Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ruslan
New Contributor II

FortiAP 221E status disconnected after Update Fortigate to 6.2.1

May be someone can give some debug command?

the only failure i can see is from this command:

diagnose wireless-controller wlac -c wtp

last failure : 12 -- AC daemon reset timer expired

 

The topology is very simple FortiOS > FrotiSwitch>FortiAP,

After update the fortigate to 6.2.1 it can authorize the fortiap but status stay disconnected.

 

thanks in advance.

1 Solution
Ruslan
New Contributor II

The workaround until forti will fix is to add Access Point network to trusthost on the admin account.

For me the workaround is worked.

But better open support case to get online update directly form Forti Support.

 

 

View solution in original post

29 REPLIES 29
rpsls_412

Five months later, and I came across the same problem the other day. Working on the "fix" mentioned in the thread.

 

Fortigate 60F

Fortiswitch 108EPOE

Fortistich 124EFPOE

Fortiap 221E

 

Took out of box, set up, upgraded all machines to most recent firmware. And like the OP, once the fortigate was updated, the ap consistently shows as disconnected, whether plugged into the firewall or the switches.

 

Will comment about the success or failure of the "fix." Stay tuned if interested.

 

Robin_Svanberg

Having the same issue with FortiOS 6.2.3 1500D and FortiAP 421E 6.2.3.

 

The FortiAP retrieves the latest config but shows up as disconnected, no trusted hosts configured. 

 

Anyone that are still experiencing the same issues?

 

Robin Svanberg Network Consultant @ Ethersec AB in Östersund, Sweden

 

robin.svanberg@ethersec.se

mr_vaughn

I just had this happen on a 100E in HA 6.2.7 with a FortiAp221E upgrading from 6.0 build 0075 to latest 6.2.x.

The AP used to have LLDP info on switch.

tried another switch port.

zero mac addresses in table and on port of powered up AP.

There are no trusted hosts ip addresses on the fortigate 100E configuration so that workaround is not valid.

The AP is on DHCP and the dhcp server is not getting or updating the DHCP lease time for the AP mac address.

i think it is bricked.

I am seeing the switch port flap up and down every 15 seconds.

Smoetzak

mr_vaughn wrote:

I just had this happen on a 100E in HA 6.2.7 with a FortiAp221E upgrading from 6.0 build 0075 to latest 6.2.x.

The AP used to have LLDP info on switch.

tried another switch port.

zero mac addresses in table and on port of powered up AP.

There are no trusted hosts ip addresses on the fortigate 100E configuration so that workaround is not valid.

The AP is on DHCP and the dhcp server is not getting or updating the DHCP lease time for the AP mac address.

i think it is bricked.

I am seeing the switch port flap up and down every 15 seconds.

I have the exact same situation (except 200F instead of 100E). Did you found a solution?

All the above don't work for me.

 

 

Edit: Fixed it by adding "Security Fabric Connection" to the vpn interface (the ap was located after an ipsec-vpn) on the 200F side.

Thijsvanwijk

I got the same issue as OP. 

 

Updated the 221E's to 6.2.3 because of its upgrade path to 6.4.6 but more than 60% of the AP's are now bricked. How is this even possible? trusthost trick does not work for me, especially because 40% of the AP's still work after the update. 

 

Is there any solution for this problem yet? This topic had over 20k views so there are a lot of people looking for answers. 

 

Thanks in advance!

thewraith
New Contributor

Can we receive an update on this please?

wanglei_FTNT

Pls do understand that this platform is not a support portal and you normally can get much quicker response with the knowledge to your case through the forticare(our support system). we have teams dedicated to solve customer's issue. I did try to access your case but unfortunately I couldn't login for the time being. 

johnl
New Contributor

Hi All.

 

You may try this: # config system global     set ssl-static-key-ciphers enable     set strong-crypto disable end

# execute wireless-controller restart-acd

It does happen if firmware upgraded to v6.4.5 or 7.0.0

https://kb.fortinet.com/kb/microsites/search.do?cmd=displayKC&docType=kc&externalId=FD52029&sliceId=...

 

Good luck.

seergey
New Contributor

Hey guys, i am a noobie,

but there is a solution that worked for me:

1)Delete the "Disconnected" FortiAP from : "WIFI & Switch Controller">Managed FortiAPs.

2)Enter the Cli

3)"config wireless-controller wtp"

4)"purge"

5)"y"

6)"end"

7)"execute wireless-controller reset-wtp all"

8)"y"

9)"execute wireless-controller restart-acd"

10) "execute ssh x.x.x.x(FortiAP IP)"

11)"cfg -x"

12)"cfg -c"

13)"reboot"

 

This solution worked out for me,

hope it helps someone :)

neon90
New Contributor

Hi All,

 

I had the same issue after upgrading my firewall to 6.4.8 all APs went offline.

@johnl's solution solved my issue.
thank you very much