Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

FortiExtender LAN Extension policy not allowing internet access



Tried to make subject as clear as possible.


I have a FortiExtender FEX 101F. I connected it to FortiGate 80F to authorize it and setup a LAN Extension profile. Once setup, I could see the VPN connected and working as a result of the policy creation. 


However, once I disconnected local LAN connection between the FEX and FGT  to operate the FEX standalone, the VPN stopped working.


Upon further inspection, I also noticed the primary lte connection was no longer passing data. To confirm this was not an lte issue, I reset the FEX and the lte interface worked as expected. 


In the UI firewall policy, all I see is the default outbound profile.


However, if I check the references for the lte interface, I see the following. 



Seems something was not set properly on the initial creation of the profile but hoping its just a matter of modifying this policy. 


I have been at this for a couple of weeks now so any assistance would be greatly appreciated.


The goal is the FEX will be at a remote site and will connect back to the FGT over VPN so that traffic can pass between both internal networks. 

New Contributor III

I think the problem is related to the policy configuration on your FortiGate 80F. You need to ensure that your firewall policies are configured correctly to handle traffic passing through the VPN connection from FortiExtender.
You must configure firewall policies to allow traffic between internal networks and ensure that traffic from FortiExtender is properly routed through the VPN tunnel. Ensure that IPsec routes and policies are configured correctly on your FortiGate.


What's the difference between a LAN connection and an LTE connection between FEX and FGT?

The LTE connection will come in via the WAN interface and the VPN will have to be accessed via a public IP or an FQDN. Thus, both the setup on the FEX and the policies on the FGT will change.

It just isn't the same setup anymore.


I'd rework the network plan, have a deep look into the Handbook or Cookbook (if any), and start fresh.


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
New Contributor

So what would really be helpful for me is finding anyone who has setup these FortiExtender for remote branches connecting back to a Fortigate over VPN. 


Hi @JohnStep,


If FEX is at a remote site, you need to configure it to communicate with FortiGate's public IP. Please refer to



Top Kudoed Authors