Description
This article describes how to configure FortiExtender (FEX) WAN-Extension (CAPWAP mode) with FortiGate.
Scope
For FortiExtender v7.2.0 build0113, FortiGate v7.2.0 build1157.
FortiExtender Port4 is directly connected to the wan2 interface on FortiGate.
Solution
1) On FortiGate, create a wan2 interface & configure an IP address 192.168.2.99 with a DHCP server running on it and allow Security Fabric connection traffic.
2) Create a FortiExtender WAN Extension interface. Let's call it FEX-WAN-511F.
3) The FortiExtender interface port4 connected to wan2 will get an IP from FortiGate that is 192.168.2.98.
4) On FortiExtender GUI - Navigate to Setting -> Management, set Controller: FortiGate, Discovery Type: static, Discovery Interface: port4, and create Static Access Control Address with the server: 192.168.2.99.
5) To Authorize FortiExtender on FortiGate GUI - Navigate to Network -> FortiExtender, and wait for the FortiExtender to be discovered by FortiGate and then Authorize FortiExtender with mode: WAN extension, Modem 1 Interface: FEX-WAN-511F.
6) Wait for some minutes, FortiExtender may need to reboot if the mode was changed from nat to ip-passthrough.
7) After the WAN extension tunnel was set up, check the status from FortiExtender GUI - Dashboard, Controller Infomation should be: FortiGate, with Status: Connected, and Mode is: FortiGate (ip-passthrough (capwap)).
8) WAN Extension status can be found from FortiExtender CLI also, by running the below command:
# get extender status
9) Now when the FortiExtender modem is connected to the Internet, the FortiGate interface FEX-WAN-511F will get the same IP address as the FortiExtender LTE interface.
10) On FortiGate, after configuring the correct firewall policy, the client behind FortiGate can go to the internet via the FEX-WAN-511F interface.
