Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fireon
New Contributor III

Created on ‎05-27-2024 12:45 PM

Fortiexender integration on an Fortgate 51E with FortiOS 6.2.x

Hello all, 

 

i tested here 2 things: 

Fortigate 60E + Fortiexender 201E and Fortigate 51E + Fortiexender 201E

 

On both it is working fine. With and without  ip-passthrough (capwap). So the goal is in this situation "Fortigate 51E + Fortiexender 201E". But there is big difference between the fortiOS 6.2 and 7.4. On 6.2 i can't find an option for access directly to the fortigate for management over WAN. Please see the attached screenshot.

 

Screenshot_20240527_212708.png

1 = Capwap to the fortiexender

2 = the generated lte interface

 

if i open 2 i can only see the serial from the extender. On the fortigate 60E with OS 7.4.x i can to the same like an normal wan interface. Does it work differently with the 51E? And yes i know with this public ip it will not work (happynet), but if I can't configure it? Or are the settings of WAN2 valid for the release of the Fortiagte Interace?

 

I would then also like to create IPSEC side2side with more Fortigates.

 

Very thanks

Kind regards

Always on /dev/zvol
Always on /dev/zvol
Labels:
667
0 Kudos
7 REPLIES 7
Anthony_E
Community Manager
Community Manager

Created on ‎05-29-2024 11:43 PM

Hello fireon,


Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Anthony-Fortinet Community Team.
612
Anthony_E
Community Manager
Community Manager

Created on ‎06-02-2024 10:57 PM

Hello fireon,

 

We are still looking for someone to help you.

We will come back to you ASAP.


Regards,

Anthony-Fortinet Community Team.
564
0 Kudos
Anthony_E
Community Manager
Community Manager

Created on ‎06-04-2024 01:50 AM

Hello,

 

This document can maybe help you:

https://docs.fortinet.com/document/fortiextender/7.4.0/fos-fext-compatibility-matrix

 

Id not, do not hesitate to tell us and we will continue to look at your question.

 

Regards,

Anthony-Fortinet Community Team.
544
fireon
New Contributor III
In response to Anthony_E

Created on ‎06-04-2024 03:23 AM

Thanks for the matrix. According to this, I am even in the (R) Recommended range. I can test it on site next week with the right SIM. I'll let you know what works and what doesn't. 

Always on /dev/zvol
Always on /dev/zvol
537
Anthony_E
Community Manager
Community Manager

Created on ‎06-04-2024 03:24 AM

Thank you fireon :)!

Anthony-Fortinet Community Team.
535
0 Kudos
fireon
New Contributor III

Created on ‎06-13-2024 03:36 AM Edited on ‎06-13-2024 03:59 AM

Hello all, I've tested this here with the right simcard. A side2side connection with the 2 Fortigates over the DDNS is working. But a directaccess to the fortigate with the fortiexender is not posible. If i do an nmap to the public IP i got this crazy output: 

 

 

PORT     STATE SERVICE
21/tcp   open  ftp
25/tcp   open  smtp
53/tcp   open  domain
80/tcp   open  http
110/tcp  open  pop3
143/tcp  open  imap
443/tcp  open  https
445/tcp  open  microsoft-ds
2000/tcp open  cisco-sccp
5060/tcp open  sip
8010/tcp open  xmpp

 

What kind of device is responding? Neither the Fortigate nor the Fortiexender has anything enabled. Accesses are blocked by trusted hosts.

 

Also the firewall policy at the fortiexender is only one from lan to the Internet. 

Screenshot_20240613_125714.png

 

So really strange behavior.

Always on /dev/zvol
Always on /dev/zvol
419
fireon
New Contributor III
In response to fireon

Created on ‎06-13-2024 04:07 AM

Ok, it looks like the provider is still interposing a network. hmm... there's probably nothing you can do...?      213.94.64.0/18

Always on /dev/zvol
Always on /dev/zvol
412
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.