vaggarwal_FTNT

Description

How to configure FortiGate to support a FortiExtender and subsequently verify modem functionality.

 


Solution

Configure FortiExtender

1.  Enable the FortiExtender module from CLI

config system global
(global) # set fortiextender enable
(global) # get | grep extender
fortiextender-data-port: 25246
fortiextender          : enable
(global) # end

2. Dedicate an interface to the FortiAP/FortiExtender. This enables CAPWAP and DHCP server on the interface by default

Alternatively, you can manually configure IP, Admin Access with CAPWAP, and DHCP Server 

 

3. Power on and Connect the FortiExtender

4. From System->Network->FortiExtender, it will discover a FortiExtender. Click to Authorize. 

5. Configure FortiExtender Roles

When there are 2 FortiExtenders connected, one can function as a standby for the other.
In this case, make one Primary and the other Secondary.

Otherwise, you can leave the ‘role’ as None.

config extender-controller extender
(extender) # edit "FX100B..."
(FX100B...) # set role ?  {none| primary | secondary}
(FX100B...) # end

6. The FortiExtender has 2 modes – Standalone or Redundant.

config extender-controller extender
(extender) # edit "FX100B..."
(FX100B...) # set mode ? {Standalone| Redundant}
(FX100B...) # end

7. A fortiextender can have 3 possible admin statuses:

config extender-controller extender

(extender) # edit "FX100B..."

(FX100B...) # set admin ?

disable : AC is configured to not provide service to this Fortiextender
Discovered : Fortiextender discovered through discovery or join request message
enable : AC is configured to provide service to this Fortiextender }

(FX100B...) # end 

8. Link status

Link status can be either up or down. This indicates whether the CAPWAP tunnel between the Controller (FortiGate) and the FortiExtender is established or not. While the status is up, you can click [Details] to view the detail system status of the FortiExtender 

9.  Additional Modem configuration

Additional Modem configuration can be set on the FortiExtender Configuration page. Click Configure Settings to open. The same configuration options are available from CLI

10. config extender-controller extender

For some modems, the APN setting needs to be defined in order for connection to work.

(extender) # edit "FX100B..."
(FX100B...) # set access-point-name <apn-name>
(FX100B...) # end

11. To manually dial out and hang up, use these commands:

# exec extender ?

12. After a FortiExtender is Authorized, the controller automatically creates an interface “fext-wan”

config extender-controller extender
   
edit "FX100B...."
       
set admin enable
       set ifname "fext-wan1"
   
next
end

Verify FortiExtender and Modem Functionality

13. Interfaces Page

This interface is displayed on the System->Network->Interfaces page. Notice the IP/Netmask corresponds to the public IP the FortiExtender received from the ISP, and NOT the IP used in the CAPWAP tunnel. 

14. "diagnose extender atcmd <command> <Marker> <SNo>"

Used to execute the at command on the fortiextender.

The <command> specifies the at_command to be executed. The <Marker> specifies the string used to specify the "?" in the atcommand as the fortigate CLI does not accept the "?". Most of the at commands have "?". The Marker string pattern is replaced with "?" in the atcommand string in the cli back end.

15. Diagnose modem with standard/generic/predefined AT commands

Detail: "diagnose extender cmd <Integer>" The integer can be anything from 1-5. This executes the specific at commands based

on the information below :

1. Show device info
2. Show data session connection status
3. Test connection
4. Test disconnection
5. Get signal strength

16. FortiExtender Status

We can get the detailed modem status connected to FortiExtender with the command : "get extender modem status <s.no>"

Example below

FG10CH3G11602779 # get extender modem-status FX100B3X13xxxxxx

17. FortiExtender system information

Detail: We can get FortiExtender system information from the command : "get extender sys-info <s.no> "

Example below.

FG10CH3G11602779 # get extender sys-info FX100B3X13xxxxxx



Contributors