| Description | This article describes that there is a situation where it is possible to have the requirement to use a source IP in the FortiGate different from the one provided by the FortiExtender and shows the solution to fix it. It applies to ip-passthrough mode. |
| Scope |
The FortiExtender provides the LTE IP to the FortiGate to the interface connected to it. This IP will be used to go out to the Internet. It could be that the FortiGate needs to use a specific source IP to go out to the Internet, different from the LTE one, like visible in this in the picture 'public IP' (loopback or similar):
 |
| Solution |
In this case, to allow control of this source IP, use this command on the dataplan configured in the FortiExtender:
config extender-controller dataplan set private-network enable <----- next
This command allows using a source IP different from LTE provided one through the FortiExtender. If having a specific source IP for specific services (DNS, central-management, and so on), this IP could be used through the FortiExtender. If this is not enabled, the FortiExtender will block that source different IP from the LTE one.
The note on the below documentation is available from v4.2.2 and on v7.x.x: This is not very clear, but what is implicit is that traffic not using the default NAT IP (FortiExtender one) would be blocked if this private network command is not enabled. |
