Customer Service
Customer Service Information and Announcements
Article Id 244070

This article describes how to handle an issue that occurs when a FortiAP managed by FortiGate randomly goes offline and stays in its offline state until it is manually rebooted. At the time of the issue, FortiAP may not be reachable (with ping) from the FortiGate. Sometimes, the FortiAP loses its IP address.


This article describes the logs to gather to troubleshoot the issue.


FortiAPFortiAP-U version 6.x and above.


NOTE: SSH access can be gained to the FortiAP from the FortiGate if the FortiAP is reachable. If not, use console access.


Collect the following logs and open a support ticket.


1) From the FortiGate, obtain the FortiGate config and serial number of the FortiAP showing as offline:


show system ha
show wireless-controller inter-controller

diag wireless-controller wlac -c wtp

diagnose wireless-controller wlac -c wtp <AP-serial>


2) Run the following debug on the FortiGate in global mode. The syntax is as follows:


diag wireless-controller wlac wtp_filter <AP serial#> 0-<ap ip address>:5246 4


For example:


diag wireless-controller wlac wtp_filter FP112B3X13000193 0- 4


Additionally, run:


diagnose debug console timestamp enable


diagnose debug application cw_acd 0x7fff  

diag debug enable


After 5 minutes, stop the debug:


diag debug dis


diag debug reset


diagnose debug application cw_acd 0


3) On FortiAP, run 'don' and 'ton':






Note: When don or ton are executed, the logs will start populating continuously, making it impossible to see typed commands. Be sure to type the command and press enter.


To stop the output:


- Type 'doff' and press enter

- Type 'toff' and press enter.


4) Run the following:


cw_diag -c ha
cw_diag -c acs



kp 128000





top <---- Keep this command running for about 30 seconds, then press Ctrl+C to terminate.


5) Provide the cat /var/log/messages output from the AP (this step is only applicable for FortiAP-U). The syntax is as follows:


tftp -p -l /var/log/messages -r <File Name> <tftp server ip>


For example:


tftp -p -l /var/log/messages -r example123

example123 100% |*******************************| 4634k 0:00:00 ETA




Note: If access is lost to FortiAP, the above log can be collected by following the steps below:

1) Gain console access to the AP.

2) a) Check the static IP of cfg -s. It should be
b) Assign the laptop a static IP in the same subnet as the AP IP. For example,

c) Connect the laptop to the Lan2 Ethernet port of the AP.

d) Check whether a connection could be established laptop.

e) Ensure the tftp server (such as 3CDaemon) is installed on the laptop and can reach the AP.


For example, the default IP of the AP is and the laptop has been assigned a static IP of




Additionally, collect the following logs on both FortiAP and the FortiGate simultaneously:


1) On FortiAP:


diag sniffer any "port 5246 or port 5247" 6 0 a     


Press Ctrl+c to stop the operation at any time.

MicrosoftTeams-image (20).png

2) Collect the AP uplink port mirror packet capture.


3) From the FortiGate CLI, run the following:


diag sniffer packet any "port 5246 or port 5247" 6 0 a


Press Ctrl+C to stop the operation at any time.


Let the above run for 3-5 minutes and stop the log afterwards.