Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
lexagl
New Contributor II

Created on ‎05-27-2025 08:49 AM Edited on ‎05-27-2025 08:50 AM

"Fortiextender LAN Extension" interface type in Fortimanager?

Hi all,


I'm doing a trial setup of some FortiExtender FEX-202Fs with my existing Fortigate 91Gs which are managed via a FortiManager VM. I plan on using these as LAN extenders for remote microsites. I've managed to get the FEX units working well with the FGTs on their own, but the trouble comes when I try to use FMG to create firewall policies involving the FEX interfaces. 

 

In the FGT UI, I can see the FEX units correctly appearing under the "LAN Extension" category. Firewall polices work fine when configured directly on the gates. However, when the FGT configs are imported into FMG these same interfaces appear as the "VLAN" type. I am then not able to select these interfaces when making firewall polices. I'm assuming this is because the "role" variable on the erroneous VLAN page for these interfaces is set to "Undefined". Unfortuantely I am not able to change the interface role, as an error message appears notfying that "VLAN ID must be between 1-4096", but the option to set a VLAN ID is greyed-out ... all of this despite the interface not actually being of the VLAN type in the first place.

 

I see in FMG there is an option to create a Fortigate interface of the "FortiExtender WAN extension" type, but I do not see a corresponding option for a "LAN extension" type.

 

Firmware versions involved:

Fortigates: 7.4.7 build2731

Fortimanager: 7.4.6 build2588

 

Images:

LAN Extension as it appears directly in the Fortigate UI:

fortigate-view.png

 

 

 

 

 

 

 

 

 

 

 

 

Same interface as it appears in the Fortimanager UI:

fortimanager-vew.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Edit interface menu in Fortimanager for the above:

fortimanager-edit-interface.png

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Sorry for the long post. Thanks in advance!

680
0 Kudos
1 Solution
lexagl
New Contributor II
In response to lexagl

Created on ‎05-29-2025 06:26 PM Edited on ‎05-29-2025 06:27 PM

Correction to the above, I’ve found the only necessary steps are to remove the Fortigate and then add it back to the Fortimanager.

 

I’m going to mark this as the solution, though it’s certainly a bug with Fortimanager that needs fixing.

View solution in original post

503
0 Kudos
5 REPLIES 5
funkylicious
SuperUser
SuperUser

Created on ‎05-27-2025 09:47 AM

maybe its related to https://docs.fortinet.com/document/fortimanager/7.4.6/administration-guide/201336/managing-fortiexte... 

"jack of all trades, master of none"
"jack of all trades, master of none"
658
lexagl
New Contributor II
In response to funkylicious

Created on ‎05-27-2025 11:43 AM

I followed those steps and the FEX shows correctly in the FMG Extender Manager page as a LAN extension. However, the interface still shows incorrectly as a "VLAN" type in the gate's page under device manager. 

 

fortimanager-exender-manager.png

 

 

627
0 Kudos
funkylicious
SuperUser
SuperUser
In response to lexagl

Created on ‎05-27-2025 12:13 PM

may try importing again the config from the device and hopefully it makes another mapping type.

"jack of all trades, master of none"
"jack of all trades, master of none"
609
lexagl
New Contributor II
In response to funkylicious

Created on ‎05-27-2025 01:20 PM

Importing again didn't work but I did find a very inconvenient workaround:

 

1. Delete the Fortextender entirely from the Fortigate

2. Delete the Fortigate from Fortimanager

3. Add the Fortiextender back to the Fortigate directly

4. Add the Fortigate back to Fortimanager.

 

This results in the LAN Extender interface now showing as an "Unknown" type in FMG. However, it has the correct LAN role, the FEX is properly displaying in Extender Manager, and it can now be referenced in firewall policies pushed by Fortimanager. It isn't pretty but it works in my case. I imagine this is still a bug, however.

workaround2.png

 

 

592
lexagl
New Contributor II
In response to lexagl

Created on ‎05-29-2025 06:26 PM Edited on ‎05-29-2025 06:27 PM

Correction to the above, I’ve found the only necessary steps are to remove the Fortigate and then add it back to the Fortimanager.

 

I’m going to mark this as the solution, though it’s certainly a bug with Fortimanager that needs fixing.

504
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.