Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
17g
New Contributor

Fortigate - Initial 4G remote config until shipped to remote site

Hi All

 

I have a question surrounding making the process of onboarding/migrating new acquisition offices to our infrastructure more efficient.

 

What we currently do:

Historically, I organise delivery of a Fortigate, Server (Domain Controller), switch, Unifi AP etc. Then, the weekend of the migration date, me and my team go over there and setup Fortigate (Mesh site to site VPNs, UTM, access rules etc). Promote server to DC (DHCP, DNS, WSUS, Print, MDT etc), Configure switch VLANS and setup Unifi AP. This is always a major rush and inevitably involves late night/s and troubleshooting issues.

 

What I want to do:

What I want to do to eliminate this is get all the kit sent to my house (I WFH) and get the Fortigate connected on 4G and do the complete config ahead of time. Then all I have to do on migration weekend is physically rack the equipment and change the WAN IP.

 

I have looked at 4G modems compatible with the USB interface on a 60E for example and the official compatibility list doesn’t look current or even UK available. I have now started looking at a FortiExtender and this looks like it will do a job. What I want to know is using the Extender as a WAN port for initial config, I would then need to ‘unpick’ all my FortiExtender interface references and change to WAN1 – Access rules, VPNs etc when physically onsite at the new location/leased line. Whilst this isn’t a major problem, I would like to avoid it if possible. I was thinking perhaps I could make a redundant interface using WAN1 and the FortiExtender and reference in all my rules? Would that work? Or is there an even cleaner way of doing it? Can the Fortigate WAN port patch into the LAN port on the extender for example

Any guidance would be greatly appreciated.

 

 

1 REPLY 1
Jordan_Thompson_FTNT

You could put the FortiExtender interface into SD-WAN with your WAN port. Then, if the Extender is online, it can act as a backup link. If not, you can use the WAN port as your primary WAN link.

Labels
Top Kudoed Authors