A wireless end user connecting to FortiAP only gets APIPA 169.254.x.x IP. Collect the below on Sniffer on FortiGate to verify packet flow between the User and the DHCP server:

diagnose sniffer packet <interface> "port 67 or port 68" 6 0 l

Note:

<interface> SSID where the wireless user is connected

If DHCP(DORA) packets are missing in the capture, collect the following logs in the FortiAP. Log in to the affected AP and run the following command:

fap-tech
don
ton

Access Point capture may show only DHCP Discovery messages, and no DHCP Offer. On the FortiGate DHCP captures, it may show DHCP Discover & Offer packets:

Line 35: [36489.106316] [CWD_DHCP] cpu2 vap-13(wlanxx): __ftnt_sta_dhcp_parse dhcp_op43_insert f4:d1:08:xx:xx:xx sn rId 1 wId 3 ssid abcWireless
Line 36: [36489.106348] [CWD_INFO] cpu2 vap-13(wlanxx): tx ffffffc029df5000 src f4:d1:08:xx:xx:xx dst ff:ff:ff:ff:ff:ff proto 0x0800 DHCP (discover) pktlen 385 xId ba0599be
Line 41: [36493.096200] [CWD_INFO] cpu2 vap-13(wlanxx): rx ffffffc030e8d900 src f4:d1:08:xx:xx:xx dst ff:ff:ff:ff:ff:ff proto 0x0800 DHCP (discover) pktlen 342 xId ba0599be
Line 42: [36493.096254] [CWD_DHCP] cpu2 vap-13(wlanxx): __ftnt_sta_dhcp_parse dhcp_op43_insert f4:d1:08:xx:xx:xx sn rId 1 wId 3 ssid PPSWireless

To fix the issue, use the steps below:

• FortiGate capwap-offload restart and wireless-acd restart:
  
  

config system npu
    set capwap-offload disable
end
exe wireless restart-acd

Note:

It will disconnect all wireless-connected users.

• FortiGate HA failover.

Related article:

Technical Tip: How to restart the wireless controller daemon