FortiExtender offers wireless connectivity for nearly any operational network.
Article Id 215494


This article describes how to configure FortiExtender (FEX) WAN-Extension (CAPWAP mode) with FortiGate.


For FortiExtender v7.2.0 build0113, FortiGate v7.2.0 build1157.
FortiExtender Port4 is directly connected to the wan2 interface on FortiGate.



1) On FortiGate, create a wan2 interface & configure an IP address with a DHCP server running on it and allow Security Fabric connection traffic.

2) Create a FortiExtender WAN Extension interface. Let's call it FEX-WAN-511F.


Create new interface.jpg


Create new interface-2.jpg


3) The FortiExtender interface port4 connected to wan2 will get an IP from FortiGate that is

4) On FortiExtender GUI - Navigate to Setting -> Management, set Controller: FortiGate, Discovery Type: static, Discovery Interface: port4, and create Static Access Control Address with the server:




5) To Authorize FortiExtender on FortiGate GUI - Navigate to Network -> FortiExtender, and wait for the FortiExtender to be discovered by FortiGate and then Authorize FortiExtender with mode: WAN extension, Modem 1 Interface: FEX-WAN-511F.




6) Wait for some minutes, FortiExtender may need to reboot if the mode was changed from nat to ip-passthrough.

7) After the WAN extension tunnel was set up, check the status from FortiExtender GUI - Dashboard, Controller Infomation should be: FortiGate, with Status: Connected, and Mode is: FortiGate (ip-passthrough (capwap)).


8) WAN Extension status can be found from FortiExtender CLI also, by running the below command:

# get extender status




9) Now when the FortiExtender modem is connected to the Internet, the FortiGate interface FEX-WAN-511F will get the same IP address as the FortiExtender LTE interface.




10) On FortiGate, after configuring the correct firewall policy, the client behind FortiGate can go to the internet via the FEX-WAN-511F interface.