Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Tommy_Rogers
New Contributor

Firmware 5.4.4 Web Console

After update to 5.4.4 on FAP221B and FAP321C the web console will not load.

Has it been removed or disabled??

Cleared computer cache and it still will not allow me to connect.

I tried SSH, TELNET, HTTP and HTTPS.. none of them worked.

Tommy Rogers FCNSA FCNSP
1 Solution
wanglei_FTNT

These access options (telnet/http/https/ssh) can be enabled under wtp-profile

 

# config wireless-controller wtp-profile

(wtp-profile) # edit FAP221C-default

(FAP221C-default) # set allowaccess telnet http https ssh 

(FAP221C-default) # end

 

By default, these options have been disabled for security purpose. 

 

You can also overwrite these settings on a per access point (WTP) level by editing the WTP setting

 

config wireless-controller wtp

 (wtp) # edit FP221B3X13009219

(FP221B3X13009219) # set override-allowaccess enable

(FP221B3X13009219) # set allowaccess telnet http https ssh

(FP221B3X13009219) #end

View solution in original post

4 REPLIES 4
tanr
Valued Contributor II

Do you mean you updated your FortiGate to 5.4.4?  The FAPs are still only at 5.4.2.

 

Assuming you've got your FGT at 5.4.4 and FAPs at 5.4.2, are you able to config them from the FGT GUI?

 

Tommy_Rogers

OK, to clarify the firmware is FP320C-v5.4-build0354...

The problem is that all the remote software such as SSH, TELNET, HTTP, and HTTPS are disabled during the update.

I had to use a console cable to reenable the HTTP option. I say this is a bad decision on someones part.

 

@tanr The answer to your question is no, I can not access the configuration of the AP to change the IP address, VLAN etc..

Tommy Rogers FCNSA FCNSP
wanglei_FTNT

These access options (telnet/http/https/ssh) can be enabled under wtp-profile

 

# config wireless-controller wtp-profile

(wtp-profile) # edit FAP221C-default

(FAP221C-default) # set allowaccess telnet http https ssh 

(FAP221C-default) # end

 

By default, these options have been disabled for security purpose. 

 

You can also overwrite these settings on a per access point (WTP) level by editing the WTP setting

 

config wireless-controller wtp

 (wtp) # edit FP221B3X13009219

(FP221B3X13009219) # set override-allowaccess enable

(FP221B3X13009219) # set allowaccess telnet http https ssh

(FP221B3X13009219) #end

Tommy_Rogers

Thanks Wanglei_FTNT that worked like a charm. I understand the security side of things. In my case the radios/AP's are not accessible unless you have the privilege to connect to the "MGMT" VLAN.

 

Thanks for the update though the really helped me.

Tommy Rogers FCNSA FCNSP