Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Admin Guide (FGT-Managed)

    Home FortiExtender 7.4.0 Admin Guide (FGT-Managed)
    7.4.0
    7.6.0
    7.4.4
    7.4.1
    7.4.0
    7.2.5
    7.2.0
    7.0.3
    7.0.2
    7.0.1

    Allow FortiExtender to be managed and used in a non-root VDOM

    Allow FortiExtender to be managed and used in a non-root VDOM

    This feature allows FortiExtender to be managed and used in a non-root VDOM.

    GUI operating procedures

    1. The FortiExtender appears in the Network section in each VDOM.

    2. The FortiExtender can be discovered in the VDOM.
      Note

      The VDOM must get an interface (lan2) with Security Fabric Connection and a DHCP server. Then the FortiExtender can be discovered when connecting to lan2 port11.

    3. After it is authorized, the FortiExtender can provide an interface to the VDOM.
      Note

      The FortiExtender can be authorized to bond a FortiExtender type interface to the LTE modem.

      Note

      The FortiExtender is connected to the FortiGate after authorization.

      Note

      The FortiGate gets the IP and gateway for the FortiExtender type interface in the VDOM.

    4. A FortiExtender profile and data plan can be set up per VDOM.

    CLI operating procedures

    1. Set up the interface to discover FortiExtender in the VDOM.
      config system interface
    edit "lan2"
        set vdom "vdom1"
        set ip 192.168.4.99 255.255.255.0
        set allowaccess ping fabric
        set type hard-switch
        set snmp-index 32
    next
end
    2. Create a FortiExtender type interface in the VDOM.
      config system interface
    edit "fext-vdom1"
        set vdom "vdom1"
        set mode dhcp
        set type fext-wan
        set role wan
        set snmp-index 34
    next
end
    3. Authorize the discovered FortiExtender and bond the FortiExtender type interface.
      config extension-controller extender
    edit "FX004TQ21000005"
        set id "FXA11FTQ21000005"
        set authorized enable
        set device-id 1
        set extension-type wan-extension
        set profile "FXA11F-wanext-default"
        config wan-extension
            set modem1-extension "fext-vdom1"
        end
    next
end
    4. Check the IP and gateway from the FortiExtender interface.
      FortiGate-81E-POE (vdom1) # get system interface | grep fext-vdom1
== [ fext-vdom1 ]
name: fext-vdom1   mode: dhcp    ip: 10.197.73.229 255.255.255.252   status: up    netbios-forward: disable    type: fext-wan   netflow-sampler: disable    sflow-sampler: disable    src-check: enable    explicit-web-proxy: disable    explicit-ftp-proxy: disable    proxy-captive-portal: disable    mtu-override: disable    drop-overlapped-fragment: disable    drop-fragment: disable    

FortiGate-81E-POE (vdom1) # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       V - BGP VPNv4
       * - candidate default

Routing table for VRF=0
S*      0.0.0.0/0 [5/0] via 10.197.73.230, fext-vdom1, [1/0]
C       10.197.73.228/30 is directly connected, fext-vdom1
C       192.168.4.0/24 is directly connected, lan2
    5. Modify the FortiExtender profile.
      config extension-controller extender-profile
    edit "FXA11F-wanext-default"
        set id 4
        set model FXA11F
        set allowaccess ping telnet
        config cellular
            config sms-notification
            end
            config modem1
            end
        end
    next
end
    6. Create a FortiExtender data plan.
      config extension-controller dataplan
    edit "Rogers-v1"
        set type carrier
        set carrier "Rogers"
        set apn "ltemobile.apn"
        set capacity 200
    next
end
    Previous
    Next

    Allow FortiExtender to be managed and used in a non-root VDOM

    Allow FortiExtender to be managed and used in a non-root VDOM

    This feature allows FortiExtender to be managed and used in a non-root VDOM.

    GUI operating procedures

    1. The FortiExtender appears in the Network section in each VDOM.

    2. The FortiExtender can be discovered in the VDOM.
      Note

      The VDOM must get an interface (lan2) with Security Fabric Connection and a DHCP server. Then the FortiExtender can be discovered when connecting to lan2 port11.

    3. After it is authorized, the FortiExtender can provide an interface to the VDOM.
      Note

      The FortiExtender can be authorized to bond a FortiExtender type interface to the LTE modem.

      Note

      The FortiExtender is connected to the FortiGate after authorization.

      Note

      The FortiGate gets the IP and gateway for the FortiExtender type interface in the VDOM.

    4. A FortiExtender profile and data plan can be set up per VDOM.

    CLI operating procedures

    1. Set up the interface to discover FortiExtender in the VDOM.
      config system interface
    edit "lan2"
        set vdom "vdom1"
        set ip 192.168.4.99 255.255.255.0
        set allowaccess ping fabric
        set type hard-switch
        set snmp-index 32
    next
end
    2. Create a FortiExtender type interface in the VDOM.
      config system interface
    edit "fext-vdom1"
        set vdom "vdom1"
        set mode dhcp
        set type fext-wan
        set role wan
        set snmp-index 34
    next
end
    3. Authorize the discovered FortiExtender and bond the FortiExtender type interface.
      config extension-controller extender
    edit "FX004TQ21000005"
        set id "FXA11FTQ21000005"
        set authorized enable
        set device-id 1
        set extension-type wan-extension
        set profile "FXA11F-wanext-default"
        config wan-extension
            set modem1-extension "fext-vdom1"
        end
    next
end
    4. Check the IP and gateway from the FortiExtender interface.
      FortiGate-81E-POE (vdom1) # get system interface | grep fext-vdom1
== [ fext-vdom1 ]
name: fext-vdom1   mode: dhcp    ip: 10.197.73.229 255.255.255.252   status: up    netbios-forward: disable    type: fext-wan   netflow-sampler: disable    sflow-sampler: disable    src-check: enable    explicit-web-proxy: disable    explicit-ftp-proxy: disable    proxy-captive-portal: disable    mtu-override: disable    drop-overlapped-fragment: disable    drop-fragment: disable    

FortiGate-81E-POE (vdom1) # get router info routing-table all
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
       O - OSPF, IA - OSPF inter area
       N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
       E1 - OSPF external type 1, E2 - OSPF external type 2
       i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
       V - BGP VPNv4
       * - candidate default

Routing table for VRF=0
S*      0.0.0.0/0 [5/0] via 10.197.73.230, fext-vdom1, [1/0]
C       10.197.73.228/30 is directly connected, fext-vdom1
C       192.168.4.0/24 is directly connected, lan2
    5. Modify the FortiExtender profile.
      config extension-controller extender-profile
    edit "FXA11F-wanext-default"
        set id 4
        set model FXA11F
        set allowaccess ping telnet
        config cellular
            config sms-notification
            end
            config modem1
            end
        end
    next
end
    6. Create a FortiExtender data plan.
      config extension-controller dataplan
    edit "Rogers-v1"
        set type carrier
        set carrier "Rogers"
        set apn "ltemobile.apn"
        set capacity 200
    next
end
    Previous
    Next