Connecting a FortiExtender to FortiSASE using alternative connection methods
You can connect a FortiExtender to FortiSASE using alternative connection methods, namely via the FortiExtender GUI or CLI.
For ease of configuration, following the steps in Connecting FortiExtender to FortiSASE using FortiZTP is recommended. As a reference, this section describes alternative connection methods other than using FortiZTP. |
Before using the FortiExtender GUI or CLI steps, you must obtain the FortiSASE domain name from FortiSASE.
To obtain the FortiSASE domain name from FortiSASE:
- Go to Configuration > VPN User SSO.
- View the URL in the Base URL field and note the FortiSASE domain name after the https:// string. In the example, the FortiSASE domain name is turbo-a1p0hv3p.edge.prod.fortisase.com.
To connect a FortiExtender to FortiSASE via the GUI:
-
Log in to the FortiExtender GUI.
-
Go to Settings > Management.
-
Beside Management Setup, click the pencil icon to edit these settings and configure the following settings:
-
Controller: fortigate
-
Discovery Type: static
-
Discovery Interface: <interface connected to the internet>
-
For Static Access Control Address, click the pencil icon next to ID 1 to edit this entry. Enter Server: <FortiSASE domain name here from Connect FEXTs dialog>. Click Save.
-
-
Click Save.
- Click OK in the dialog to have changes take effect and reboot the FortiExtender.
-
To confirm the FortiExtender's connection to FortiSASE, log in to the FortiExtender GUI and go to Dashboard. Under Controller Information, confirm that FGT IP is non-zero, and Status is Connected.
To connect a FortiExtender to FortiSASE via the CLI:
The following commands are adapted from FortiExtender LAN extension in public cloud FGT-VM.
- Connect FortiExtender to FortiSASE:
config system management set discovery-type fortigate config fortigate set ac-discovery-type static config static-ac-addr edit 1 set server <FortiSASE domain name here from Connect FEXTs dialog> next end set discovery-intf port1 end end
- To confirm the FortiExtender's connection to FortiSASE, run the
get extender status
command in the FortiExtender CLI. Confirm thatcontroller-addr
is non-zero andmanagement-state
isCWWS_RUN
. The following shows sample output:FX200FXXXXXXXXXX # get extender status Extender Status name : FX200FXXXXXXXXXX mode : CAPWAP fext-addr : 172.XX.XXX.XXX ingress-intf : port1 controller-addr : 206.XX.XXX.XXX:5246 controller-name : FGXXXXXXXXXXXXXX uptime : 0 days, 1 hours, 18 minutes, 31 seconds management-state : CWWS_RUN base-mac : AA:BB:CC:11:22:33 network-mode : lan-extension fgt-backup-mode : backup discovery-type : static discovery-interval : 5 echo-interval : 30 report-interval : 30 statistics-interval : 120 mdm-fw-server : fortiextender-firmware.forticloud.com os-fw-server : fortiextender-firmware.forticloud.com