Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
avinash_v
Staff
Staff

Created on ‎08-26-2025 04:32 AM Edited on ‎08-26-2025 04:34 AM By Community Manager

Article Id 407772

Troubleshooting Tip: Reboot of FortiExtender-200F causes outage

Description This article describes an issue where a reboot of FortiExtender-200F causes an outage
Scope FortiExtender.
Solution

After a FortiExtender reboot, or a brief WAN outage on the FortiExtender, and when the WAN connection is restored, the Wired LAN Users connected to the FortiExtender LAN ports can exhibit the following issues:

  • The client machine, on the LAN port of FortiExtender, gets an IP address from the FortiExtender Internal DHCP Server after FortiExtender reboot. And the client retains the same IP address even after restoring the LAN-Extension connection with FortiGate.
  • After unplugging and plugging the Client machine from the FortiExtender LAN port, the client then gets the correct IP address from the FortiGate LAN-Extension DHCP scope; however, the Client cannot reach the Internet.
  • The first two pings to 8.8.8.8 work fine, but thereafter, Internet traffic does not work. The Firewall policy is in place to allow traffic from the LAN Extension to the WAN.

 

Summary:

  • When the FortiExtender undergoes a reboot, it takes approximately 2-3 minutes to re-establish the CAPWAP LAN-Extension Tunnel with FortiGate, during which time the FortiExtender automatically activates its Internal DHCP Server (192.168.200.X), allowing LAN users to receive an IP address from the FortiExtender Internal DHCP range 192.168.200.X. Once the CAPWAP (LAN-Extension) Tunnel is successfully established with FortiGate, the FortiExtender automatically turns off the Internal DHCP (192.168.200.X), but the LAN User continuous to retain the previously assigned IP address (192.168.200.83) until the LAN device is disconnected and reconnected to the FortiExtender LAN port. After that, the LAN User will obtain the correct IP address from the FortiGate LAN-Extension DHCP scope; however, they are unable to access the Internet.
  • The above behavior is noticed after FortiExtender hard reboot and graceful reboot cases, and also during FortiExtender WAN outages.

 

Workaround:

  • Disable/Enable the LAN Extension interface on the FortiGate, sometimes restores Internet connection on the FortiExtender LAN Users
  • Power off the FortiExtender device for 30 minutes and then power it back on, or disable/enable the FortiGate LAN-Extension interface, and then the above DHCP and Network connectivity issues go away.
153
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.