FortiExtender stops working on FortiOS 7.4.6

Magnitude_8 · ‎01-07-2025

I've discovered what looks like a bug in FortiOS 7.4.6 and am posting this in case anyone else runs into the same issue. It's not currently listed as a known issue in the release notes.

After upgrading to FortiOS 7.4.6 on our FortiGate-80F firewalls, the connected FortiExtender stops working. The FortiExtender goes offline on the FortiGate. You can't re-authenticate the FortiExtender and if you delete it you can no longer add it again. This looks like a CAPWAP bug.

This is reproduceable on FortiGate-80F firewalls and downgrading to FortiOS 7.4.5 resolves the issue. FortiGate-60F doesn't seem to be affected and I haven't tested any other models.

I've logged a case with Fortinet so hopefully it appears as a known issue soon.

Jean-Philippe_P · ‎01-10-2025

Hello Magnitude_8,

Thanks for the information, I think it will be useful for a lot of people!

Jean-Philippe - Fortinet Community Team

Magnitude_8 · ‎01-10-2025

Turns out FortiOS 7.4.6 works fine with older Extender firmware. I’ve logged a ticket with support and it has been escalated. Will update when I have more information.

Kangming · ‎01-10-2025

Thanks Magnitude_8,

We can reproduce it in the lab. Bug 1114550 has been reported and Dev is investigating.

The workaround found so far is:
Reboot FortiExtender manually and the status can be restored to online after upgrading FGT from V7.4.5GA to V7.4.6GA.

Thanks

Kangming

Godfreyagr · ‎01-11-2025

I am also running FGT 120G v7.4.6 and fortiextender 7.2.3 the fortiextender can be discovered by FGT but it is not able to provide Lan extension IP address to the Lan ports on the fortiextender therefore whoever connects to the fortiextender they are not able to access any network as the fortiextender Lan interface still shows 0.0.0.0/0. I have upgraded the fortiextender to 7.4.6 still getting the same error. I also cannot deauthiroze the fortiextender

Magnitude_8 · ‎01-12-2025

I suspect that there are problems with FortiExtender when using either FortiOS 7.4.6 on the FortiGate or FortiExtender firmware 7.4.6. I've tried multiple combinations of firmwares and some work and others don't. Sorry, I've lost track.

I also found that a FortiGate HA cluster is somehow related. FortiOS 7.4.6 and Extender 7.4.6 work for me if one of my HA nodes is off but stops working once the secondary node comes up.

Kangming · ‎01-13-2025

Hi @Magnitude_8

In the FGT HA environment, another FortiExtender bug #1107314 and #1089691

This issue has been fixed in V7.6.1GA on FortiExtender and can be resolved by upgrading to V7.6.1. The next V7.4.7GA FortiExtender will also fix it.

FXT211E-v7.6.1-build422 (GA) is Working fine.

Thanks

Kangming

Kangming · ‎01-13-2025

Downgrading FGT 120G v7.4.6 to V7.4.5GA or restarting FortiExtender may restore the connection status of Capwap to online.

Thanks

Kangming

Kangming · ‎01-13-2025

FGT 7.4.5GA and Fortiextender 7.2.5GA should work fine.

Thanks

Kangming

Kangming · ‎01-13-2025

Are you using the port 4 interface of FortiExtender? The port 4 interface is in DHCP client mode. Can you get the DHCP IP address?

Thanks

Kangming

FortiExtender stops working on FortiOS 7.4.6

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website