Fortinet black logo

New Features

IPAM in FortiExtender LAN extension mode 7.0.4

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:788687
Download PDF

IPAM in FortiExtender LAN extension mode 7.0.4

After authorizing the FortiExtender in LAN-extension mode, the FortiExtender controller generates a new lan-extension interface.

The LAN client connecting to the FortiExtender LAN interface will get DHCP allocation from the lan-extension interface. It can then reach the Internet via the firewall policy in the FortiExtender controller.

Topology

To configure IPAM in FortiExtender lan-extension interface in the GUI:
  1. On the FortiGate device, go to Interfaces. You will see that the LAN extension interface has already been created in the FortiExtender controller.
  2. In the LAN Extension section, highlight the lan-extension interface (FX0035919000000), and select Edit.
  3. For Addressing mode, select Auto-managed by IPAM > Enable IPAM.
  4. For IPAM Settings > Status, select Enable and then OK. The IP pool now is selected for FX0035919000000.
  5. Note

    The subnet configured above is for a standalone device.

    If the FortiGate is a Security Fabric Downstream device, the subnet in the pool will be sent from the Security Fabric Root device.

    The IP and DHCP server on FX0035919000000 will be set accordingly.

    The client will get DHCP allocation from FX0035919000000.

    Note

    The client is a FortiGate-61F whose wan1 connects the lan-interface on the FortiExtender.

To configure IPAM in FortiExtender lan-extension interface in the CLI:

Originally, the lan-extension interface has the following options after the FortiExtender is authorized:

config system interface
    edit "FX0035919000000"
        set vdom "root"
        set type lan-extension
        set role lan
        set snmp-index 27
        config ipv6
            set ip6-send-adv enable
            set ip6-other-flag enable
        end
        set interface "fext-ipsec-wiUx"
    next
end

After IPAM is set as the addressing mode for FX0035919000000 in the GUI, the following steps are created in CLI:

config system ipam
    set status enable
end

config system interface
    edit "FX0035919000000"
        set vdom "root"
        set ip 172.31.0.1 255.255.255.0
        set type lan-extension
        set role lan
        set snmp-index 27
        set ip-managed-by-fortiipam enable
        config ipv6
            set ip6-send-adv enable
            set ip6-other-flag enable
        end
        set interface "fext-ipsec-wiUx"
    next
end

config system dhcp server
    edit 3
        set dns-service default
        set default-gateway 172.31.0.1
        set netmask 255.255.255.0
        set interface "FX0035919000000"
        config ip-range
            edit 1
                set start-ip 172.31.0.1
                set end-ip 172.31.0.254
            next
        end
        set dhcp-settings-from-fortiipam enable
        config exclude-range
            edit 1
                set start-ip 172.31.0.1
                set end-ip 172.31.0.1
            next
        end
    next
end

IPAM in FortiExtender LAN extension mode 7.0.4

After authorizing the FortiExtender in LAN-extension mode, the FortiExtender controller generates a new lan-extension interface.

The LAN client connecting to the FortiExtender LAN interface will get DHCP allocation from the lan-extension interface. It can then reach the Internet via the firewall policy in the FortiExtender controller.

Topology

To configure IPAM in FortiExtender lan-extension interface in the GUI:
  1. On the FortiGate device, go to Interfaces. You will see that the LAN extension interface has already been created in the FortiExtender controller.
  2. In the LAN Extension section, highlight the lan-extension interface (FX0035919000000), and select Edit.
  3. For Addressing mode, select Auto-managed by IPAM > Enable IPAM.
  4. For IPAM Settings > Status, select Enable and then OK. The IP pool now is selected for FX0035919000000.
  5. Note

    The subnet configured above is for a standalone device.

    If the FortiGate is a Security Fabric Downstream device, the subnet in the pool will be sent from the Security Fabric Root device.

    The IP and DHCP server on FX0035919000000 will be set accordingly.

    The client will get DHCP allocation from FX0035919000000.

    Note

    The client is a FortiGate-61F whose wan1 connects the lan-interface on the FortiExtender.

To configure IPAM in FortiExtender lan-extension interface in the CLI:

Originally, the lan-extension interface has the following options after the FortiExtender is authorized:

config system interface
    edit "FX0035919000000"
        set vdom "root"
        set type lan-extension
        set role lan
        set snmp-index 27
        config ipv6
            set ip6-send-adv enable
            set ip6-other-flag enable
        end
        set interface "fext-ipsec-wiUx"
    next
end

After IPAM is set as the addressing mode for FX0035919000000 in the GUI, the following steps are created in CLI:

config system ipam
    set status enable
end

config system interface
    edit "FX0035919000000"
        set vdom "root"
        set ip 172.31.0.1 255.255.255.0
        set type lan-extension
        set role lan
        set snmp-index 27
        set ip-managed-by-fortiipam enable
        config ipv6
            set ip6-send-adv enable
            set ip6-other-flag enable
        end
        set interface "fext-ipsec-wiUx"
    next
end

config system dhcp server
    edit 3
        set dns-service default
        set default-gateway 172.31.0.1
        set netmask 255.255.255.0
        set interface "FX0035919000000"
        config ip-range
            edit 1
                set start-ip 172.31.0.1
                set end-ip 172.31.0.254
            next
        end
        set dhcp-settings-from-fortiipam enable
        config exclude-range
            edit 1
                set start-ip 172.31.0.1
                set end-ip 172.31.0.1
            next
        end
    next
end