This article describes steps to access the FortiExtender IP from a different VLAN/Subnet, such as by using a ping or SSH.
FortiExtender, FortiGate, FortiExplorer.
A managed FortiExtender has only one default route to the FortiGate.
When FortiExtender is used with a SIM, two default routes exist on FortiExtender – one for LTE and one for LAN.
To connect to the FortiExtender from a different VLAN or subnet, it’s necessary to create a static route on the FortiExtender.
To do this, connect to the FortiExtender CLI and add a static route on FEX to the PC or Server from which to establish a connection such as ping, ssh, http, https.
#config router static edit 1 set status enable set dst 0.0.0.0/0 (The PC/Server Network ID) set gateway <fgt-intf-gateway> (IP of the FortiGate interface connected to FortiExtender) set device <exiting intf> (PORT of the FortiExtender connected to FortiGate) show next end
Note: Ensure that the FortiExtender port allows the necessary connection. For example: http, https, ping, ssh, or telnet.
Interface configuration example:
# config system interface edit lan set type physical set status up set mode static set ip 192.168.2.1/24 set mtu 1400 set allowaccess http https ping ssh telnet end