Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
FortiKoala
Staff
Staff

Created on ‎10-28-2020 03:23 AM Edited on ‎11-04-2024 10:53 PM By Community Manager

Article Id 189672

Technical Tip: Users connected to Tunnel Mode SSID are Unable to Access Intranet/Internet when CAPWAP Offload is enabled

Description


This article describes the workaround for an issue where the users connected to an SSID operating in Tunnel Mode are unable to access Intranet/Internet.

Scope


FortiGate v7.0.15.

Solution


Users connected to the SSID in tunnel mode receive a DHCP IP address, but access to the Intranet/Internet fails to work as expected.
When sniffers are run on the SSID interface, VLAN-tagged traffic is observed from the FortiAP, even though VLAN tagging is not configured on the SSID.

CAPWAParticle.png

This issue has been resolved in the below FortiOS versions.

  • V7.2.11 (no ETA as of 4th November).
  • 7V.4.6 (scheduled to release in December).
  • V7.6.1 (scheduled to release in November).

Note that these timelines for firmware release are estimates and may be subject to change.


Workaround:
Disable capwap-offload on the FortiGate and restart the FortiGate cw_acd process:


config system npu
    set capwap-offload disable
end


Restart the cw_acd wireless controller process:


execute wireless-controller restart-acd

Labels:
7293
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.