Need Help with Fortiextender

hi,

as I am waiting for a FEX myself I can only give you some outline, but I've looked up some of the documentation  before.

The FEX is comparable to a FortiAP. Both communicate with the managing FGT via CAPWAP (tunnel) and extend the FGT's interfaces by one new interface. Thus, as most FGTs are routing, the network behind a FEX is a new subnet (like a new SSID with FAPs).

On the contrary, if you goal was to have the same subnet available on the FEX (the FEX offers a small switch for local devices), that would be difficult.

Management is done on the FGT, auto-detection, auto-authorization, there are a lot of similarities to an AP. Even physically, as the FEX supports being powered by PoE so that you can place it at a distance from the FGT, in a spot where reception is optimal.

Compared to the early models the 2022 FEX models all contain LTE/5G modems. This used to be a major obstacle with the old series where you would supply your own modems (as USB sticks). Making this pairing work was a nightmare sometimes (compatibility, upgrading firmware, switching the stick from storage device to modem etc. etc.).

HTH. I'd be happy to read about your experiences after you finally have received your FEX.

AS written: if you add a FEX and the FGT detects it via CAPWAP it will give you a new interface.

The lan  ports on the FEX behave similar to the internal ports on a FGT. Per Factory default they are one switch but you could divide them up or even attach vlans to them.

Then basically the rest is just routing on both sides. 

FGT has to know that it has to route that subnet to the FEX interface (probably with the FEX Ip as gateway)  and the FEX has to  know how to route traffic back to the FGT.

I don't use this here but what I do is e.g. I access FEXes at Shopsites from our HQ Subnet through a s2s ipsec connecting HQ and Shop FGT...