Created on 02-10-2015 03:30 PM Edited on 05-26-2022 09:39 AM By Anonymous
Description
How to configure FortiGate to support a FortiExtender and subsequently verify modem functionality.
Solution
1. Enable the FortiExtender module from CLI
config system global
(global) # set fortiextender enable
(global) # get | grep extender
fortiextender-data-port: 25246
fortiextender : enable
(global) # end
2. Dedicate an interface to the FortiAP/FortiExtender. This enables CAPWAP and DHCP server on the interface by default
Alternatively, you can manually configure IP, Admin Access with CAPWAP, and DHCP Server
3. Power on and Connect the FortiExtender
4. From System->Network->FortiExtender, it will discover a FortiExtender. Click to Authorize.
5. Configure FortiExtender Roles
When there are 2 FortiExtenders connected, one can function as a standby for the other.
In this case, make one Primary and the other Secondary.
Otherwise, you can leave the ‘role’ as None.
config extender-controller extender
(extender) # edit "FX100B..."
(FX100B...) # set role ? {none| primary | secondary}
(FX100B...) # end
6. The FortiExtender has 2 modes – Standalone or Redundant.
config extender-controller extender
(extender) # edit "FX100B..."
(FX100B...) # set mode ? {Standalone| Redundant}
(FX100B...) # end
7. A fortiextender can have 3 possible admin statuses:
config extender-controller extender
(extender) # edit "FX100B..."
(FX100B...) # set admin ?
disable : AC is configured to not provide service to this Fortiextender
Discovered : Fortiextender discovered through discovery or join request message
enable : AC is configured to provide service to this Fortiextender }
(FX100B...) # end
8. Link status
Link status can be either up or down. This indicates whether the CAPWAP tunnel between the Controller (FortiGate) and the FortiExtender is established or not. While the status is up, you can click [Details] to view the detail system status of the FortiExtender
9. Additional Modem configuration
Additional Modem configuration can be set on the FortiExtender Configuration page. Click Configure Settings to open. The same configuration options are available from CLI
10. config extender-controller extender
For some modems, the APN setting needs to be defined in order for connection to work.
(extender) # edit "FX100B..."
(FX100B...) # set access-point-name <apn-name>
(FX100B...) # end
11. To manually dial out and hang up, use these commands:
# exec extender ?
12. After a FortiExtender is Authorized, the controller automatically creates an interface “fext-wan”
config extender-controller extender
edit "FX100B...."
set admin enable
set ifname "fext-wan1"
next
end
13. Interfaces Page
This interface is displayed on the System->Network->Interfaces page. Notice the IP/Netmask corresponds to the public IP the FortiExtender received from the ISP, and NOT the IP used in the CAPWAP tunnel.
14. "diagnose extender atcmd <command> <Marker> <SNo>"
Used to execute the at command on the fortiextender.
The <command> specifies the at_command to be executed. The <Marker> specifies the string used to specify the "?" in the atcommand as the fortigate CLI does not accept the "?". Most of the at commands have "?". The Marker string pattern is replaced with "?" in the atcommand string in the cli back end.
15. Diagnose modem with standard/generic/predefined AT commands
Detail: "diagnose extender cmd <Integer>" The integer can be anything from 1-5. This executes the specific at commands based
on the information below :
1. Show device info
2. Show data session connection status
3. Test connection
4. Test disconnection
5. Get signal strength
16. FortiExtender Status
We can get the detailed modem status connected to FortiExtender with the command : "get extender modem status <s.no>"
Example below
FG10CH3G11602779 # get extender modem-status FX100B3X13xxxxxx
17. FortiExtender system information
Detail: We can get FortiExtender system information from the command : "get extender sys-info <s.no> "
Example below.
FG10CH3G11602779 # get extender sys-info FX100B3X13xxxxxx
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.