Connecting a FortiExtender to FortiSASE using alternative connection methods

You can connect a FortiExtender to FortiSASE using alternative connection methods, namely via the FortiExtender GUI or CLI.

For ease of configuration, following the steps in Connecting FortiExtender to FortiSASE using FortiZTP is recommended. As a reference, this section describes alternative connection methods other than using FortiZTP.

Before using the FortiExtender GUI or CLI steps, you must obtain the FortiSASE domain name from FortiSASE.

To obtain the FortiSASE domain name from FortiSASE:

1. Go to Configuration > VPN User SSO.
2. View the URL in the Base URL field and note the FortiSASE domain name after the https:// string. In the example, the FortiSASE domain name is turbo-a1p0hv3p.edge.prod.fortisase.com.

   

To connect a FortiExtender to FortiSASE via the GUI:

1. Log in to the FortiExtender GUI.

2. Go to Settings > Management.

3. Beside Management Setup, click the pencil icon to edit these settings and configure the following settings:

   1. Controller: fortigate

   2. Discovery Type: static

   3. Discovery Interface: <interface connected to the internet>

   4. For Static Access Control Address, click the pencil icon next to ID 1 to edit this entry. Enter Server: <FortiSASE domain name here from Connect FEXTs dialog>. Click Save.

4. Click Save.

5. Click OK in the dialog to have changes take effect and reboot the FortiExtender.

   

6. To confirm the FortiExtender's connection to FortiSASE, log in to the FortiExtender GUI and go to Dashboard. Under Controller Information, confirm that FGT IP is non-zero, and Status is Connected.

   

To connect a FortiExtender to FortiSASE via the CLI:

The following commands are adapted from FortiExtender LAN extension in public cloud FGT-VM.

1. Connect FortiExtender to FortiSASE:

   config system management 
     set discovery-type fortigate
     config fortigate
       set ac-discovery-type static
       config static-ac-addr
         edit 1
           set server <FortiSASE domain name here from Connect FEXTs dialog>
         next
       end
       set discovery-intf port1
     end
   end
   

2. To confirm the FortiExtender's connection to FortiSASE, run the get extender status command in the FortiExtender CLI. Confirm that controller-addr is non-zero and management-state is CWWS_RUN. The following shows sample output:

   FX200FXXXXXXXXXX # get extender status 
   Extender Status
       name                 : FX200FXXXXXXXXXX
       mode                 : CAPWAP
       fext-addr            : 172.XX.XXX.XXX
       ingress-intf         : port1
       controller-addr      : 206.XX.XXX.XXX:5246 
       controller-name      : FGXXXXXXXXXXXXXX
       uptime               : 0 days, 1 hours, 18 minutes, 31 seconds
       management-state     : CWWS_RUN
       base-mac             : AA:BB:CC:11:22:33
       network-mode         : lan-extension
       fgt-backup-mode      : backup
       discovery-type       : static
       discovery-interval   : 5
       echo-interval        : 30
       report-interval      : 30
       statistics-interval  : 120
       mdm-fw-server        : fortiextender-firmware.forticloud.com
       os-fw-server         : fortiextender-firmware.forticloud.com