Fortinet black logo

Admin Guide (FGT-Managed)

Home FortiExtender 7.2.0 Admin Guide (FGT-Managed)

Discovery response lockdown

7.2.0
7.4.1
7.4.0
7.2.5
7.2.0
7.0.3
7.0.2
7.0.1
Copy Link
Copy Doc ID e2c8cf6a-ac5a-11ec-9fd1-fa163e15d75b:585765
Download PDF

Discovery response lockdown

By default, FortiGate automatically generate a FortiExtender entry if a newly added FortiExtender discovers it, that is to say when the FortiExtender is sending a discovery request.

In order to prevent rogue devices from detecting or scanning the FortiGate, you can enable "fortiextender-discovery-lockdown" to ensure that the discovery response is sent to a pre-authorized device only.

Once enabled, the FortiGate will not automatically generate an extender entry when a newly discovered FortiExtender joins the network. Instead, it will only accept discovery request from a pre-authorized extender entry. By default, "fortiextender-discovery-lockdown" is disabled. You can enable it using the following command:

config system global
      set fortiextender-discovery-lockdown enable
  end
Previous
Next

Discovery response lockdown

By default, FortiGate automatically generate a FortiExtender entry if a newly added FortiExtender discovers it, that is to say when the FortiExtender is sending a discovery request.

In order to prevent rogue devices from detecting or scanning the FortiGate, you can enable "fortiextender-discovery-lockdown" to ensure that the discovery response is sent to a pre-authorized device only.

Once enabled, the FortiGate will not automatically generate an extender entry when a newly discovered FortiExtender joins the network. Instead, it will only accept discovery request from a pre-authorized extender entry. By default, "fortiextender-discovery-lockdown" is disabled. You can enable it using the following command:

config system global
      set fortiextender-discovery-lockdown enable
  end
Previous
Next