Fortinet black logo

Manage dual FortiExtender devices

Copy Link
Copy Doc ID 28937826-5dea-11ec-bdf2-fa163e15d75b:410509
Download PDF

Manage dual FortiExtender devices

Active/Passive mode

By default, each FortiGate device can support up to two FortiExtender devices at a time. The first FortiExtender linked interface can be configured to have a lower distance than the second FortiExtender linked interface.

Active/Active mode

To have access to active internet sessions on both FortiExtender devices simultaneously, authorize both FortiExtender devices and configure the distance, priority, and firewall policies accordingly.

Cellular as backup of Ethernet WAN

In this redundant mode of operation, the FortiExtender daemon running on the FortiGate monitors a given WAN link on the FortiGate, and brings up the FortiExtender’s cellular internet access when the WAN link is down and brings down the FortiExtender cellular internet when the WAN link comes up. For example:

config extender-controller extender
    edit <FEX SN>
        set authorized enable
        config modem1
            set ifname <fext-wan interface>
            set redundant-mode enable
            set redundant-intf <wan interface, ie wan1>
        end
    next
end

In this mode of operation, the FortiExtender interface comes up if the WAN interface goes down and goes down if the WAN interface comes up.

SD-WAN

FortiOS recognizes and uses FortiExtender as a valid interface within an SD-WAN interface zone. Using SD-WAN, FortiGate becomes a WAN path controller and supports diverse connectivity methods. With FortiExtender, 3G/4G/5G can be used as the primary connection, a backup interface, or a load-balanced WAN access method with Application-Aware WAN path control selection. It provides high availability and QoS for business-critical applications by using the best effort access for low-priority applications through low-cost links and backup service through associations with a FortiExtender link. This enables aggregation of multiple interfaces into a single SD-WAN interface using a single policy.

To accomplish this:
  1. Add the FortiExtender interface as a member of the SD-WAN interface, as illustrated below.
  2. Define the priority rule, for instance, with the Best Quality strategy based on the Latency or Jitter criterion as shown in the following example.
  3. Order or combine your policies as illustrated below.
  4. Monitor the 4G/5G link health using the integrated Performance SLA tool in FortiGate.

Manage dual FortiExtender devices

Active/Passive mode

By default, each FortiGate device can support up to two FortiExtender devices at a time. The first FortiExtender linked interface can be configured to have a lower distance than the second FortiExtender linked interface.

Active/Active mode

To have access to active internet sessions on both FortiExtender devices simultaneously, authorize both FortiExtender devices and configure the distance, priority, and firewall policies accordingly.

Cellular as backup of Ethernet WAN

In this redundant mode of operation, the FortiExtender daemon running on the FortiGate monitors a given WAN link on the FortiGate, and brings up the FortiExtender’s cellular internet access when the WAN link is down and brings down the FortiExtender cellular internet when the WAN link comes up. For example:

config extender-controller extender
    edit <FEX SN>
        set authorized enable
        config modem1
            set ifname <fext-wan interface>
            set redundant-mode enable
            set redundant-intf <wan interface, ie wan1>
        end
    next
end

In this mode of operation, the FortiExtender interface comes up if the WAN interface goes down and goes down if the WAN interface comes up.

SD-WAN

FortiOS recognizes and uses FortiExtender as a valid interface within an SD-WAN interface zone. Using SD-WAN, FortiGate becomes a WAN path controller and supports diverse connectivity methods. With FortiExtender, 3G/4G/5G can be used as the primary connection, a backup interface, or a load-balanced WAN access method with Application-Aware WAN path control selection. It provides high availability and QoS for business-critical applications by using the best effort access for low-priority applications through low-cost links and backup service through associations with a FortiExtender link. This enables aggregation of multiple interfaces into a single SD-WAN interface using a single policy.

To accomplish this:
  1. Add the FortiExtender interface as a member of the SD-WAN interface, as illustrated below.
  2. Define the priority rule, for instance, with the Best Quality strategy based on the Latency or Jitter criterion as shown in the following example.
  3. Order or combine your policies as illustrated below.
  4. Monitor the 4G/5G link health using the integrated Performance SLA tool in FortiGate.