Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    7.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Configuring FortiGate LAN extension the GUI 7.4.1

    Configuring FortiGate LAN extension the GUI 7.4.1

    Note

    This information is also available in the FortiOS 7.4 Administration Guide:

    The FortiOS GUI supports configuring the FortiGate controller and connector for the FortiGate LAN extension feature.

    Example

    In this example, an FG-301E is the FortiGate controller, and CAPWAP access is allowed on port3. An FG-201F is the FortiGate connector with WAN port3 connected to the FortiGate controller, and LAN port5 is connected to the client PCs.

    To configure the FortiGate LAN extension:

    1. On the FortiGate controller, enable the FortiExtender setting. For high-end models (1000 series and higher) and VM models, enter:

      config system global
    set fortiextender enable
end

      Note

      This command is configured by default on entry-level and mid-range models (900 series and lower).

    2. On the FortiGate controller, configure the port3 settings:

      1. Go to Network > Interfaces and edit port3.

      2. Set the Addressing mode to IPAM.

      3. In this example, IPAM is not enabled yet. Click Enable IPAM. The IPAM Settings pane opens.

      4. Set the Status to Enabled, enable FortiExtender LAN extensions, then click OK.

      5. In the Administrative Access > IPv4 section, select Security Fabric Connection to enable CAPWAP on the interface.

      6. Enable DHCP Server.

      7. Click OK.

    3. On the FortiGate connector, enable VDOMs:

      1. Go to System > Settings.

      2. In the System Operation Settings sections, enable Virtual Domains.

      3. Click OK. You will be logged out of the device when VDOM mode is enabled.

    4. On the FortiGate connector, enable the FortiExtender setting. For high-end models (1000 series and higher) and VM models, enter:

      config system global
    set fortiextender enable
end

      Note

      This command is configured by default on entry-level and mid-range models (900 series and lower).

    5. On the FortiGate connector, configure the LAN extension VDOM:

      1. Go to System > VDOM and click Create New.

      2. Enter a name (lan-extvdom) and set the Type to LAN Extension.

      3. Click OK. The LAN Extension VDOM Created prompt appears.

      4. Click Go to interface list page to assign a role (LAN or WAN) and the LAN extension VDOM.

    6. On the FortiGate connector, edit port3:

      1. Set the Role to WAN.

      2. Set the Virtual domain to lan-extvdom.

      3. Click OK.

    7. On the FortiGate connector, edit port5:

      1. Set the Role to LAN.

      2. Set the Virtual domain to lan-extvdom.

      3. Click OK.

    8. On the FortiGate connector, select the LAN extension VDOM, and enter the IP address of the FortiGate controller:

      1. Go to Network > LAN Extension.

      2. Set the Access Controller (AC) address to 172.31.0.254.

      3. Click Apply.

    9. On the FortiGate controller, enable the FortiExtender feature visibility in the GUI, and authorize the FortiGate connector:

      1. Go to System > Feature Visibility. In the Additional Features section, enable FortiExtender and click Apply.

      2. Go to Network > FortiExtenders and select the Managed FortiExtenders tab.

      3. Select the device, then right-click and select Authorization > Authorize.

      4. Click OK to authorize the device.

    10. On the FortiGate controller, configure the LAN extension interface:

      1. Go to Network > Interfaces and edit the LAN extension interface.

      2. Set the Addressing mode to IPAM and set When to use IPAM to Inherit IPAM auto-manage settings (default).

      3. Enable DHCP Server, and configure the settings as needed (see DHCP servers and relays for more information).

      4. Click OK.

    11. On the FortiGate controller, configure the default gateway:

      1. Go to Network > Static Routes and edit the default gateway settings to specify the correct internet gateway address and WAN interface.

      2. Set the Gateway Address to 172.16.200.254.

      3. Set the Interface to mgmt.

      4. Click OK.

    12. On the FortiGate controller, configure the firewall policy to allow traffic to pass:

      1. Go to Policy & Objects > Firewall Policy and click Create New.

      2. Set the Incoming Interface to the LAN extension interface.

      3. Configure the other settings as needed.

      4. Click OK.

    13. On the FortiGate connector, verify that the LAN extension is connected:

      1. Go to Network > LAN Extension.

      2. Verify that the Status is Connected.

    Previous
    Next

    Configuring FortiGate LAN extension the GUI 7.4.1

    Configuring FortiGate LAN extension the GUI 7.4.1

    Note

    This information is also available in the FortiOS 7.4 Administration Guide:

    The FortiOS GUI supports configuring the FortiGate controller and connector for the FortiGate LAN extension feature.

    Example

    In this example, an FG-301E is the FortiGate controller, and CAPWAP access is allowed on port3. An FG-201F is the FortiGate connector with WAN port3 connected to the FortiGate controller, and LAN port5 is connected to the client PCs.

    To configure the FortiGate LAN extension:

    1. On the FortiGate controller, enable the FortiExtender setting. For high-end models (1000 series and higher) and VM models, enter:

      config system global
    set fortiextender enable
end

      Note

      This command is configured by default on entry-level and mid-range models (900 series and lower).

    2. On the FortiGate controller, configure the port3 settings:

      1. Go to Network > Interfaces and edit port3.

      2. Set the Addressing mode to IPAM.

      3. In this example, IPAM is not enabled yet. Click Enable IPAM. The IPAM Settings pane opens.

      4. Set the Status to Enabled, enable FortiExtender LAN extensions, then click OK.

      5. In the Administrative Access > IPv4 section, select Security Fabric Connection to enable CAPWAP on the interface.

      6. Enable DHCP Server.

      7. Click OK.

    3. On the FortiGate connector, enable VDOMs:

      1. Go to System > Settings.

      2. In the System Operation Settings sections, enable Virtual Domains.

      3. Click OK. You will be logged out of the device when VDOM mode is enabled.

    4. On the FortiGate connector, enable the FortiExtender setting. For high-end models (1000 series and higher) and VM models, enter:

      config system global
    set fortiextender enable
end

      Note

      This command is configured by default on entry-level and mid-range models (900 series and lower).

    5. On the FortiGate connector, configure the LAN extension VDOM:

      1. Go to System > VDOM and click Create New.

      2. Enter a name (lan-extvdom) and set the Type to LAN Extension.

      3. Click OK. The LAN Extension VDOM Created prompt appears.

      4. Click Go to interface list page to assign a role (LAN or WAN) and the LAN extension VDOM.

    6. On the FortiGate connector, edit port3:

      1. Set the Role to WAN.

      2. Set the Virtual domain to lan-extvdom.

      3. Click OK.

    7. On the FortiGate connector, edit port5:

      1. Set the Role to LAN.

      2. Set the Virtual domain to lan-extvdom.

      3. Click OK.

    8. On the FortiGate connector, select the LAN extension VDOM, and enter the IP address of the FortiGate controller:

      1. Go to Network > LAN Extension.

      2. Set the Access Controller (AC) address to 172.31.0.254.

      3. Click Apply.

    9. On the FortiGate controller, enable the FortiExtender feature visibility in the GUI, and authorize the FortiGate connector:

      1. Go to System > Feature Visibility. In the Additional Features section, enable FortiExtender and click Apply.

      2. Go to Network > FortiExtenders and select the Managed FortiExtenders tab.

      3. Select the device, then right-click and select Authorization > Authorize.

      4. Click OK to authorize the device.

    10. On the FortiGate controller, configure the LAN extension interface:

      1. Go to Network > Interfaces and edit the LAN extension interface.

      2. Set the Addressing mode to IPAM and set When to use IPAM to Inherit IPAM auto-manage settings (default).

      3. Enable DHCP Server, and configure the settings as needed (see DHCP servers and relays for more information).

      4. Click OK.

    11. On the FortiGate controller, configure the default gateway:

      1. Go to Network > Static Routes and edit the default gateway settings to specify the correct internet gateway address and WAN interface.

      2. Set the Gateway Address to 172.16.200.254.

      3. Set the Interface to mgmt.

      4. Click OK.

    12. On the FortiGate controller, configure the firewall policy to allow traffic to pass:

      1. Go to Policy & Objects > Firewall Policy and click Create New.

      2. Set the Incoming Interface to the LAN extension interface.

      3. Configure the other settings as needed.

      4. Click OK.

    13. On the FortiGate connector, verify that the LAN extension is connected:

      1. Go to Network > LAN Extension.

      2. Verify that the Status is Connected.

    Previous
    Next