Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lior
New Contributor III

Created on ‎05-12-2023 10:31 PM

FortiExtender WAN/LAN Extentition mode

Hi,

I'm struggling to understand/choose how to setup a new FortiExtender 201E.

My setup is FortiWifi -> FortiSwitch (POE) -> FortiExtender.

The Fortiextender is connected by port4 (which is the only poe on it) to the Fortiswitch on a vlan with fabric connect enabled.

I don't fully understand which extension is better when i create the Fortiextender on the FortiGate and what are the differences between WAN or LAN extension mode.

Additionally, i read that the Fortiextender has a vlan mode and i see mine is set to CAPWAP mode (i did enable extender vlan mode on the FortiGate)

Any advice would be appreciated,

Lior.

Labels:
1410
0 Kudos
8 REPLIES 8
Anthony_E
Community Manager
Community Manager

Created on ‎05-15-2023 09:25 PM

Hello Lior,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
1380
0 Kudos
gfleming
Staff
Staff

Created on ‎05-16-2023 02:25 PM

First of all, let's start with what you're trying to accomplish with your FortiExtender?

Are you trying to use it for LTE link on your FortiGate (so WAN extension)?

Or are you trying to use it in tandem with FortiGate LAN extension functionality?

 

HEre are some relevant docs which may help you:

https://docs.fortinet.com/document/fortiextender/7.4.0/admin-guide-fgt-managed/201700/connect-to-for...

https://docs.fortinet.com/document/fortiextender/7.4.0/admin-guide-fgt-managed/618684/vlan-mode

https://docs.fortinet.com/document/fortiextender/7.4.0/admin-guide-fgt-managed/569564/fortiextender-...

 

Cheers,
Graham
1367
lior
New Contributor III
In response to gfleming

Created on ‎05-17-2023 01:58 AM Edited on ‎05-17-2023 01:59 AM

Thanks for the reply.

Kept reading and understood the WAN/LAN extension.

 

Managed to Set my FortiExtender in WAN mode with Capwap protocol (vlan mode didn't work)

trying to understand how to set the sdwan rules so it will always be on wan1 and failover to the FortiExplorer interface only when its down/not responsive and go back to WAN1 when it loads back up...

 

Thanks,

Lior.

1359
0 Kudos
gfleming
Staff
Staff
In response to lior

Created on ‎05-17-2023 09:27 AM

That's a simple SD-WAN rule using Manual strategy with WAN1 set as preferred and Extender as backup.

 

https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/723448/manual-strategy

Cheers,
Graham
1326
lior
New Contributor III
In response to gfleming

Created on ‎05-18-2023 12:24 AM

Great, Thank you! :)

 

Do i need to set Performance SLAs too or is it optional?

Lets say my ISP connection is dead but i do have a link because i have converter from fiber to ethernet (so link is always up although there is no real data), how does it know my link is down?

 

Thanks,

Lior

1323
0 Kudos
gfleming
Staff
Staff
In response to lior

Created on ‎05-18-2023 08:25 AM

In this case it's probably a good idea to set up a couple health checks for that link

Cheers,
Graham
1316
lior
New Contributor III
In response to gfleming

Created on ‎05-23-2023 01:02 AM

Hi, Thanks.

I've set up an health check on my wan1 (fiber).

I made a test, started pinging 1.1.1.1 and went to take the fiber out, it jumped to the Fortiextender as expected and worked perfectly.

I then took the fiber back in, pings (active connections i guess) stayed on the Fortiextender and didn't jump back to the fiber (wan1)

how do i make it move active connections back to wan1 and not leave them on the Fortiextender?

pings i started before the disconnection moved to the fortiextender and were on over 100ms, when i connected the fiber back they stayed over 100ms while a new ping i started went down to 1ms on the fiber...

Thanks,

Lior.

1288
gfleming
Staff
Staff
In response to lior

Created on ‎05-23-2023 12:35 PM Edited on ‎05-23-2023 12:36 PM

by default existing sessions will stay on the link even if the failback occurs to fiber.

 

as you noted new pings went over fiber.

 

you can make sure all existing sessions will failback to the fiber link by issuing this command:

config system global
    set snat-route-change enable

Cheers,
Graham
1274
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.