By default, each FortiGate device can support up to two FortiExtender devices at a time. The first FortiExtender linked interface can be configured to have a lower distance than the second FortiExtender linked interface.
To have access to active Internet sessions on both FortiExtender devices simultaneously, authorize both FortiExtender devices and configure the distance, priority, and firewall policies accordingly.
In this redundant mode of operation, the FortiExtender daemon running on FortiGate monitors a given WAN link on the FortiGate, and brings up FortiExtender’s cellular Internet access when the WAN link is down and brings down the FortiExtender cellular Internet when the WAN link comes up. For example:
config extender-controller extender edit <FEX SN> set authorized enable config modem1 set ifname <fext-wan interface> set redundant-mode enable set redundant-intf <wan interface, ie wan1> end next end
In this mode of operation, the FortiExtender interface comes up if the WAN interface goes down and goes down if the WAN interface comes up.
FortiOS recognizes and uses FEX as a valid interface within an SD-WAN interface zone. Using SD-WAN, FortiGate becomes a WAN path controller and supports diverse connectivity methods. With FEX, 3G/4G/5G can be used as a primary connection, a backup interface, or a load-balanced WAN access method with Application-Aware WAN path control selection. It provides high availability and QoS for business-critical applications by using the best effort access for low-priority applications through low-cost links, and backs up service through associations with an FortiExtender link. This enables aggregation of multiple interfaces into a single SD-WAN interface using a single policy.
- Add the FortiExtender interface as a member of the SD-WAN interface, as illustrated below.
- Define the priority rule, as shown in the following example, for instance, with the Best Quality strategy based on the Latency or Jitter criterion.
- Order or combine your policies as illustrated below.
- Monitor the 4G/5G link health using the integrated Performance SLA tool in FortiGate.