Description
This article describes the steps to gain access through SSH to a FortiAP from FortiGate.
Scope
FortiAP.
Solution
By default, the profile created on FortiGate for the managed model FortiAP is created with no management access; that is, no HTTPS SSH nor SNMP access. Therefore, no access to CLI is available when 'right-clicking' the device:
Most commonly, to fix this, there are two ways to allow SSH access:
- From GUI.
- From FortiGate CLI.
From GUI:
Go to WiFi & Switch Controller > FortiAP Profiles, select the name of the FotiAP Profile used on the FortiAP, edit it through GUI, and select 'OK' on the bottom to save the changes.
From CLI:
Open a new CLI on FortiGate and use the command 'set allowaccess' under 'config wireless-controller wtp-profile'.
FG # config wireless-controller wtp-profile
FG (wtp-profile) # edit Test-233G
FG (Test-233G) # set allowaccess
https HTTPS access.
ssh SSH access.
snmp SNMP access.
FG (Test-233G) # set allowaccess ssh
FG (Test-233G) # next
FG (wtp-profile) # end
The configuration should be seen as follows:
FG # show wireless-controller wtp-profile Test-233G
config wireless-controller wtp-profile
edit "Test-233G"
config platform
set type 233G
end
set allowaccess ssh <---- Accesses allowed (in this case only SSH was granted permissions)
...
next
end
Once the changes have been saved, the result will be the following:
