|
To resolve FortiAP offline issues, follow these steps:
- Verify AP Power:
Ensure the Access Point (AP) is powered on and functioning properly.
- Check Internet Connectivity:
Confirm that the AP can reach the internet by pinging a public DNS server.
Run the following command from the FortiAP CLI to ping Google's DNS (8.8.8.8):
ping 8.8.8.8
-
Ping FortiEdge Network:
If the AP can successfully ping 8.8.8.8, the next step is to ensure it can reach the FortiEdge network. To find the FortiEdge network IP:
- Log in to FortiEdge.
- Navigate to the network where the AP is deployed and showing as offline.
- To get the cloud IP, perform a nslookup on the FortiEdge cloud portal URL.
Example:
nslookup caapportal004-1.fortiedge.forticloud.com
Server: ns1.aedub.fortinet-emea.com
Address: 10.230.12.2
Non-authoritative answer:
Name: caapportal004-1.fortiedge.forticloud.com
Address: 66.35.19.164 <- This is the cloud IP.
- Verify the same IP address is seen on the AP by running the following command on FortiAP CLI:
Example:
AP# cld
FortiCloud Client Conf
apctrl server:
account: /
FortiCloud Client oper
fsm state: flcd_s_update(5)
account: ABC.com ------> This would be the FortiCloud account ID of the user.
ac info: 66.35.19.164:5246 --------> Make sure to verify the cloud IP here as AP would be sending capwap packet to this IP (Note: In some cases it varies from nslookup output, in that scenario check connectivity from the IP listed in ac Info).
next req: 1040343 (now=953943 intv=86400)
/tmp/wtp.cldc.boot:
8462047.72 33547103.53
/cfg/ftnt/wtp.cldc.acct:
ABC.com
/cfg/ftnt/wtp.cldc.data:
ap update success rc=0 ac-info=66.35.19.164:5246 next-req=86400 ac_status=0 ac_type=0 ac_ip=66.35.19.164
Make sure the AP update is successful.
"AC_IP AC_PORT NEXT_REQ AC_TYPE" in /cfg/ftnt/wtp.cldc.acow can be used to overwrite cloud ac info to debug.
-
Set the Discovery Type on FortiAP:
If the AP can reach the cloud IP, still offline, change the discovery mode to the following type :
Type 1: Set discovery type to FortiEdge cloud mode:
cfg -a AC_DISCOVERY_TYPE=7
In this mode, the FortiAP performs a DNS lookup for a hardcoded cloud AP controller hostname and discovers the cloud IP address via HTTPS.
Type 2: Configure the AP to use cloud IP as its discovery IP by issuing the following commands in the FortiAP CLI:
cfg -a AC_DISCOVERY_TYPE=1
cfg -a AC_IPADDR_1=<cloud IP> <- Replace <cloud IP> with the actual cloud IP (e.g., 66.35.19.164).
cfg -c
By setting the correct cloud IP, the AP should be able to connect to FortiEdge.
Note: The static discovery IP is a workaround in case the AP cannot discover the cloud. In case of any change where it is necessary to deploy the AP in another network or domain, it will be necessary to change this discovery IP on the AP or the discovery mode to auto.
-
Attempt a packet capture on the AP from the Cloud GUI:
The AP will attempt to first discover the Cloud by contacting the dispatcher apctrl1.forticloud.com over HTTPS. The dispatcher will determine if this AP is being actively managed by Cloud and if so, redirect the AP to the AP portal server instance where the configuration for the AP is stored.
The AP will then establish a capwap protocol connection to the AP portal server, using ports 5246 and 5247. For the discovery process to succeed, all relevant ports must be opened at the customer site to allow the AP to communicate with the Cloud.
As a troubleshooting step, try to perform a packet capture on the Cloud, using the 'Capture Packet' utility available under the 'Tools' section in the Diagnostics and Tools view for an AP. The discovery request should proceed through the following steps:
- Discovery request from AP to Cloud.
- Discovery response from Cloud to AP.
- Join request from AP to Cloud.
- Join response from Cloud to AP.
For additional details, refer to the following documentation:
|
