Description
This article describes the steps to gain access through SSH to a FortiAP from FortiGate.
Scope
FortiAP.
Solution
By default, the profile created on FortiGate for the managed model FortiAP is created with no management access; that is, no HTTPS, SSH or SNMP access. Therefore, no access to CLI is available when 'right-clicking' the device:
Most commonly, to fix this, there are two ways to allow SSH access:
- From GUI.
- From FortiGate CLI.
From GUI:
Go to WiFi & Switch Controller -> FortiAP Profiles, select the name of the FortiAP Profile used on the FortiAP, edit it through the GUI, and select 'OK' at the bottom to save the changes.
From CLI:
Open a new CLI on FortiGate and use the command 'set allowaccess' under 'config wireless-controller wtp-profile'.
FG # config wireless-controller wtp-profile
FG (wtp-profile) # edit Test-233G
FG (Test-233G) # set allowaccess
https HTTPS access.
ssh SSH access.
snmp SNMP access.
FG (Test-233G) # set allowaccess ssh
FG (Test-233G) # next
FG (wtp-profile) # end
The configuration should be seen as follows:
FG # show wireless-controller wtp-profile Test-233G
config wireless-controller wtp-profile
edit "Test-233G"
config platform
set type 233G
end
set allowaccess ssh <---- Accesses allowed (in this case, only SSH was granted permissions).
...
next
end
Once the changes have been saved, the result will be the following:
Related article:
Technical Tip: Reset a lost admin password on a FortiAP (password recovery) from a FortiGate
