Version:

Version:


Table of Contents

Download PDF
Copy Link

Discovery response lockdown

By default, FortiGate can automatically generate a FortiExtender entry if a newly added FortiExtender discovers it, that is to say when the FortiExtender is sending a discovery request.

In order to avoid rogue devices to detect or scan the FortiGate, you can enable "fortiextender-discovery-lockdown" to ensure that discovery response is only sent to a pre-authorized device.

Once enabled, the FortiGate will not automatically generate an extender entry when a newly discovered FortiExtender joins the network. Instead, it will only accept discovery request from a pre-authorized extender entry. By default, "fortiextender-discovery-lockdown" is disabled. You can enable it using the following command:

config system global
      set fortiextender-discovery-lockdown enable
  end

Discovery response lockdown

By default, FortiGate can automatically generate a FortiExtender entry if a newly added FortiExtender discovers it, that is to say when the FortiExtender is sending a discovery request.

In order to avoid rogue devices to detect or scan the FortiGate, you can enable "fortiextender-discovery-lockdown" to ensure that discovery response is only sent to a pre-authorized device.

Once enabled, the FortiGate will not automatically generate an extender entry when a newly discovered FortiExtender joins the network. Instead, it will only accept discovery request from a pre-authorized extender entry. By default, "fortiextender-discovery-lockdown" is disabled. You can enable it using the following command:

config system global
      set fortiextender-discovery-lockdown enable
  end