Configure a private network
Private network wireless solutions provide seamless, secure access to your corporate network. You can enable private network on your FortiExtender using the following commands:
config lte plan
edit test
set private-network enable
end
end
Configure Virtual-WAN interface
Step 1: Config VWAN health check
config hmon hchk
edit vw_mb1_hc
set protocol ping
set interval 5
set probe-cnt 1
set probe-tm 2
set probe-target 8.8.8.8
set interface wan
set src-type none
set filter rtt loss
next
edit vw_mb2_hc
set protocol ping
set interval 5
set probe-cnt 1
set probe-tm 2
set probe-target 8.8.8.8
set interface lte1
set src-type none
set filter rtt loss
next
end
Step 2: Configure VWAN members
config system vwan-member
edit mb1
set target target.wan
set priority 1
set weight 1
set in-bandwidth-threshold 0
set out-bandwidth-threshold 0
set total-bandwidth-threshold 0
set health-check vw_mb1_hc
set health-check-fail-threshold 5
set health-check-success-threshold 5
set link-cost-factor packet-loss latency jitter
set latency-threshold 5
set jitter-threshold 5
set packetloss-threshold 100
next
edit mb2
set target target.lte1
set priority 10
set weight 1
set in-bandwidth-threshold 0
set out-bandwidth-threshold 0
set total-bandwidth-threshold 0
set health-check vw_mb2_hc
set health-check-fail-threshold 5
set link-cost-factor packet-loss latency jitter
set latency-threshold 5
set jitter-threshold 5
set packetloss-threshold 100
Step 3: Configure VWAN interface
config system interface
edit vwan1
set type virtual-wan
set status up
set algorithm redundant
set redundant-by priority
set FEC source_dest_ip_pair
set session-timeout 60
set grace-period 0
set members mb1 mb2
next
end
Step 4: Confirm the subnet of LAN, and configure a network address instance
config network address
edit lan
set type ipmask
set subnet 192.168.2.0/24
next
end
Step 5: Configure firewall policies
config firewall policy
edit vwan_permit_out
set srcintf any
set dstintf vwan1
set srcaddr lan
set dstaddr all
set action accept
set status enable
set service ALL
set nat disable
next
edit vw_mb1_nat
set srcintf any
set dstintf wan
set srcaddr lan
set dstaddr all
set action accept
set status enable
set service ALL
set nat enable
next
edit vw_mb2_nat
set srcintf any
set dstintf lte1
set srcaddr lan
set dstaddr all
set action accept
set status enable
set service ALL
set nat enable
next
end
Step 6: Configure router policy
config router policy
edit to_vwan
set input-device
set srcaddr lan
set dstaddr all
set service ALL
set target target.vwan1
set status enable
set comment
next
end