Interface configuration guideline
The following are the general guidelines regarding system interface configurations.
Physical interface(s)
FortiExtender (Standalone) LAN interface(s) can be configured in DHCP or static IP addressing mode. When FortiExtender (Standalone) is in NAT mode, you can also configure a DHCP server to distribute IP addresses from the FortiExtender (Standalone) physical Ethernet interface to the devices behind it.
FortiExtender (Standalone) also comes with a WAN physical interface.
LTE interface
The LTE interface only works in DHCP mode and acquires IP addresses directly from wireless NSPs. See Cellular capabilities.
Tunnel interface
Tunnel interfaces are automatically created when IPsec VPN Tunnels are created. A tunnel interface is a Layer-3 interface which doesn’t have an IP address. All traffic sent to the tunnel interface is encapsulated in a VPN tunnel and received from the other end point of the tunnel. It can be used by firewall, routing, and SD-WAN, but cannot be used by VPN.
Virtual-WAN interface
A Virtual-WAN interface is an aggregation of multiple up-links. It works as a common interface because all traffic to it is load-balanced among multiple links.
It can be used by firewall, routing, but cannot be used by SD-WAN or VPN.
LAN interface configuration example:
# config system interface
(interface) # edit lan
(lan) # set type physical
(lan) # set status up
(lan) # set mode static
(lan) # set ip 192.168.2.1/24
(lan) # set mtu 1400
(lan) # set allowaccess http ping telnet
(lan) # end
WAN interface configuration example:
FX211E5919000009 # config system interface FX211E5919000009 (interface) # edit wan FX211E5919000009 (wan) # show edit wan set type physical set status up set mode dhcp set mtu-override enable set mtu 1500 set vrrp-virtual-mac enable config vrrp set status disable end set allowaccess next FX211E5919000009 (wan) # set allowaccess ping http telnet ssh https
snmp FX211E5919000009 (wan) #