Help
FortiExtender
FortiExtender offers wireless connectivity for nearly any operational network.
wdarren
Staff
Staff

Created on ‎06-22-2022 12:58 PM Edited on ‎07-12-2024 12:30 AM By Moderator

Article Id 215494

Technical Tip: How to setup FortiExtender WAN-Extension (CAPWAP mode) with FortiGate

Description


This article describes how to configure FortiExtender (FEX) WAN-Extension (CAPWAP mode) with FortiGate.


Scope


FortiExtender v7.2.0 build0113, FortiGate v7.2.0 build1157.
FortiExtender Port4 is directly connected to the wan2 interface on FortiGate.

 

Solution

 

  1. On FortiGate, create a wan2 interface & configure an IP address 192.168.2.99 with a DHCP server running on it and allow Security Fabric connection traffic.
  2. Create a FortiExtender WAN Extension interface. Let's call it FEX-WAN-511F.

 

Create new interface.jpg

 

Create new interface-2.jpg

 

  1. The FortiExtender interface port4 connected to wan2 will get an IP from FortiGate that is 192.168.2.98.
  2. On FortiExtender GUI - Navigate to Setting -> Management, set Controller: FortiGate, Discovery Type: static, Discovery Interface: port4, and create Static Access Control Address with the server: 192.168.2.99.

 

FEX.jpg

 

  1. To Authorize FortiExtender on FortiGate GUI - Navigate to Network -> FortiExtenders, and wait for the FortiExtender to be discovered by FortiGate and then select it and under the Authorization drop-down select  Authorize. Wait for the status to become online. Make sure the Modem 1 Interface is selected under the WAN Extension with the extender interface that was created previously, see the last screenshot below.

image.png

 

image.png

 

image.png

 

  1. Wait for some minutes, FortiExtender may need to reboot if the mode was changed from nat to ip-passthrough.
  2. After the WAN extension tunnel is set up, the services like HTTPS, SSH, and Ping need to be enabled, then login GUI to check the status from FortiExtender GUI - Dashboard, Controller Infomation should be: FortiGate, with Status: Connected, and Mode is: FortiGate (ip-passthrough (capwap)).

 

FEX-FTG.jpg

  1. WAN Extension status can be found from FortiExtender CLI also, by running the below command:

get extender status

 

CLI.jpg

 

  1. When the FortiExtender modem is connected to the Internet, the FortiGate interface FEX-WAN-511F will get the same IP address as the FortiExtender LTE interface.

 

im2.PNG

 

  1. On FortiGate, after configuring the correct firewall policy, the client behind FortiGate can go to the internet via the FEX-WAN-511F interface.
Labels:
11240
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.