Fortinet black logo

New Features

Allow FortiExtender to be managed and used in a non-root VDOM

Copy Link
Copy Doc ID 77966226-6996-11ec-bdf2-fa163e15d75b:749033
Download PDF

Allow FortiExtender to be managed and used in a non-root VDOM

This feature allows FortiExtender to be managed and used in a non-root VDOM.

GUI operating procedures

  1. The FortiExtender appears in the Network section in each VDOM.

  2. The FortiExtender can be discovered in the VDOM.
    Note

    The VDOM must get an interface (lan2) with Security Fabric Connection and a DHCP server. Then the FortiExtender can be discovered when connecting to lan2 port11.

  3. After it is authorized, the FortiExtender can provide an interface to the VDOM.
    Note

    The FortiExtender can be authorized to bond a FortiExtender type interface to the LTE modem.

    Note

    The FortiExtender is connected to the FortiGate after authorization.

    Note

    The FortiGate gets the IP and gateway for the FortiExtender type interface in the VDOM.

  4. A FortiExtender profile and data plan can be set up per VDOM.

CLI operating procedures

  1. Set up the interface to discover FortiExtender in the VDOM.
    config system interface
        edit "lan2"
            set vdom "vdom1"
            set ip 192.168.4.99 255.255.255.0
            set allowaccess ping fabric
            set type hard-switch
            set snmp-index 32
        next
    end
  2. Create a FortiExtender type interface in the VDOM.
    config system interface
        edit "fext-vdom1"
            set vdom "vdom1"
            set mode dhcp
            set type fext-wan
            set role wan
            set snmp-index 34
        next
    end
  3. Authorize the discovered FortiExtender and bond the FortiExtender type interface.
    config extender-controller extender
        edit "FX004TQ21000005"
            set id "FXA11FTQ21000005"
            set authorized enable
            set device-id 1
            set extension-type wan-extension
            set profile "FXA11F-wanext-default"
            config wan-extension
                set modem1-extension "fext-vdom1"
            end
        next
    end
  4. Check the IP and gateway from the FortiExtender interface.
    FortiGate-81E-POE (vdom1) # get system interface | grep fext-vdom1
    == [ fext-vdom1 ]
    name: fext-vdom1   mode: dhcp    ip: 10.197.73.229 255.255.255.252   status: up    netbios-forward: disable    type: fext-wan   netflow-sampler: disable    sflow-sampler: disable    src-check: enable    explicit-web-proxy: disable    explicit-ftp-proxy: disable    proxy-captive-portal: disable    mtu-override: disable    drop-overlapped-fragment: disable    drop-fragment: disable    
    
    FortiGate-81E-POE (vdom1) # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           V - BGP VPNv4
           * - candidate default
    
    Routing table for VRF=0
    S*      0.0.0.0/0 [5/0] via 10.197.73.230, fext-vdom1, [1/0]
    C       10.197.73.228/30 is directly connected, fext-vdom1
    C       192.168.4.0/24 is directly connected, lan2
  5. Modify the FortiExtender profile.
    config extender-controller extender-profile
        edit "FXA11F-wanext-default"
            set id 4
            set model FXA11F
            set allowaccess ping telnet
            config cellular
                config sms-notification
                end
                config modem1
                end
            end
        next
    end
  6. Create the FortiExtender data plan.
    config extender-controller dataplan
        edit "Rogers-v1"
            set type carrier
            set carrier "Rogers"
            set apn "ltemobile.apn"
            set capacity 200
        next
    end

Allow FortiExtender to be managed and used in a non-root VDOM

This feature allows FortiExtender to be managed and used in a non-root VDOM.

GUI operating procedures

  1. The FortiExtender appears in the Network section in each VDOM.

  2. The FortiExtender can be discovered in the VDOM.
    Note

    The VDOM must get an interface (lan2) with Security Fabric Connection and a DHCP server. Then the FortiExtender can be discovered when connecting to lan2 port11.

  3. After it is authorized, the FortiExtender can provide an interface to the VDOM.
    Note

    The FortiExtender can be authorized to bond a FortiExtender type interface to the LTE modem.

    Note

    The FortiExtender is connected to the FortiGate after authorization.

    Note

    The FortiGate gets the IP and gateway for the FortiExtender type interface in the VDOM.

  4. A FortiExtender profile and data plan can be set up per VDOM.

CLI operating procedures

  1. Set up the interface to discover FortiExtender in the VDOM.
    config system interface
        edit "lan2"
            set vdom "vdom1"
            set ip 192.168.4.99 255.255.255.0
            set allowaccess ping fabric
            set type hard-switch
            set snmp-index 32
        next
    end
  2. Create a FortiExtender type interface in the VDOM.
    config system interface
        edit "fext-vdom1"
            set vdom "vdom1"
            set mode dhcp
            set type fext-wan
            set role wan
            set snmp-index 34
        next
    end
  3. Authorize the discovered FortiExtender and bond the FortiExtender type interface.
    config extender-controller extender
        edit "FX004TQ21000005"
            set id "FXA11FTQ21000005"
            set authorized enable
            set device-id 1
            set extension-type wan-extension
            set profile "FXA11F-wanext-default"
            config wan-extension
                set modem1-extension "fext-vdom1"
            end
        next
    end
  4. Check the IP and gateway from the FortiExtender interface.
    FortiGate-81E-POE (vdom1) # get system interface | grep fext-vdom1
    == [ fext-vdom1 ]
    name: fext-vdom1   mode: dhcp    ip: 10.197.73.229 255.255.255.252   status: up    netbios-forward: disable    type: fext-wan   netflow-sampler: disable    sflow-sampler: disable    src-check: enable    explicit-web-proxy: disable    explicit-ftp-proxy: disable    proxy-captive-portal: disable    mtu-override: disable    drop-overlapped-fragment: disable    drop-fragment: disable    
    
    FortiGate-81E-POE (vdom1) # get router info routing-table all
    Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
           O - OSPF, IA - OSPF inter area
           N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
           E1 - OSPF external type 1, E2 - OSPF external type 2
           i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
           V - BGP VPNv4
           * - candidate default
    
    Routing table for VRF=0
    S*      0.0.0.0/0 [5/0] via 10.197.73.230, fext-vdom1, [1/0]
    C       10.197.73.228/30 is directly connected, fext-vdom1
    C       192.168.4.0/24 is directly connected, lan2
  5. Modify the FortiExtender profile.
    config extender-controller extender-profile
        edit "FXA11F-wanext-default"
            set id 4
            set model FXA11F
            set allowaccess ping telnet
            config cellular
                config sms-notification
                end
                config modem1
                end
            end
        next
    end
  6. Create the FortiExtender data plan.
    config extender-controller dataplan
        edit "Rogers-v1"
            set type carrier
            set carrier "Rogers"
            set apn "ltemobile.apn"
            set capacity 200
        next
    end