown.

name : 1

port : port1

role : primary

Parameter Description
name The name of the backhaul entry.
port The port in FortiExtender that sends traffic to FortiGate in LAN extension.
weight

Enter the weight if the link-loadbalance is configured as "loadbalance"

role [primary | secondary]

Specify whether the port is primary or secondary.