Hitless failover in WAN-extension mode in HA configuration

In the following HA configuration, the FortiGates are connect to the FortiExtender LAN interface which has port2 and port3.

FX201E5919000165 # config system interface
FX201E5919000165 (interface) # show all
config system interface
    edit lan
        set type lan-switch
        set status up
        set mode static
        set ip 192.168.140.40/24
        set gateway 192.168.140.61
        set mtu-override enable
        set mtu 1500
        set distance 50
        set vrrp-virtual-mac enable
        config vrrp
            set status disable
        end
        set allowaccess ping telnet http https ssh snmp
    next
FX201E5919000165 # config system lan-switch
FX201E5919000165 (lan-switch) # show
config system lan-switch
    config ports
        edit port2
        next
        edit port3
        next
    end
end
FX201E5919000165 # config system management
FX201E5919000165 (management) # show
config system management
    set discovery-type fortigate
    config fortigate
        set ac-discovery-type static
        config static-ac-addr
            edit 1
                set server 192.168.140.61
            next
        end
        set ac-ctl-port 5246
        set ac-data-port 25246
        set discovery-intf lan
        set ingress-intf lan
    end
    config cloud
        set dispatcher fortiextender-dispatch.forticloud.com
        set dispatcher-port 443
        set mode nat
        set proxy disable
    end
    config local
        set mode ip-passthrough
    end
    config local-access
        set http 80
        set https 443
        set ssh 22
        set telnet 23
        set idle-timeout 480
    end
    config fortigate-backup
        set vrrp-interface
        set status disable
    end
end

Upon successful connection, the status of the FortiExtender show the connected FortiGates' names in the controller-name field, as shown in the following code example.

FX201E5919000165 # get extender status
Extender Status
    name : FX201E5919000165
    mode : CAPWAP
    session : active
      fext-addr : 192.168.140.40
      ingress-intf : lan
      fext-wan-addr : 100.100.143.89
      controller-addr : 192.168.140.61:5246,25246
      controller-name : FG200E4Q17913693
      uptime : 1 days, 0 hours, 28 minutes, 57 seconds
      management-state : CWWS_RUN
    session : standby
      fext-addr : 192.168.140.40
      ingress-intf : lan
      fext-wan-addr : 100.100.143.89
      controller-addr : 192.168.140.61:5248,25248
      controller-name : FG200ETK19908988
      uptime : 1 days, 0 hours, 28 minutes, 55 seconds
      management-state : CWWS_RUN
    base-mac : 04:D5:90:47:D9:69
    network-mode : ip-passthrough (vlan)
    fgt-backup-mode : backup
    discovery-type : static
    discovery-interval : 5
    echo-interval : 30
    report-interval : 30
    statistics-interval : 120
    mdm-fw-server : fortiextender-firmware.forticloud.com
    os-fw-server : fortiextender-firmware.forticloud.com

Hitless failover in WAN-extension mode in HA configuration

In the following HA configuration, the FortiGates are connect to the FortiExtender LAN interface which has port2 and port3.

FX201E5919000165 # config system interface FX201E5919000165 (interface) # show all config system interface edit lan set type lan-switch set status up set mode static set ip 192.168.140.40/24 set gateway 192.168.140.61 set mtu-override enable set mtu 1500 set distance 50 set vrrp-virtual-mac enable config vrrp set status disable end set allowaccess ping telnet http https ssh snmp next FX201E5919000165 # config system lan-switch FX201E5919000165 (lan-switch) # show config system lan-switch config ports edit port2 next edit port3 next end end FX201E5919000165 # config system management FX201E5919000165 (management) # show config system management set discovery-type fortigate config fortigate set ac-discovery-type static config static-ac-addr edit 1 set server 192.168.140.61 next end set ac-ctl-port 5246 set ac-data-port 25246 set discovery-intf lan set ingress-intf lan end config cloud set dispatcher fortiextender-dispatch.forticloud.com set dispatcher-port 443 set mode nat set proxy disable end config local set mode ip-passthrough end config local-access set http 80 set https 443 set ssh 22 set telnet 23 set idle-timeout 480 end config fortigate-backup set vrrp-interface set status disable end end

Upon successful connection, the status of the FortiExtender show the connected FortiGates' names in the controller-name field, as shown in the following code example.

FX201E5919000165 # get extender status Extender Status name : FX201E5919000165 mode : CAPWAP session : active fext-addr : 192.168.140.40 ingress-intf : lan fext-wan-addr : 100.100.143.89 controller-addr : 192.168.140.61:5246,25246 controller-name : FG200E4Q17913693 uptime : 1 days, 0 hours, 28 minutes, 57 seconds management-state : CWWS_RUN session : standby fext-addr : 192.168.140.40 ingress-intf : lan fext-wan-addr : 100.100.143.89 controller-addr : 192.168.140.61:5248,25248 controller-name : FG200ETK19908988 uptime : 1 days, 0 hours, 28 minutes, 55 seconds management-state : CWWS_RUN base-mac : 04:D5:90:47:D9:69 network-mode : ip-passthrough (vlan) fgt-backup-mode : backup discovery-type : static discovery-interval : 5 echo-interval : 30 report-interval : 30 statistics-interval : 120 mdm-fw-server : fortiextender-firmware.forticloud.com os-fw-server : fortiextender-firmware.forticloud.com

Admin Guide (FGT-Managed)

Hitless failover in WAN-extension mode in HA configuration

Hitless failover in WAN-extension mode in HA configuration

Hitless failover in WAN-extension mode in HA configuration