Description | This article describes the solution and workaround when CAPWAP traffic is dropped. |
Scope | FortiGate 120G. |
Solution |
By default the CAPWAP traffic is offloaded, when this is enabled the CAPWAP traffic is blocked.
When running the debug flow, the following debug line could be seen, to confirm the session is installed in the NPU.
id=65308 trace_id=2 func=ip_session_install_npu_session line=386 msg="npu session installation succeeded"
The session is never established because FortiGate does not send the traffic, it is dropped instead.
As a workaround, the following configuration could be applied.
config system npu set capwap-offload disable end
The solution is to upgrade to v7.6.1.
Related article: Technical Tip: How to disable CAPWAP offloading for FortiAPs without disrupting wireless traffic Note: Only apply when the FortiGate is working with FortiAP. |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.