Fortinet white logo
Fortinet white logo

Admin Guide (Standalone)

Interface configuration guideline

Interface configuration guideline

The following are the general guidelines regarding system interface configurations.

Physical interface(s)

FortiExtender LAN interface(s) can be configured in DHCP or static IP addressing mode. When FortiExtender is in NAT mode, you can also configure a DHCP server to distribute IP addresses from the FortiExtender physical Ethernet interface to the devices behind it.

FortiExtender also comes with a WAN physical interface.

LTE interface

The LTE interface only works in DHCP mode and acquires IP addresses directly from wireless NSPs. See Cellular capabilities.

Tunnel interface

Tunnel interfaces are automatically created when IPsec VPN Tunnels are created. A tunnel interface is a Layer-3 interface which doesn’t have an IP address. All traffic sent to the tunnel interface is encapsulated in a VPN tunnel and received from the other end point of the tunnel. It can be used by firewall, routing, and SD-WAN, but cannot be used by VPN.

Virtual-WAN interface

A Virtual-WAN interface is an aggregation of multiple up-links. It works as a common interface because all traffic to it is load-balanced among multiple links.

It can be used by firewall, routing, but cannot be used by SD-WAN or VPN.

LAN interface configuration example:
config system interface
    edit lan
        set type lan-switch
        set status up
        set mode static
        set ip 192.168.180.45/24
        set gateway 
        set mtu-override disable
        set distance 50
        set vrrp-virtual-mac disable
        config vrrp
            set status disable
        end
        set allowaccess
WAN interface configuration example:
FX211E5919000009 # config system interface
FX211E5919000009 (interface) # edit wan
FX211E5919000009 (wan) # show
edit wan
    set type physical
    set status up
    set mode dhcp
    set mtu-override enable
    set mtu 1500
    set vrrp-virtual-mac enable
    config vrrp
        set status disable
    end
    set allowaccess
next

FX211E5919000009 (wan) # set allowaccess 
ping      
http      
telnet    
ssh       
https 
snmp    

FX211E5919000009 (wan) #

Interface configuration guideline

Interface configuration guideline

The following are the general guidelines regarding system interface configurations.

Physical interface(s)

FortiExtender LAN interface(s) can be configured in DHCP or static IP addressing mode. When FortiExtender is in NAT mode, you can also configure a DHCP server to distribute IP addresses from the FortiExtender physical Ethernet interface to the devices behind it.

FortiExtender also comes with a WAN physical interface.

LTE interface

The LTE interface only works in DHCP mode and acquires IP addresses directly from wireless NSPs. See Cellular capabilities.

Tunnel interface

Tunnel interfaces are automatically created when IPsec VPN Tunnels are created. A tunnel interface is a Layer-3 interface which doesn’t have an IP address. All traffic sent to the tunnel interface is encapsulated in a VPN tunnel and received from the other end point of the tunnel. It can be used by firewall, routing, and SD-WAN, but cannot be used by VPN.

Virtual-WAN interface

A Virtual-WAN interface is an aggregation of multiple up-links. It works as a common interface because all traffic to it is load-balanced among multiple links.

It can be used by firewall, routing, but cannot be used by SD-WAN or VPN.

LAN interface configuration example:
config system interface
    edit lan
        set type lan-switch
        set status up
        set mode static
        set ip 192.168.180.45/24
        set gateway 
        set mtu-override disable
        set distance 50
        set vrrp-virtual-mac disable
        config vrrp
            set status disable
        end
        set allowaccess
WAN interface configuration example:
FX211E5919000009 # config system interface
FX211E5919000009 (interface) # edit wan
FX211E5919000009 (wan) # show
edit wan
    set type physical
    set status up
    set mode dhcp
    set mtu-override enable
    set mtu 1500
    set vrrp-virtual-mac enable
    config vrrp
        set status disable
    end
    set allowaccess
next

FX211E5919000009 (wan) # set allowaccess 
ping      
http      
telnet    
ssh       
https 
snmp    

FX211E5919000009 (wan) #