Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
serge
New Contributor

Fortigate-60D and Pakedge WAP-W3G

Hello everyone!

This is a newbie question.

I have Fortigate-60D and Pakedge WAP-W3G access point.

I figured out how to connect Fortigate-60D to the internet but cannot find any information how to connect Pakedge WAP-W3G access point to it to get working Wi-Fi.

Could you please provide me some links or information how to configure step-by-step Fortigate-60D to see WAP-W3G?

I see plenty of these used cheap devices on ebay but cannot find any information how to configure them working together.

Current firmware version v5.2.2

 

Thank you.

 

10 REPLIES 10
Markus_M
Staff
Staff

Hey Serge,

 

the Pakedge seems to be normally manageable through the GUI.

The FGT will not be able to manage the device, as FGT will be a wireless controller only for the FortiAPs. So the FGT and the other device, be it your laptop, router, raspberry PI... will be simply considered as some host or another router.

 

However, I found a manual on the device on an external site:

https://manualzz.com/doc/7371247/pakedgedeviceandsoftware-inc.

It details that you can access the Pakedge WAP-W3Gs interface via IP 192.168.1.250.

So you will need one interface, say internal3, on FGT that connects to the WAP-W3G, maybe set an IP 192.168.1.1. On your PC, you maybe have another IP as 192.168.0.1 on internal1 (just an example). Then you create a firewall policy from internal1 to internal3. Another probably from internal3 to WAN as the WAP-W3G may need internet connectivity.

You should now be able to connect to the 192.168.1.250, provided that is currently its IP address.

You can then configure the Wi-Fi AP and clients connecting to it would go online through the APs that routes traffic to the FGT which in turn routes traffic to wherever, likely internet.

 

Best regards,

 

Markus

serge
New Contributor

Markus,

Thank you for your help and suggestions.

I have this manual but it tells nothing about the connection WAP-W3G to Fortigate-60D.

WAP-W3G is just an access point and has to work with a wireless controller.

Fortigate-60D has a wireless controller setup but WAP-W3G is not on the supported AP list.

These 2 devices worked together before, but I cannot figure out how Fortigate-60D was configured before the factory reset.

I only know that AP has to be on a different subnet. Do I need to create VLAN?

I do not understand the idea about the creating an additional firewall policy. Why we need it?

Is it possible that WAP-W3G is compatible with any already listed in setup AP? 

Do I need to upgrade firmware?

I am still unsuccessfully trying to get any configuration information.

Thank you for your help.

boneyard
Valued Contributor

that Pakedge WAP-W3G is a totally different brand, it won't work with the FortiGate 60D (or any FortiGate on any firmware) as its controller.

 

also both the 60D and Pakedge WAP-W3G seem pretty old, it is perhaps wise to just invest in some newer stuff that actually works together.

 

if you are sure the WAP-W3G requires a controller just stop with the 60D as it wont work as a controller. you might be able to run the WAP-W3G standalone, then you can get this to work.

 

 

 

 

serge
New Contributor

Thank you.

Yes, they are old and not supported officially, anyway, Fortinet tech support does not talk to me without the valid license and forwarded to the sales person. 

But, these 2 specific devices are taken from a previously working environment. 100% they worked together.

They are both marked as "pakedgedevice&software inc." on the box.

 WAP-W3G will not work as stand alone without a wireless controller. It does not have security/authentication features (passcode, etc.).

Thank you.   

boneyard
Valued Contributor

this manual suggests it does have those features:

 

https://manualzz.com/doc/7371247/pakedgedeviceandsoftware-inc.

 

it looks like it can function as a standalone AP fine.

serge
New Contributor

Actually you are right, there is a way to set up a passcode.

I opened the old WAP-W3G, did not find any password setup and assumed that the wireless controlled does the authentication.

So, if I just connect WAP-W3G to the Internet, will I get a working Wi-Fi? I should try.

Now I see wireless network, can connect to it but have no Internet. Possible because it is on different subnet. Let me change the subnet and try again. I will let you know the result.

Thank you. 

serge
New Contributor

Connected AP to the LAN with Internet directly, can see the Wi-Fi but when connecting see error "could not get IP address".

Cannot figure out what is responsible for providing IP addresses to the wireless clients.

Thank you.

AP LAN is on DHCP.

It looks it has to do something with VLAN.

serge
New Contributor

OK, big progress. I was able to connect to the Internet wirelessly using VLAN 1 wireless network.

Thank you, guys, with your help I am moving to the right directions.

Summary:

Fortigate-60D is NOT used as a wireless controller.

WAP-W3G IS working as stand alone.

I could not figure it out without your help, Marcus_M and boneyard. 

Now I need to figure out how the network was configured previously to restore the  old connections to other devices. 

let me put together my thoughts and ask you more questions.

The old WAP-W3G VLAN is 6 and Fortigate-60D LAN was 192.168.6.100-200 with DHCP

The old WAP-W3G LAN was 192.168.20.220 (now it is changed to 192.168.1.80) with  Gateway 192.168.20.254 

Now I need to figure out how to connect WAP-W3G 192.168.20.220 to Fortigate-60D LAN  192.168.6.X

My goal is to restore the original configuration, because some old devices lost the original connection to the Internet. 

 

Should I configure an additional VLAN on Fortigate-60D?

I do not understand, why we need to connect AP to Fortigate-60D on a different subnet?

Do I still need to create a firewall policy for VLAN? And how?

Thank you.

boneyard
Valued Contributor

the why i can't answer either, doesnt seem needed to me, but that might be an WAP-W3G thing.

 

you can indeed add a VLAN to an interface and set it up like that.