"Dedicated to extension device" removed in 5.4.1?

Question

I upgraded my FortiGate 90D-POE with a FortiAP 321C from 5.4.0 to 5.4.1 after completely formatting my FortiGate and re-doing my configuration from scratch. For some reason, I don't have the "Dedicated to extension device" as an "Addressing mode" option for any of my POE ports. Has anyone else seen this? Screenshot attached.

I have tried changing the Role, but no role gives the "dedicate to extension device" option.

Page 56 of this PDF states that I need to use "Dedicated to extension device" and this is what was working for me under 5.4.0: http://docs.fortinet.com/...reless-networks-54.pdf

tanr · Answer

I talked with Fortinet about this a few weeks back. My understanding from that conversation was that with 5.4.1 (and maybe 5.4.0?) you don't actually need a dedicated physical interface.

To allow the FAP to find and communicate with the FGT you do need to have CAPWAP enabled for Administrative Access on the physical port it's going to come in on. Don't know if any additional firewall policies are needed.

It was recommended the FGT provide DHCP for that port (DHCP on whatever the default VLAN is for the FAP's connection at the switch). This way the FAP will still reconnect properly to the FGT after a firmware update, wipe, reset, etc. Easier maintenance, but not sure I would do that myself.

What I didn't quite understand from my conversation was how to have the FGT restrict access on that particular port and VLAN to *only* the FAP.

I won't receive my FortiAP for a couple weeks, so haven't tested this out. Do let us know how it goes.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded