Fortinet black logo

Admin Guide (FGT-Managed)

Home FortiExtender 7.0.1 Admin Guide (FGT-Managed)
7.0.1
7.4.4
7.4.1
7.4.0
7.2.5
7.2.0
7.0.3
7.0.2
7.0.1

Manage dual FortiExtender devices

Manage dual FortiExtender devices

Active/Passive mode

By default, each FortiGate device can support up to two FortiExtender devices at a time. The first FortiExtender linked interface can be configured to have a lower distance than the second FortiExtender linked interface.

Active/Active mode

To have access to active Internet sessions on both FortiExtender devices simultaneously, authorize both FortiExtender devices and configure the distance, priority, and firewall policies accordingly.

Cellular as backup of Ethernet WAN

In this redundant mode of operation, the FortiExtender daemon running on FortiGate monitors a given WAN link on the FortiGate, and brings up FortiExtender’s cellular Internet access when the WAN link is down and brings down the FortiExtender cellular Internet when the WAN link comes up. For example:

config extender-controller extender

edit <FEX SN>

set authorized enable

config modem1

set ifname <fext-wan interface>

set redundant-mode enable

set redundant-intf <wan interface, ie wan1>

end

In this mode of operation, the FortiExtender interface comes up if the WAN interface goes down and goes down if the WAN interface comes up.

SD-WAN

FortiOS recognizes and uses FEX as a valid interface within an SD-WAN interface zone. Using SD-WAN, FortiGate becomes a WAN path controller and supports diverse connectivity methods. With FEX, 3G/4G/5G can be used as a primary connection, a backup interface, or a load-balanced WAN access method with Application-Aware WAN path control selection. It provides high availability and QoS for business-critical applications by using the best effort access for low-priority applications through low-cost links, and backs up service through associations with an FortiExtender link. This enables aggregation of multiple interfaces into a single SD-WAN interface using a single policy.

To accomplish this:
  1. Add the FortiExtender interface as a member of the SD-WAN interface, as illustrated below.

  2. Define the priority rule, as shown in the following example, for instance, with the Best Quality strategy based on the Latency or Jitter criterion.

  3. Order or combine your policies as illustrated below.

  4. Monitor the 4G/5G link health using the integrated Performance SLA tool in FortiGate.

Previous
Next

Manage dual FortiExtender devices

Active/Passive mode

By default, each FortiGate device can support up to two FortiExtender devices at a time. The first FortiExtender linked interface can be configured to have a lower distance than the second FortiExtender linked interface.

Active/Active mode

To have access to active Internet sessions on both FortiExtender devices simultaneously, authorize both FortiExtender devices and configure the distance, priority, and firewall policies accordingly.

Cellular as backup of Ethernet WAN

In this redundant mode of operation, the FortiExtender daemon running on FortiGate monitors a given WAN link on the FortiGate, and brings up FortiExtender’s cellular Internet access when the WAN link is down and brings down the FortiExtender cellular Internet when the WAN link comes up. For example:

config extender-controller extender

edit <FEX SN>

set authorized enable

config modem1

set ifname <fext-wan interface>

set redundant-mode enable

set redundant-intf <wan interface, ie wan1>

end

In this mode of operation, the FortiExtender interface comes up if the WAN interface goes down and goes down if the WAN interface comes up.

SD-WAN

FortiOS recognizes and uses FEX as a valid interface within an SD-WAN interface zone. Using SD-WAN, FortiGate becomes a WAN path controller and supports diverse connectivity methods. With FEX, 3G/4G/5G can be used as a primary connection, a backup interface, or a load-balanced WAN access method with Application-Aware WAN path control selection. It provides high availability and QoS for business-critical applications by using the best effort access for low-priority applications through low-cost links, and backs up service through associations with an FortiExtender link. This enables aggregation of multiple interfaces into a single SD-WAN interface using a single policy.

To accomplish this:
  1. Add the FortiExtender interface as a member of the SD-WAN interface, as illustrated below.

  2. Define the priority rule, as shown in the following example, for instance, with the Best Quality strategy based on the Latency or Jitter criterion.

  3. Order or combine your policies as illustrated below.

  4. Monitor the 4G/5G link health using the integrated Performance SLA tool in FortiGate.

Previous
Next