Upon upgrading to FortiOS 6.4.3, configurations with a FortiAP managed through a VLAN interface may have issues with passing CAPWAP traffic from the FortiGate to the FortiAP.
CAPWAP traffic that is offloaded to the NP6 and NP6XLite ASICs will be dropped for tunneled SSIDs.
If the FortiAP is managed by a FortiGate through a non-VLAN interface, then this issue is not encountered.
For Version 6.4.3.
Disable CAPWAP session offloading.
By default, managed FortiAP and FortiLink CAPWAP sessions are offloaded to the NP6 or NP6XLite ASICs.
Use the following command to disable CAWAP session offloading:
# config system npu
set capwap-offload disable
Note: Disabling the CAPWAP offload may cause high CPU usage, monitor the CPU usage will need to be monitored after the change
Fortinet has resolved the issue in the upcoming FortiOS 6.4.4.
Contact Fortinet Technical Support to request a special build hot fix for an interim solution for use until FortiOS 6.4.4 is available.
Technical Support Contact Information: http://www.fortinet.com/support/contact_support.html
Fortinet technical support home page: https://support.fortinet.com