FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
FortiKoala
Staff
Staff
Article Id 189672

Description


This article describes the workaround for an issue where the users connected to an SSID operating in Tunnel Mode are unable to access Intranet/Internet.

Scope


FortiGate v7.0.15.

Solution


Users connected to the SSID in tunnel mode receive a DHCP IP address, but access to the Intranet/Internet fails to work as expected.
When sniffers are run on the SSID interface, VLAN-tagged traffic is observed from the FortiAP, even though VLAN tagging is not configured on the SSID.

CAPWAParticle.png

This issue has been resolved in the below FortiOS versions.

  • V7.2.11 (scheduled to be released in February).
  • V7.4.6 (scheduled to be released in December).
  • V7.6.1 (available in support portal).

Note that these timelines for firmware release are estimates and may be subject to change.


Workaround:
Disable capwap-offload on the FortiGate and restart the FortiGate cw_acd process:


config system npu
    set capwap-offload disable
end


Restart the cw_acd wireless controller process:


execute wireless-controller restart-acd