FortiExtender Release Notes
VERSION 2.0.2 TECHNICAL DOCUMENTATION http://docs.fortinet.com
KNOWLEDGE BASE http://kb.fortinet.com
FORUMS https://support.fortinet.com/forum
CUSTOMER SERVICE & SUPPORT https://support.fortinet.com
FORTIGATE COOKBOOK http://cookbook.fortinet.com
TRAINING http://www.fortinet.com/training
FORTIGUARD THREAT RESEARCH & RESPONSE http://www.fortiguard.com
LICENSE http://www.fortinet.com/doc/legal/EULA.pdf
FEEDBACK
Email: [email protected]
September 18, 2015 FortiExtender 2.0.2 Release Notes 36-202-292893-20150918 TABLE OF CONTENTS
Change Log 4 Introduction 5 Supported models 5 What’s new in FortiExtender 2.0.2 5 Special Notices 6 Access point name 6 FortiExtender-100A 6 Netgear AirCard 340U (AT&T) USB modem 6 Novatel 551L (Verizon) and Ovation MC679 (Bell Canada) USB modems 6 Upgrade Information 7 Upgrading from FortiExtender 2.0.1 or later 7 Upgrading from FortiExtender 2.0.0 7 Upgrading from FortiExtender 1.0.0 7 Firmware upgrade procedure 7 Firmware image checksums 8 Novatel MC679 8 Product Integration and Support 9 Modes of operation 9 Connected UTM mode 9 Standalone mode 9 FortiExtender 2.0.2 support 9 USB modem support 10 Resolved Issues 15 Known Issues 16 Limitations 17 Change Log
Date Change Description
2015-09-18 Initial Release.
2016-01-18 Updated Upgrade Information.
4 FortiExtender Fortinet, Inc. Introduction
This document provides the following information for FortiExtender build 0011.
l Supported models
l What's new
l Special Notices
l Upgrade Information
l Product Integration and Support
l Resolved Issues
l Known Issues
l Limitations For more information on upgrading your FortiExtender device, see the FortiExtender Administration Guide
Supported models
FortiExtender 2.0.2 supports the following models: FEX-20B, FEX-100A, and FEX-100B.
What’s new in FortiExtender 2.0.2
The following is a list of new features and enhancements in FortiExtender 2.0.2
l Pantech UML295 in QMI mode with IP passthrough support
l ZTE MF820B in QMI mode support
l Improved handling of bigger sized packets received from the WAN side
5 FortiExtender Fortinet, Inc. Special Notices
This section highlights some of the operational changes that administrators should be aware of in 2.0.2.
Access point name
In 2.0.2 and later you must configure the access point name (APN) for your FEX-100A. For example, “vzwinternet” or the APN provided by Verizon.
FortiExtender-100A
FortiExtender-100A can operate in non-Verizon 3G based networks.
Netgear AirCard 340U (AT&T) USB modem
The Netgear 340U (AT&T) modem requires a 3 foot USB cable to operate correctly.
Novatel 551L (Verizon) and Ovation MC679 (Bell Canada) USB modems
Novatel modems on FortiExtender-20B and FortiExtender-100B can now support custom non-default APN.
The Novatel 551L (Verizon) and Ovation MC679 (Bell Canada) modems have mechanical issues with its USB male connector. These modems cannot operate correctly when sealed inside the FortiExtender case.
6 FortiExtender Fortinet, Inc. Upgrade Information
Upgrading from FortiExtender 2.0.1 or later
FortiExtender version 2.0.2 officially supports upgrade from version 2.0.1 or later only.
Upgrading from FortiExtender 2.0.0
FortiExtender version 2.0.1 officially supports upgrade from version 2.0.0 only.
Upgrading from FortiExtender 1.0.0
FortiExtender version 2.0.0 officially supports upgrade from version 1.0.0 only.
When upgrading a brand new FortiExtender, it is highly recommended to upgrade to the next imme- diately available GA release.
Firmware upgrade procedure
You can upgrade your device from the GUI, the Command Line Interface (CLI), the FortiGate GUI, the FortiGate CLI, or the FortiManager GUI. This section covers the most common upgrade methods.
Firmware upgrade via the FortiGate GUI:
1. In the FortiGate GUI, go to System > Network > FortiExtender. In the Administrative Status field of the connected FortiExtender, select Authorize. 2. After the FortiExtender is authorized, refresh the web page. 3. In the OS Version field of the connected FortiExtender, select Upgrade.
The UpgradeFortiExtender Firmware dialog box is displayed.
4. Browse for the firmware image file on your management computer and select OK. Please wait for the firmware upgrade to complete. The upgrade procedure can take 3 to 5 minutes to finish. Upon completion, perform a refresh of the web page to verify the firmware upgrade is successful and the OS Version field reflects the build of the upgraded image.
7 FortiExtender Fortinet, Inc. Firmware image checksums Upgrade Information
Firmware upgrade via the FortiExtender GUI:
1. Connect the FortiExtender unit to a separate private switch or hub, or directly to your management computer via a cross-over cable. 2. Configure the management computer to be on the same subnet as in the internal interface of the FortiExtender unit by changing the IP address of the management computer to 192.168.1.1 and the netmask to 255.255.255.0. 3. Start a supported web browser and browse to 192.168.1.2. 4. Type admin in the Name and Password fields, then press Enter. 5. In the FortiExtender GUI, go to System > Firmware. 6. Click the Choose File button and browse for the firmware image file on your management computer. Please wait for the firmware upgrade to complete. The upgrade procedure can take 3 to 5 minutes to finish. Upon completion, perform a refresh of the web page to verify the firmware upgrade is successful. Go to System > Firmware > Firmware Version to confirm the page reflects the build of the upgraded image.
Firmware image checksums
The MD5 checksums for all Fortinet software and firmware releases are available at the Fortinet Customer Service & Support portal located at https://support.fortinet.com. After logging in select Download > Firmware Image Checksums, enter the image file name including the extension, then select Get Checksum Code.
Novatel MC679
To avoid any upgrade related issues, disconnect the Novatel MC679 modem during the upgrade procedure.
Hardware Acceleration 8 Fortinet, Inc. Product Integration and Support
Modes of operation
FortiExtender supports two modes of operation.
Connected UTM mode
This is the default mode of operation where the FortiGate provides centralized management of the FortiExtender infrastructure. In this mode the device discovers the FortiGate using the CAPWAP protocol and WAN traffic is tunneled to the FortiGate’s wireless WAN virtual interface. For connect UTM mode, FortiGates must run FortiOS v5.2.0 or later.
To set CAPWAP mode from the FortiExtender command line interface, enter the following command: ext_cli --conn-mode capwap
The FortiExtender will reboot and operate in CAPWAP mode.
Standalone mode
In this mode of operation, any device (e.g: PC or FortiGate) can be connected to the FortiExtender. Wireless WAN traffic is then bridged to the Ethernet Interface of the FortiExtender allowing the device to get the IP address from the wireless service provider. This mode can be used for trial mode or small deployments since centralized management is not provided.
To set standalone mode from the FortiExtender command line interface, enter the following command: ext_cli --conn-mode standalone
The FortiExtender will reboot and operate in standalone mode.
A FortiGate is not required when the FortiExtender is in Standalone mode.
FortiExtender 2.0.2 support
The following table lists FortiExtender product integration and support information.
9 FortiExtender Fortinet, Inc. USB modem support Product Integration and Support
FortiExtender 2.0.1 Support
Web Browsers Microsoft Internet Explorer versions 10 and 11 Mozilla Firefox version 33 Other web browsers may function correctly, but are not support by Fortinet.
FortiOS/FortiOS Carrier v5.2.0 and later
FortiManager v5.0.7 and later v5.2.0 and later
USB modem support
The following table lists USB modems that are supported by the FEX-20B and FEX-100B.
For an updated list of supported modems on the FortiGate device, navigate to System > Network > MODEM > select Configure MODEM.
Modem Model Modem Model
Alcatel-Lucent One Touch X020 MediaTek MT6276M
Alcatel-Lucent One Touch X030 MediaTek WiMAX USB Card
Alcatel-Lucent OT X220L Micromax MMX 300c
Alcatel-Lucent OT-X080C MobiData MBD-200HU
Alcatel-Lucent OT-X220D Netgear (Sierra Wire- AirCard 313U less)
Alcatel-Lucent X060S Netgear (Sierra Wire- AirCard 340U less)
Alcatel-Lucent X200 Netgear (Sierra Wire- AirCard 341U less)
Alcatel-Lucent X215S Netgear WNDA3200
Alcatel-Lucent X215S Novatel Wireless MC760 3G
Alcatel-Lucent T930S Novatel Wireless MC990D
Alcatel-Lucent ASB TL131 TD-LTE Novatel Wireless MC996D
A-Link 3GU Novatel Wireless U727
Hardware Acceleration 10 Fortinet, Inc. Product Integration and Support USB modem support
AnyDATA ADU-500A Novatel Wireless U760
AnyDATA ADU-510A Novatel Wireless MC545
AnyDATA ADU-510L Novatel Wireless Merlin XU950D
AnyDATA ADU-520A Novatel Wireless Ovation 930D
AnyDATA APE-540H Novatel Wireless Ovation MC950D HSUPA
Axesstel MU130 Novatel Wireless Ovation USB551L
BandLuxe C120 Novatel Wireless U679 Turbo Stick
BandRich BandLuxe C170 Olivetti Olicard 100
BandRich BandLuxe C270 Olivetti Olicard 145
BandRich BandLuxe C339 Onda MT503HS
Beceem BCSM250 Onda MT505UP
Celot CT-680 Onda MT8205 LTE
Celot K-300 Onda MW833UP
Changhong CH690 Onda MW833UP
China TeleCom CBP7.0 Onda MW836UP-K
C-motech CDU-680 Onda TM201
C-motech CDU-685a Onda WM301
C-motech CGU-628 Option Beemo
C-motech CHU-628S Option GI0643
C-motech CHU-629S Option Globetrotter
C-motech D-50 Option GlobeTrotter GI1515
Digicom 8E4455 Option iCon 461
D-Link DWM-156 Option iCon 711
D-Link DWM-162-U5 Pantech / UTStarcom UMW190
D-Link DWR-510 Pantech P4200 LTE
EpiValley SEC-7089 Pantech UML290
Exiss Mobile E-190 series Pantech UML295
11 Hardware Acceleration Fortinet, Inc. USB modem support Product Integration and Support
Franklin Wireless CGU-628A Samsung GT-B1110
Franklin Wireless U210 Samsung GT-B3730
Franklin Wireless U600 Samsung SGH-Z810
GW D301 Samsung U209
Haier CE 100 Sierra Wireless AirCard 313, 320U
Haier CE682 (EVDO) Sierra Wireless AirCard 880U
Huawei E1550 Sierra Wireless AirCard 881U
Huawei E1612 Sierra Wireless Compass 597
Huawei E169 Solomon S3Gm-660
Huawei E1690 Sony Ericsson MD300
Huawei E1692 Sony Ericsson MD400
Huawei E171 Sony Ericsson MD400G
Huawei E173 SpeedUp SU-8000U
Huawei E1750 Toshiba G450
Huawei E1762 TP-Link MA180
Huawei E177 TP-Link MA260
Huawei E180 UTStarcom UM175
Huawei E1820 UTStarcom UM185E
Huawei E270+ ZTE 6535-Z
Huawei E3251 ZTE A371B
Huawei E3276s-151 ZTE AC2710
Huawei E352 ZTE AC2726
Huawei E353 ZTE AC581
Huawei E355s-1 ZTE AC682
Huawei E535 ZTE AC8710
Huawei E587 ZTE AX226 WiMAX
Huawei E630 ZTE K3520-Z
Hardware Acceleration 12 Fortinet, Inc. Product Integration and Support USB modem support
Huawei EC156 ZTE K3565
Huawei EC168C ZTE K3805-Z
Huawei ET302 ZTE MF100
Huawei ET8282 ZTE MF110
Huawei GP02 ZTE MF112
Huawei K3765 ZTE MF190
Huawei K3770 ZTE MF190J
Huawei K3771 ZTE MF192
Huawei K3772 ZTE MF196
Huawei K3773 ZTE MF620
Huawei K4305 ZTE MF622
Huawei K4505 ZTE MF626
Huawei K4605 ZTE MF628
Huawei R201 ZTE MF633
Huawei U7510 ZTE MF636
Huawei U7517 ZTE MF637
Huawei U8110 ZTE MF638
Huawei U8220 ZTE MF652
Huawei U8300 ZTE MF656A
I-O Data WMX2-U WiMAX ZTE MF668A
JOA Telecom LM-700r ZTE MF669
KDDI (Huawei) HWD12 LTE ZTE MF671
Kyocera W06K ZTE MF680
LG AD600 ZTE MF691 (T-Mobile Rocket 2.0)
LG HDM-2100 ZTE MF820 4G LTE
LG L-02C LTE ZTE MF821
LG L-03D ZTE MF821D
13 Hardware Acceleration Fortinet, Inc. USB modem support Product Integration and Support
LG L-05A ZTE MU351
LG L-07A
LG L-08C
LG LDU-1900D
LG LUU-2100TI (AT&T USBConnect Turbo)
LG SD711
Mediatek MT6229
Hardware Acceleration 14 Fortinet, Inc. Resolved Issues
The following issues have been fixed in version 2.0.2. For inquires about a particular bug, please contact Customer Service & Support.
Bug ID Description
285451 When FortiExtender receives an ESP packet with a size bigger than MTU, FortiExtender drops the packet.
15 FortiExtender Fortinet, Inc. Known Issues
No issues have been identified in 2.0.2. For inquires about a particular bug, please contact Customer Service & Support.
16 FortiExtender Fortinet, Inc. Limitations
The items in this section generally refer to hard limitations for which there are no feasible solutions or planned remedies.
Limitation Description
Hardware Limitation The FEX-20B and FEX-100B does not support hot plugging USB modems. The FEX-100B must be rebooted after the USB modem is connected.
Hardware Limitation The Novatel 551L and Novatel MC679 USB modems can, at times, disconnect and re-connect resulting in connection drops. Workaround: Use the supplied USB cable.
Hardware Limitation Sierra Wireless AirCard 313U & Netgear AirCard 340U: These modems sometimes cause interference on the USB bus, resulting in the modem not operating properly.Workaround: Use a three feet USB cable.
System Limitation USB modem firmware upgrades are currently not supported. The USB modem firmware must be updated via your management computer.
17 FortiExtender Fortinet, Inc. Copyright© 2016 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants, representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.