This article describes steps to access the FortiExtender IP from a different VLAN/Subnet, such as by using a ping or SSH.
Scope
FortiExtender, FortiGate, FortiExplorer.
Solution
A managed FortiExtender has only one default route to the FortiGate.
When FortiExtender is used with a SIM, two default routes exist on FortiExtender – one for LTE and one for LAN.
To connect to the FortiExtender from a different VLAN or subnet, it’s necessary to create a static route on the FortiExtender.
To do this, connect to the FortiExtender CLI and add a static route on FEX to the PC or Server from which to establish a connection such as ping, ssh, http, https.
#config router static
edit 1
set status enable
set dst 0.0.0.0/0 (The PC/Server Network ID)
set gateway <fgt-intf-gateway> (IP of the FortiGate interface connected to FortiExtender)
set device <exiting intf> (PORT of the FortiExtender connected to FortiGate)
show
next
endFor example:
Note: Ensure that the FortiExtender port allows the necessary connection. For example: http, https, ping, ssh, or telnet.
Interface configuration example:
# config system interface
edit lan
set type physical
set status up
set mode static
set ip 192.168.2.1/24
set mtu 1400
set allowaccess http https ping ssh telnet
end
