Description
This article describes how to configure a managed FortiExtender on legacy FortiOS (in this case, the FortiExtender-20B managed by FortiOS v5.2).
Important: This article is now considered legacy, with the FortiOS version and the FortiExtender configuration steps no longer being relevant for modern FortiOS. Refer to the following Documentation links for up-to-date information regarding FortiGate/FortiExtender setup (this document will be retained for historical purposes only):
Scope
FortiOS v5.2.3, FortiExtender firmware version 2.0.1 build 0009, and TP-Link MA260 have been used to produce this article.
Solution
Before starting, it is recommended to have a SIM card with no PIN assigned for initial configuration to avoid an issue during first-time setup. A smartphone or tablet with a SIM slot may be used to remove this PIN. It is also recommended to use a 3ft long USB extension cable to connect the USB 3G/LTE Modem to the FortiExtender (for further improving signal integrity/strength).
Configuration Steps:
Connect the FortiExtender to an available interface on the FortiGate (if using a PoE injector or a standalone power supply for the FortiExtender). Alternatively, connect the unit to a PoE-capable switch that is downstream of the FortiGate. The FortiGate interface that will be communicating with the FortiExtender must have the Addressing mode set to Dedicated to FortiAP.
In FortiGate CLI, enable the FortiExtender and wireless-controller functionality:
config system global
set fortiextender enable
set wireless-controller enable
end
After enabling these options, a new option in the GUI will be available under Network -> FortiExtender. Navigate to this section to authorize the newly-connected FortiExtender unit.
Once the FortiExtender is authorized, 3G/LTE connection parameters can be configured based on the requirements of the cellular ISP. Select the Configure Settings button to set these parameters.
For reference, the following are example configurations for two EMEA-based cellular providers:
Vodafone-Spain Parameters:
APN : ac.vodafone.es
User : vodafone
Password : vodafone
Phone number: *99***1#
User : vodafone
Password : vodafone
Phone number: *99***1#
Movistar-Spain Parameters:
APN : movistar.es
User : MOVISTAR
Password : MOVISTAR
Phone number: *99***1#
User : MOVISTAR
Password : MOVISTAR
Phone number: *99***1#
The parameters for the carrier settings should be entered as shown below:
By default, the 3G/LTE modem is configured with 'Always connect'. If the configuration is changed to 'On Demand', then the following FortiGate CLI command must be executed to manually bring up the cellular connection:
By default, the 3G/LTE modem is configured with 'Always connect'. If the configuration is changed to 'On Demand', then the following FortiGate CLI command must be executed to manually bring up the cellular connection:
execute extender dial <FortiExtender_serial_number>
To allow access to the Internet via the FortiExtender's modem, create a Firewall Policy with the outgoing interface set to FEXT-WAN1. To access the FortiExtender directly via the management IP, create a Firewall Policy that allows traffic from the local LAN interface (where the management workstation is located) to the FortiGate interface used to manage the FortiExtender. HTTP access to the FortiExtender will be allowed by default, using the next credentials: admin/admin.
