| Description | This article describes a known behavior where a new IPsec tunnel interface named fext-ipsec-wMEO is added to the FortiGate right after a new FortiExtender is connected for management. |
| Scope | FortiGate, FortiExtender. |
| Solution |
After a FortiExtender is authorized and connected to the FortiGate for management, new FortiExtender profiles for LAN extension and WAN extension functionality are automatically created based on the FortiExtender model (in this example, a FortiExtender-201E has been recently authorized and connected):
In addition to these new profiles, administrators will find that a new IPsec VPN tunnel named 'fext-ipsec-wMEO' is automatically added to the FortiGate, along with a corresponding Firewall Policy:
 New VPN Tunnel entry added under VPN -> VPN Tunnels
This IPsec tunnel interface is automatically added as part of the default LAN extension profile, which in this example is 'FX201E-lanext-default'. Notably, this VPN tunnel cannot be directly removed and receives an automatically-assigned IP address that could potentially conflict with existing configurations. For more information on LAN extension mode for Managed FortiExtenders, refer to the following documentation: FortiExtender as FortiGate LAN extension.
Administrators who are not implementing LAN Extension mode with the FortiExtender can consider deleting the newly-added default profile to automatically remove the fext-ipsec-wMEO VPN tunnel, along with the associated Firewall Policy.
To delete the FortiExtender profile, navigate to Network -> FortiExtenders, select the Profiles tab, then select the lanext-default profile and select the Delete button. Alternatively, the profile may be deleted in the CLI under config extension-controller extender-profile
FortiGate # config extension-controller extender-profil FortiGate (extender-profile) # delete FX201E-lanext-default FortiGate # end
Related documents: FortiExtender and FortiGate integration |
