Troubleshooting Tip: Pushing configuration from FortiEdge Cloud to the FortiExtender

ibasha · ‎12-30-2024

Description

This article describes how to validate if the configuration is inherited from the FortiEdge Cloud to the FortiExtender

Scope

FortiExtender 1xx, 2xx, 5xx and 3xx series model.

Solution

Login into the FortiEdge Cloud and CLI access to the FortiExtender
Configure the FortiExtender profile from the FortiEdge Cloud or any firewall rule from the profile.
Run the below command from the FortiExtender CLI:

execute debug EXTD state on
execute debug EXTD ac_disc on
execute debug EXTD event on
execute debug EXTD info on
execute debug log-to-console on

Validate the below configuration on the FortiExtender CLI:

[1735181046]EXTD :cloud :json_print:64 : | JSON: {

"payload": {

"account": 149945,

"profile": {

"firewall": {

"policy": [

{

"Test- VPN-Out": {

"action": "accept",

"dnat": "disable",

"dstaddr": [

"firewall-0-0-dst"

],

"dstintf": "lte1-p1-1",

"nat": "disable",

"service": [],

"srcaddr": [

"firewall-0-0-src"

],

"srcintf": "lan",

"status": "enable",

"vip": ""

}

},

{

"Test-VPN-IN": {

"action": "accept",

"dnat": "disable",

"dstaddr": [

"firewall-2-0-dst"

],

"dstintf": "lan",

"nat": "disable",

"service": [],

"srcaddr": [

"firewall-2-0-src"

],

"srcintf": "lte1-p1-1",

"status": "enable",

"vip": ""

}

},

{

"all-pass": {

"action": "accept",

"dnat": "disable",

"dstaddr": [

"all"

],

"dstintf": "any",

"nat": "enable",

"service": [],

"srcaddr": [

"lan-src"

],

"srcintf": "any",

"status": "enable"

}

],

"vip": {}

},

"header": {

"version": {

"carrier": "FEM_EM06E-22.2.2|bcf811",

"certificate": 3876258,

"config": 14676382,

"simmap": "ff95ba"

}

"lte": {

"plan": {

"default": {

"auth": "none",

"billing-date": 1,

"capacity": 102400000,

"carrier": "Test.in",

"modem": "modem1",

"monthly-fee": 0,

"overage": "disable",

"pooled": "disable",

"signal-period": 3600,

"signal-threshold": -100,

"slot": "sim1",

"type": "by-default"

}

},

"setting": {

"controller-report": {

"interval": 300,

"signal-threshold": 10,

"status": "enable"

},

"modem1": {

"active-gps-antenna": "enable",

"auto-switch": {

"by-data-plan": "disable",

"by-disconnect": "disable",

"by-signal": "disable",

"disconnect-period": 600,

"disconnect-threshold": 3,

"switch-back": [],

"switch-back-by-time": "00:01",

"switch-back-by-timer": 86400,

"switch-back-time": "00:01",

"switch-back-timer": 86400

},

"default-sim": "sim1",

"gps": "enable",

"preferred-carrier": "Telstra",

"sim1-pin": "disable",

"sim2-pin": "disable"

}

Plan ‘default’ and ‘Firewall rule’ have been pushed from the FortiEdge Cloud and disable the debug once done:

execute debug log-to-console off

execute debug clear

Troubleshooting Tip: Pushing configuration from FortiEdge Cloud to the FortiExtender

You are leaving our website