Hi,
I'm struggling to understand/choose how to setup a new FortiExtender 201E.
My setup is FortiWifi -> FortiSwitch (POE) -> FortiExtender.
The Fortiextender is connected by port4 (which is the only poe on it) to the Fortiswitch on a vlan with fabric connect enabled.
I don't fully understand which extension is better when i create the Fortiextender on the FortiGate and what are the differences between WAN or LAN extension mode.
Additionally, i read that the Fortiextender has a vlan mode and i see mine is set to CAPWAP mode (i did enable extender vlan mode on the FortiGate)
Any advice would be appreciated,
Lior.
Hello Lior,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
First of all, let's start with what you're trying to accomplish with your FortiExtender?
Are you trying to use it for LTE link on your FortiGate (so WAN extension)?
Or are you trying to use it in tandem with FortiGate LAN extension functionality?
HEre are some relevant docs which may help you:
https://docs.fortinet.com/document/fortiextender/7.4.0/admin-guide-fgt-managed/618684/vlan-mode
Created on 05-17-2023 01:58 AM Edited on 05-17-2023 01:59 AM
Thanks for the reply.
Kept reading and understood the WAN/LAN extension.
Managed to Set my FortiExtender in WAN mode with Capwap protocol (vlan mode didn't work)
trying to understand how to set the sdwan rules so it will always be on wan1 and failover to the FortiExplorer interface only when its down/not responsive and go back to WAN1 when it loads back up...
Thanks,
Lior.
That's a simple SD-WAN rule using Manual strategy with WAN1 set as preferred and Extender as backup.
https://docs.fortinet.com/document/fortigate/7.2.4/administration-guide/723448/manual-strategy
Great, Thank you! :)
Do i need to set Performance SLAs too or is it optional?
Lets say my ISP connection is dead but i do have a link because i have converter from fiber to ethernet (so link is always up although there is no real data), how does it know my link is down?
Thanks,
Lior
In this case it's probably a good idea to set up a couple health checks for that link
Hi, Thanks.
I've set up an health check on my wan1 (fiber).
I made a test, started pinging 1.1.1.1 and went to take the fiber out, it jumped to the Fortiextender as expected and worked perfectly.
I then took the fiber back in, pings (active connections i guess) stayed on the Fortiextender and didn't jump back to the fiber (wan1)
how do i make it move active connections back to wan1 and not leave them on the Fortiextender?
pings i started before the disconnection moved to the fortiextender and were on over 100ms, when i connected the fiber back they stayed over 100ms while a new ping i started went down to 1ms on the fiber...
Thanks,
Lior.
by default existing sessions will stay on the link even if the failback occurs to fiber.
as you noted new pings went over fiber.
you can make sure all existing sessions will failback to the fiber link by issuing this command:
config system global
set snat-route-change enable
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.