Fortinet black logo

Admin Guide (FGT-Managed)

Home FortiExtender 7.2.5 Admin Guide (FGT-Managed)
7.2.5
7.4.4
7.4.1
7.4.0
7.2.5
7.2.0
7.0.3
7.0.2
7.0.1

FortiExtender as FortiGate WAN extension

FortiExtender as FortiGate WAN extension

FortiExtender can work as an extended WAN interface of FortiGate. In this scenario, the FortiGate manages the FortiExtender over the Control and Provisioning of Wireless Access Points (CAPWAP) protocol in IP pass-through mode. Unlike the standalone 3G/4G/5G wireless WAN extender, the FortiGate-managed FortiExtender integrates directly into the FortiGate Connected UTM (Unified Threat Management) and is managed from the familiar FortiOS interface. This not only enables security policies to be seamlessly applied to the FortiExtender, but also provides visibility to the performance and data usage of the connection.

In WAN extension mode, you can connect one FortiExtender to two FortiGates for a high availability (HA) configuration in active-passive deployment or two FortiExtenders to two FortiGates in active-active deployment to provide dual active redundancy for wireless WAN access.

The FortiExtender and the FortiGate share the same LTE IP in WAN-extension mode. In pre-4.2.2 releases, FortiExtender does not allow access to SSH/HTTPS/HTTP/Telnet service via the LTE interface, so all the traffic to those default services goes to FortiGate. FortiExtender 4.2.2 adds local SSH/HTTPS/HTTP/Telnet service support via the LTE interface. To distinguish local services from FortiGate services, you must configure the FortiExtender to use different ports. Otherwise, all traffic to these default services will be sent to the FortiExtender locally instead of the FortiGate.

To configure FortiExtender local SSH/HTTPS/HTTP/Telnet service support via the LTE interface:

config system management

config local-access

set https 22443

set ssh 2222

end

end

Previous
Next

FortiExtender as FortiGate WAN extension

FortiExtender can work as an extended WAN interface of FortiGate. In this scenario, the FortiGate manages the FortiExtender over the Control and Provisioning of Wireless Access Points (CAPWAP) protocol in IP pass-through mode. Unlike the standalone 3G/4G/5G wireless WAN extender, the FortiGate-managed FortiExtender integrates directly into the FortiGate Connected UTM (Unified Threat Management) and is managed from the familiar FortiOS interface. This not only enables security policies to be seamlessly applied to the FortiExtender, but also provides visibility to the performance and data usage of the connection.

In WAN extension mode, you can connect one FortiExtender to two FortiGates for a high availability (HA) configuration in active-passive deployment or two FortiExtenders to two FortiGates in active-active deployment to provide dual active redundancy for wireless WAN access.

The FortiExtender and the FortiGate share the same LTE IP in WAN-extension mode. In pre-4.2.2 releases, FortiExtender does not allow access to SSH/HTTPS/HTTP/Telnet service via the LTE interface, so all the traffic to those default services goes to FortiGate. FortiExtender 4.2.2 adds local SSH/HTTPS/HTTP/Telnet service support via the LTE interface. To distinguish local services from FortiGate services, you must configure the FortiExtender to use different ports. Otherwise, all traffic to these default services will be sent to the FortiExtender locally instead of the FortiGate.

To configure FortiExtender local SSH/HTTPS/HTTP/Telnet service support via the LTE interface:

config system management

config local-access

set https 22443

set ssh 2222

end

end

Previous
Next