Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Austin_M
New Contributor

Forti-AP - Fortigate Error - Error not found

Hi Guys,

 

I am trying to integrate a FortiAP 221 C with a Fortigate 600C but I am not able to authorize the AP. I have attached the screenshots. Could someone please help me ? Fortigate and FortiAP are running 5.2.2

 

Regards,

Austin

 

9 REPLIES 9
lpetit_FTNT
Staff
Staff

Hello Austin,

 

can you please tell me which version is running on the FGT?

 

Thanks

LP Fortinet
Austin_M
New Contributor

The Fortigate is running v5.2.2,build642 (GA). 

lpetit_FTNT
Staff
Staff

Hello,

 

this might require a bit of troubleshooting.

I would start with the following:

# execute wireless-controller restart-acd

if it still does not work:

 

# diag sniffer packet any "port 5246" 6 0 a

taken on the FGT for about 2 min (and please capture the output to a file)

stop using Ctrl -C

 

Then capture the following debug:

# diag debug enable

#  diagnose debug application cw_acd 1

Please capture the output for 2 minutes (to a file)

 

It might help in finding the root cause of the issue. If not, I can provide with further debug to capture.

 

L.

LP Fortinet
Austin_M
New Contributor

Hi Ipetit,

Thanks for the help. I have attached the debug output here.   

 

diagnose debug application cw_acd 1     did not give any output. 

 

Appreciate your response.

Thanks,

Austin

 

Austin_M
New Contributor

file attached here. thanks

lpetit_FTNT
Staff
Staff

Hello,

 

the CAPWAP process is properly started (CAPWAP discovery request from the FAP to the FGT and response from the FGT to the FAP), but the dtls session is not being started.

This will require further investigations on the FAP side and it will require remote access to find what is going on.

Can you please open a ticket?

 

Thanks

LP Fortinet
Dave_Hall
Honored Contributor

Does the interface that the 221C is connecting through have CAPWAP enabled on it?  If the 221C is not connected directly to a port on the Fortigate, I suggest trying that first to see if it even shows up (on the Fortigate).  Alternately, the 221C should be grabbing an IP address from a DHCP server (on the connected interface/network) if it is not configured for a static IP.  (I think it defaults to 192.168.2.x if it can not grab an IP address.)

 

If the Fortigate still can not see the 221C, as Lionel indicated, you will need to connect to it (FortiAPs on 5.x firmware have their own GUI) and try configuring it that way.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
yzhang_FTNT
Staff
Staff

What's the output of "show wireless-controller wtp-profile"? Is there a valid wtp-profile for 221C FortiAP?

Dave_Hall
Honored Contributor

Austin.M wrote:

I am trying to integrate a FortiAP 221 C with a Fortigate 600C but I am not able to authorize the AP. I have attached the screenshots.[...]

Can you perform a show wireless-controller wtp on the CLI just to see what devices are listed there and that no entry is corrupted?

 

After this, try manually adding the new 221C, via

config wireless-controller wtp
edit "FP221SERIAL-NO"
next
end

...where "FP221SERIAL-NO" is the actual serial number for the unit.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Labels
Top Kudoed Authors