Technical Tip: How to modify CAPWAP Control Port
Description
A CAPWAP session is initiated by the WTP (client) to the well-known UDP port of the AC (server).
The CAPWAP control port and data port at the FortiGate is the well-known UDP port 5246 and 5247.
There are two channels inside the CAPWAP tunnel:
1) The control channel (5246) for management traffic.
2) The data channel (5247) for carrying client data packets.
An administrator can modify/change the CAPWAP control port at the FortiGate and FortiAP.
Note.
The port value is in the range of 1024-49150 (default-5246).
Once an administrator changes the CAPWAP control port on FortiGate, the CAPWAP data port automatically set the next consecutive port number.
As an example if ‘4444’ is selected as a CAPWAP control port than ‘4445’ will be the selected as CAPWAP data port.
The CAPWAP data port at the FAP can be any random port selected by the FortiAP.
Related links.
https://docs.fortinet.com/document/fortigate/6.0.0/fortinet-communication-ports-and-protocols/534827/fortigate-open-ports
page# 156 https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/b92a67f9-73a6-11ea-9384-00505692583a/FortiWiFi_and_FortiAP-6.4.0-Configuration_Guide.pdf
Refer the FOS CLI Reference – Go to system -> system global -> Configure Global Attributes: https://docs.fortinet.com/document/fortigate/6.4.0/cli-reference/1620/system-global
Solution
To get wireless control port on FortiOS.
A CAPWAP session is initiated by the WTP (client) to the well-known UDP port of the AC (server).
The CAPWAP control port and data port at the FortiGate is the well-known UDP port 5246 and 5247.
There are two channels inside the CAPWAP tunnel:
1) The control channel (5246) for management traffic.
2) The data channel (5247) for carrying client data packets.
An administrator can modify/change the CAPWAP control port at the FortiGate and FortiAP.
Note.
The port value is in the range of 1024-49150 (default-5246).
Once an administrator changes the CAPWAP control port on FortiGate, the CAPWAP data port automatically set the next consecutive port number.
As an example if ‘4444’ is selected as a CAPWAP control port than ‘4445’ will be the selected as CAPWAP data port.
The CAPWAP data port at the FAP can be any random port selected by the FortiAP.
Related links.
https://docs.fortinet.com/document/fortigate/6.0.0/fortinet-communication-ports-and-protocols/534827/fortigate-open-ports
page# 156 https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/b92a67f9-73a6-11ea-9384-00505692583a/FortiWiFi_and_FortiAP-6.4.0-Configuration_Guide.pdf
Refer the FOS CLI Reference – Go to system -> system global -> Configure Global Attributes: https://docs.fortinet.com/document/fortigate/6.4.0/cli-reference/1620/system-global
Solution
To get wireless control port on FortiOS.
FWF60DXXXXXX848 # config system globalTo set wireless control port.
(global) # get
.
wireless-controller-port: 5246.
FortiGate (global) set wireless-controller-port ?To get control port on FortiAP.
Enter an integer value from <1024> to <49150> (default = <5246>)
FortiGate (global) set wireless-controller-port 4444
FortiGate (global) end
PU223ETFXXXXX86# cfg -sTo set control port.
.
AC_CTL_PORT:=5246
.
PU223ETFXXXXX86# cfg -a AC_CTL_PORT=4444
PU223ETFXXXXX86# cfg -c