By Manny Fernandez

February 1, 2019

Configuring FortiExtender

For those of you that have not heard or seen FortiExtender, it is a 3G/4G LTE modem that can be attached to a FortiGate or other device and used as a primary, secondary or tertiary connection.  The one I was testing has two SIM slots.  Use cases could be anything from a retail store having the 4G LTE as a backup in case their terrestrial circuit goes down to a construction site where there are no facilities delivered in the area yet, to a primary internet connection.  FortiCloud can also manage thousands of these devices even if they are attached to non-Fortinet devices.

When configuring a FortiExtender on a FortiGate, you need to make some CLI changes to the FortiGate to enable the FortiExtender. In my lab, I have configured a FortiExtender FEX-40D AMEU using T-Mobile on my FortiGate 300E. Let’s get started.

First thing you will need to do is enable the FortiExtender from the SYSTEM, FEATURE VISIBILITY. You will notice that it is disabled and has a message saying FortiExtender needs to be enabled via the CLI.

From the command line, you can run the following command ‘show system global’. You will notice that FortiExtender is not on the default list of configurations.

Her you can see that I issued the ‘config system global’ and ‘set fortiextender enable’ and finally ‘end’. Now when you issue the ‘show system global’ you can NOW see the fortiextender being enabled.

Remember you will need to go back into the GUI under the ‘feature visibility’ section and tick the radio button.

You can now see that the option to enable it is visible.

You will need to configure the Interface that will connect to the FortiExtender. Ensure that ‘CAPWAP’ is enabled from the ‘Administrative Access’ section.

NOTE: In my lab, I used a VLAN assigned to a port on my FortiSwitch since I needed PoE, but the above screenshot shows the configuration.

1. Alias – This is optional but recommended.

2. Give it an IP address and mask

3. Ensure CAPWAP is enabled.

4. Turn on DHCP Server (Optional but recommended).

Once the FortiExtender is booted up and attached to the FortiGate, you will need to Authorize it. You need to create an ‘Interface name’ for it and ‘authorize

Now that you have it authorized, you will notice that under NETWORK, INTERFACES you will have a new entry.

Ensure that you create policies for the FortiExtender interface and if you are using ‘Central SNAT‘, ensure you have an entry there.

Hope this helps.

Recent posts

  • If you've spent any time configuring user authentication on... Full Story

  • DNS is one of those technologies that quietly underpins... Full Story

  • BGP issues on FortiGate firewalls usually trace back to... Full Story

  • Every time your laptop talks to your router, a... Full Story

  • If you've spent any time configuring NAT on a... Full Story

  • If you have spent any time configuring firewall policies... Full Story

  • High availability on FortiGate is one of those features... Full Story

  • If you've configured SD-WAN on a FortiGate, you've almost... Full Story

  • FortiLink is the management protocol that turns a FortiSwitch... Full Story

  • FortiSwitches are pretty rock solid from Mean Time Between... Full Story

  • This is a quicky tip.  Have you ever gone... Full Story

  • DNS is one of those quiet pieces of internet... Full Story

  • This article is an updated version of the previous... Full Story

  • You will add ns2 as a secondary (slave) BIND9... Full Story

  • In the process of deploying my lab, I needed... Full Story

  • RFC 8805, used to be known as Self-Correcting IP... Full Story

  • Years back, I wrote an article about certificate pinning. ... Full Story

  • FortiGates have the ability to send alerts to Microsoft... Full Story

  • In this post, I am going to walk through... Full Story

  • Troubleshooting VoIP on a FortiGate can feel like trying... Full Story

  • Prior to FortiOS 7.0, there were three commands to... Full Story

  • In this post, I am going to go over... Full Story

  • What we are going to do:  We are going... Full Story

  • Choosing between FGCP (FortiGate Clustering Protocol) and FGSP (FortiGate... Full Story

  • Creating a VLAN on macOS (The "Pro" Move) A... Full Story

  • This blog post explores the logic behind how macOS... Full Story

  • Pretty Fly for a Wi-Fi Tell My Wi-Fi Love... Full Story

  • Part of my daily gig is creating BoMs (Bill-of-Materials)... Full Story

  • ICMP introduces several security risks, but careful filtering, rate... Full Story

  • The command diag debug application dhcps -1 enables full... Full Story

  • In the world of FortiOS, execute tac report is... Full Story

  • LLDP; What is it The Link Layer Discovery Protocol... Full Story

  • What it actually does When you run diagnose fdsm... Full Story

  • Monkey Bites are bite-sized, high-impact security insights designed for... Full Story

  • I have run macOS in macOS with Parallels but... Full Story

  • Don't be confused with my other FortiNAC posts where... Full Story

  • This is the third session in a multi-part article... Full Story

  • Today I was configuring key-based authentication on a FortiGate... Full Story

  • Netcat, often called the "Swiss Army knife" of networking,... Full Story

  • At its core, IEEE 802.1X is a network layer... Full Story

  • In case you did not see the previous FortiNAC... Full Story

  • This is our 5th session where we are going... Full Story

  • Now that we have Wireshark installed and somewhat configured,... Full Story

  • The Philosophy of Packet Analysis Troubleshooting isn't about looking... Full Story

  • Overview FortiOS 8.0 introduces custom tags as a first-class... Full Story

  • These are two distinct mechanisms on FortiOS, and conflating... Full Story

  • Replacement messages are the pages and text blocks that... Full Story