Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
makauchan
New Contributor

Need Help with Fortiextender

Hey Guys im writing a paper on fotigate for university. I wanted to connect a fortigate wuth fortiextender 200f to use it as a lan extension but the ordered fortiextender isnt coming in time So i have a question for you guys: Can you use the f200 to connect another subnet to the fortigate, like a side-side VPN Can you tell me in theory how to install the extender since i cant do it my self. Thx guys:)

192.168.0.1 router login
2 REPLIES 2
ede_pfau
Esteemed Contributor III

hi,

 

as I am waiting for a FEX myself I can only give you some outline, but I've looked up some of the documentation  before.

 

The FEX is comparable to a FortiAP. Both communicate with the managing FGT via CAPWAP (tunnel) and extend the FGT's interfaces by one new interface. Thus, as most FGTs are routing, the network behind a FEX is a new subnet (like a new SSID with FAPs).

 

On the contrary, if you goal was to have the same subnet available on the FEX (the FEX offers a small switch for local devices), that would be difficult.

 

Management is done on the FGT, auto-detection, auto-authorization, there are a lot of similarities to an AP. Even physically, as the FEX supports being powered by PoE so that you can place it at a distance from the FGT, in a spot where reception is optimal.

 

Compared to the early models the 2022 FEX models all contain LTE/5G modems. This used to be a major obstacle with the old series where you would supply your own modems (as USB sticks). Making this pairing work was a nightmare sometimes (compatibility, upgrading firmware, switching the stick from storage device to modem etc. etc.).

 

HTH. I'd be happy to read about your experiences after you finally have received your FEX.


Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
sw2090
Honored Contributor

AS written: if you add a FEX and the FGT detects it via CAPWAP it will give you a new interface.

The lan  ports on the FEX behave similar to the internal ports on a FGT. Per Factory default they are one switch but you could divide them up or even attach vlans to them.

Then basically the rest is just routing on both sides. 

FGT has to know that it has to route that subnet to the FEX interface (probably with the FEX Ip as gateway)  and the FEX has to  know how to route traffic back to the FGT.

 

I don't use this here but what I do is e.g. I access FEXes at Shopsites from our HQ Subnet through a s2s ipsec connecting HQ and Shop FGT...

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
Labels
Top Kudoed Authors