Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
jmpage2
New Contributor

Fortigate with FortiExtender for backup WAN & remote admin questions

I have a 61F running 6.4.4 FortiOS and recently installed a FortiExtender 201E as I've been having some issues with WAN connectivity on the primary WAN connection.

 

I was able to adopt the FEX and it is connected to the Fortigate. I modified the route weight for my WAN default route as when I connected the FEX it took priority and knocked the primary WAN down. There were setup sequences for the FEX to function in a WAN protection mode that do not appear to exist in FortiOS 6.4 so use of routing table seems to be the only way to get it to work.

 

I do have some questions about how this is working.

 

I can't get remote admin access to the FortiGate via the FEX LTE connection and the documentation indicates this is not supported. Is this the case? It seems a bit crazy to me that I can't get into the Firewall during a primary WAN outage using the LTE connection if I know the IP address or set up Dynamic DNS.

 

I have had WAN flapping where the primary WAN becomes inaccessible and my IPSEC tunnels to it are down on one end and up on the other end. Is it possible to configure FEX on the FG for either a backup SSL VPN connection or for termination of the IPSEC tunnels?

 

I probably have some other questions but will wait and see if there are any FEX knowledgeable folks able to respond first.

 

Thanks for your time.

2 REPLIES 2
Fullmoon
Contributor III

Im not sure if I comprehend you question properly.

looking at my lab having 2 WAN links and FEX. FEX has a default Distance set to 5.perhaps you can edit it via cli and unify the distance across your WAN links. Then let your SDWAN rules control your egress policies in which WAN links do  you prefer.

Fortigate Newbie

Fortigate Newbie
jmpage2

Fullmoon wrote:
Im not sure if I comprehend you question properly. looking at my lab having 2 WAN links and FEX. FEX has a default Distance set to 5.perhaps you can edit it via cli and unify the distance across your WAN links. Then let your SDWAN rules control your egress policies in which WAN links do  you prefer.
Are you able to use the FEX WAN IP to access the Fortigate? I cannot get that to work. On the WAN routing side of things I just want the FEX to provide backup internet routing in the event my primary goes down. This seems to be working after changing route cost on my primary to be lower than the FEX but the documentation for the FEX provides specific commands to configure it to back up a WAN link that don’t appear to work in current OS version. Since installing the FEX my IPSEC tunnel to the location is periodically going down and I suspect some routing mishap with the FEX is to blame. The configuration from documentation that doesn’t appear to exist is this section: config extender-controller extender edit <FEXT serial number> set admin enable set ifname <fext interface> set mode redundant set redundant-intf < wan interface I,e wan1> end
Labels
Top Kudoed Authors