Hello all,
i tested here 2 things:
Fortigate 60E + Fortiexender 201E and Fortigate 51E + Fortiexender 201E
On both it is working fine. With and without ip-passthrough (capwap). So the goal is in this situation "Fortigate 51E + Fortiexender 201E". But there is big difference between the fortiOS 6.2 and 7.4. On 6.2 i can't find an option for access directly to the fortigate for management over WAN. Please see the attached screenshot.
1 = Capwap to the fortiexender
2 = the generated lte interface
if i open 2 i can only see the serial from the extender. On the fortigate 60E with OS 7.4.x i can to the same like an normal wan interface. Does it work differently with the 51E? And yes i know with this public ip it will not work (happynet), but if I can't configure it? Or are the settings of WAN2 valid for the release of the Fortiagte Interace?
I would then also like to create IPSEC side2side with more Fortigates.
Very thanks
Kind regards
Hello fireon,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Hello fireon,
We are still looking for someone to help you.
We will come back to you ASAP.
Regards,
Hello,
This document can maybe help you:
https://docs.fortinet.com/document/fortiextender/7.4.0/fos-fext-compatibility-matrix
Id not, do not hesitate to tell us and we will continue to look at your question.
Regards,
Thanks for the matrix. According to this, I am even in the (R) Recommended range. I can test it on site next week with the right SIM. I'll let you know what works and what doesn't.
Thank you fireon :)!
Hello all, I've tested this here with the right simcard. A side2side connection with the 2 Fortigates over the DDNS is working. But a directaccess to the fortigate with the fortiexender is not posible. If i do an nmap to the public IP i got this crazy output:
PORT STATE SERVICE
21/tcp open ftp
25/tcp open smtp
53/tcp open domain
80/tcp open http
110/tcp open pop3
143/tcp open imap
443/tcp open https
445/tcp open microsoft-ds
2000/tcp open cisco-sccp
5060/tcp open sip
8010/tcp open xmpp
What kind of device is responding? Neither the Fortigate nor the Fortiexender has anything enabled. Accesses are blocked by trusted hosts.
Also the firewall policy at the fortiexender is only one from lan to the Internet.
So really strange behavior.
Ok, it looks like the provider is still interposing a network. hmm... there's probably nothing you can do...? 213.94.64.0/18
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1738 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.