Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
rishab444
Staff
Staff

Created on ‎09-12-2022 08:24 AM Edited on ‎08-30-2024 06:04 AM By Moderator

Article Id 223543

Troubleshooting Tip: Managed FortiAP showing as Offline/Down

Description

 

This article describes how to resolve a FortiAP showing as Offline/Down.

 

Scope

 

FortiGate, FortiAP.

 

Solution

 

When managed FortiAPs unexpectedly show as down, take the following steps:

 

Step 1: Check the system ARP and confirm all APs are receiving the IP. It can also be verified on the DHCP monitor page on the GUI.


 get sys arp

 

If FortiAPs are not getting DHCP IP addresses, make sure the DHCP Server is enabled on the interface and VLAN which the FortiAPs are connected to. If the FortiAPs are connected via a FortiSwitch, make sure the FortiSwitch port has the correct native VLAN. 

 

If FortiAP still cannot get an IP address, collect DHCP debug logs as outlined in Technical Tip: Diagnosing DHCP on a FortiGate.

 

Step 2: Run the following debug command to check if the reason is N/A as in the example output below. '' to check down/failure reason if it is N/A as in the example output:

 

diagnose wireless-controller wlac -c wtp

image download progress: 0 
last failure : 8 -- Control message maximal retransmission limit reached 
last failure param: N/A
last failure time: Thurs Sep 08 12:18:46 2022

 

This command is generally used to diagnose or retrieve detailed information related to the Wireless Termination Points (essentially the managed access points) on the FortiGate device. The exact output would depend on the FortiOS version and the specific issues or configurations related to the WTPs. In general, it should provide insights into the status, configurations, or potential problems with the connected access points.

 

Step 3: Pick one IP from the ARP table and confirm connectivity through SSH to FortiAP from FortiGate CLI. 

 

execute ssh <user@host> [port]

 

Check the interface and enable Security Fabric Connection in Network -> Interfaces -> Administrative Access as it is a minimum management requirement that FortiAP establishes a CAPWAP tunnel with the FortiGate.

Since 6.2.0, the CAPWAP access has been grouped with the Security Fabric Connection. Before 6.0.x, an individual option was provided.

 

Follow these steps:

 

  1. Go to Network -> Interfaces. 
  2. Double-click the port. 
  3. Under Administrative Access, select Security Fabric Connection
  4. Select OK.

 

rishab444_0-1662987993989.png

 

Related article: 

Troubleshooting Tip: FortiAP Offline: Complete Consolidated Troubleshooting & Checklist

Labels:
27954
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.