After authorizing the FortiExtender in LAN-extension mode, the FortiExtender controller generates a new lan-extension interface.
The LAN client connecting to the FortiExtender LAN interface will get DHCP allocation from the lan-extension interface. It can then reach the Internet via the firewall policy in the FortiExtender controller.
- On the FortiGate device, go to Interfaces. You will see that the LAN extension interface has already been created in the FortiExtender controller.
- In the LAN Extension section, highlight the lan-extension interface (FX0035919000000), and select Edit.
- For Addressing mode, select Auto-managed by IPAM > Enable IPAM.
- For IPAM Settings > Status, select Enable and then OK. The IP pool now is selected for FX0035919000000.
The subnet configured above is for a standalone device.
If the FortiGate is a Security Fabric Downstream device, the subnet in the pool will be sent from the Security Fabric Root device.
The IP and DHCP server on FX0035919000000 will be set accordingly.
The client will get DHCP allocation from FX0035919000000.
The client is a FortiGate-61F whose wan1 connects the lan-interface on the FortiExtender.
Originally, the lan-extension interface has the following options after the FortiExtender is authorized:
config system interface edit "FX0035919000000" set vdom "root" set type lan-extension set role lan set snmp-index 27 config ipv6 set ip6-send-adv enable set ip6-other-flag enable end set interface "fext-ipsec-wiUx" next end
After IPAM is set as the addressing mode for FX0035919000000 in the GUI, the following steps are created in CLI:
config system ipam set status enable end config system interface edit "FX0035919000000" set vdom "root" set ip 172.31.0.1 255.255.255.0 set type lan-extension set role lan set snmp-index 27 set ip-managed-by-fortiipam enable config ipv6 set ip6-send-adv enable set ip6-other-flag enable end set interface "fext-ipsec-wiUx" next end config system dhcp server edit 3 set dns-service default set default-gateway 172.31.0.1 set netmask 255.255.255.0 set interface "FX0035919000000" config ip-range edit 1 set start-ip 172.31.0.1 set end-ip 172.31.0.254 next end set dhcp-settings-from-fortiipam enable config exclude-range edit 1 set start-ip 172.31.0.1 set end-ip 172.31.0.1 next end next end