Fortinet black logo

Admin Guide (FGT-Managed)

Home FortiExtender 7.2.0 Admin Guide (FGT-Managed)

Support for device password and allowed protocols for FortiExtender in FortiGate.

7.2.0
7.4.1
7.4.0
7.2.5
7.2.0
7.0.3
7.0.2
7.0.1
Copy Link
Copy Doc ID e2c8cf6a-ac5a-11ec-9fd1-fa163e15d75b:92368
Download PDF

Support for device password and allowed protocols for FortiExtender in FortiGate.

This feature enables you to configure FortiExtender admin password from FortiGate. You can also configure allowaccess of the ingress interface from the FortiGate so that the FortiGate can manage the FortiExtender based on the protocol specified in allowaccess.

For FortiExtenders configured as WAN extension in FortiGate, the ingress interface is the one specified in "ingress-intf" under "config system management fortigate". In the following example, the allowaccess of the "lan" interface will be changed as the configuration from the FortiGate. The value of "ingress-intf" will be automatically filled by the system when the FortiExtender is managed by the FortiGate. It cannot be edited or unset.

 FX201E5919000027 # config system management fortigate
     FX201E5919000027 (fortigate) # show
     config system management fortigate
         set ac-discovery-type broadcast
         set ac-ctl-port 5246
         set ac-data-port 25246
         set discovery-intf lan
         set ingress-intf lan <=== The value cannot be edited and unset
     end

For a FortiExtender configured as LAN extension of a FortiGate, the ingress interface is "le-switch", whose allowaccess will be changed as the configuration from the FortiGate. In the following example, the "le-switch" is a predefined switch interface which will be automatically generated by the system when the FortiExtender is managed by the FortiGate. The entry "le-switch" under "config system switch-interface" is read-only and cannot be edited or deleted.

config system switch-interface

edit le-switch <=== The entry cannot be edited or deleted

set members le-agg-link lan

set stp disable

next

end

Previous
Next

Support for device password and allowed protocols for FortiExtender in FortiGate.

This feature enables you to configure FortiExtender admin password from FortiGate. You can also configure allowaccess of the ingress interface from the FortiGate so that the FortiGate can manage the FortiExtender based on the protocol specified in allowaccess.

For FortiExtenders configured as WAN extension in FortiGate, the ingress interface is the one specified in "ingress-intf" under "config system management fortigate". In the following example, the allowaccess of the "lan" interface will be changed as the configuration from the FortiGate. The value of "ingress-intf" will be automatically filled by the system when the FortiExtender is managed by the FortiGate. It cannot be edited or unset.

 FX201E5919000027 # config system management fortigate
     FX201E5919000027 (fortigate) # show
     config system management fortigate
         set ac-discovery-type broadcast
         set ac-ctl-port 5246
         set ac-data-port 25246
         set discovery-intf lan
         set ingress-intf lan <=== The value cannot be edited and unset
     end

For a FortiExtender configured as LAN extension of a FortiGate, the ingress interface is "le-switch", whose allowaccess will be changed as the configuration from the FortiGate. In the following example, the "le-switch" is a predefined switch interface which will be automatically generated by the system when the FortiExtender is managed by the FortiGate. The entry "le-switch" under "config system switch-interface" is read-only and cannot be edited or deleted.

config system switch-interface

edit le-switch <=== The entry cannot be edited or deleted

set members le-agg-link lan

set stp disable

next

end

Previous
Next