FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Description When trying to authorize FortiAPs (APs), this error occurs when the
maximum number of APs that can be connected to that FortiGate
device has been reached.
We are using FGT60D as an example in this case. Every
FortiGate model has its own number of maximum values of Access
Points that can be connected.
When trying to authorize the 6th access point on the FGT60D,
an error "Value conflict system settings" is seen.
It means you have reached the maximum value for Access Points
connected in "normal mode"
To increase the number of FortiAPs associated with a FortiGate,
change the operational mode of some of the APs in "remote
mode". Changing FortiAPs to "remote mode" does place some
restrictions on these FortiAPs (see "Considerations" below).
60D has a maximum number of 10 APs. But only 5 of those
may operate in normal mode.
Considerations -- SSID Types & AP Mode
An SSID can be tunnel mode or local-bridge mode
A tunnel mode SSID can be assigned to an AP in normal mode but
not remote mode.
A local-bridge mode can be assigned to an AP in both normal
mode and remote mode.
a) tunnel-mode SSID
A tunnel mode SSID will work with a software
A software switch allows you to bridge a SSID in tunnel mode
to the LAN subnet, so they share an IP range.
b) local-bridge mode SSID
A local-bridge mode SSID does not require a software
- by default the wireless client takes its IP from the subnet
of the AP, unless the SSID has a VLAN id associated with
- if an SSID in local-bridge mode has a VLAN id associated
with it then the clients get their IP address from the
To create the bridged WiFi and wired LAN configuration, you
need to configure the SSID with the Local Bridge option so that
traffic is sent directly over the FortiAP unit’s Ethernet interface
to the FortiGate unit, instead of being tunneled to the WiFi
Tunnel is by default.
Enter the following command from the CLI:
config wireless-controller vap
edit "homenet_if" set vdom "root"
set ssid "homenet" set local-bridging enable
set security wpa-personal set passphrase