Skip to main content
finsfree
finsfree
New Member
February 15, 2021
Question

Can't access web interface via wifi?

  • February 15, 2021
  • 1 reply
  • 7962 views

Hello,

 

Noob question here.

 

I have a Fortigate 60D. I can access the web interface from the LAN port just fine. I get an "access refused" message every time I try from the wifi client. I have tried with 3 different browsers (opera, chrome, edge). I'm not seeing in the web GUI where I can enable this setting.

 

The AP is a FortiAP 221E.

 

Thanks,

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    February 15, 2021

    If the SSID is in tunnel mode, the SSID is just a logical interface like VLANs, etc. To access the LAN (internal?) interface from SSID interface, you have to have a policy from SSID interface to LAN interface allowing the access.

    finsfree
    finsfreeAuthor
    New Member
    February 15, 2021

    toshiesumi wrote:

    If the SSID is in tunnel mode, the SSID is just a logical interface like VLANs, etc. To access the LAN (internal?) interface from SSID interface, you have to have a policy from SSID interface to LAN interface allowing the access.

    It is in "Tunnel Mode" and the there is a policy created "SSID > INTERNAL" allowing "ALL" services, however I still can not access the Fortinet web interface from a wifi client. 

     

    Does it matter if the port that the AP is plugged into has a different IP address then what the SSID has?

    Example:

    [ul]
  • Port 7 (where the FortiAP 221E is plugged into) IP Address 10.0.1.1/24
  • SSID 10.0.2.1/24 (DHCP Range 10.0.2.100 - 200/24)
  • Fortigate LAN (internal) IP Address 10.0.0.1:4433 (this is how I access the web interface from the LAN)[/ul]

    Attached is what I receive when trying to access the Fortigate web interface from wifi

     

    • Toshi_Esumi
    SuperUser
    Toshi_Esumi
    SuperUser
    February 15, 2021

    Was this FGT set up by somebody else before? Only things I can think of are either tursthosts or/and local-in policy might be configured to allow only certain sources, not including the SSID subnet/interface.

    All of those you listed are directly connected network., Reachability shouldn't be a problem.

    Terms & ConditionsAccessibility statement