Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ajdinzutic
New Contributor II

Created on ‎09-26-2024 11:49 PM

Allow Admin Access FortiSwitch + FortiAP to FortiGate

Hi there

 

I've set a new setup up and created the SSID, and allowed access with the checkboxes.

Also in the Fortigate Settings allowed listening to the services and SSID.

 

Somehow i can't access the fortigate when i'm over FortiSwitch and FortiAP. Do i have to allow something else?

 

my goal is, that from the internal SSID we should have access to the fortigate. And the SSID Guest don't.

 

Kind regards

Labels:
502
0 Kudos
6 REPLIES 6
ajdinzutic
New Contributor II
In response to shangche7

Created on ‎09-27-2024 01:04 AM

As it seems i can't create a dedicated VLAN for the FortiGate itself. Since they use the fortilink.

Or did i setup something wrong?

 

27-09-2024_09-57-50.png27-09-2024_09-58-28.png27-09-2024_09-59-44.png27-09-2024_10-01-09.png27-09-2024_10-01-48.png

478
0 Kudos
ebilcari
Staff
Staff
In response to ajdinzutic

Created on ‎09-28-2024 07:28 AM

The option 'Listen on Interfaces' in the last screenshot is not used for the management interface service, this option is dedicated to the NTP service only.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
411
ajdinzutic
New Contributor II
In response to ebilcari

Created on ‎09-29-2024 10:34 AM

nice didn't knew about it :) thanks

365
0 Kudos
ebilcari
Staff
Staff

Created on ‎09-28-2024 07:26 AM

If I get it right you want to access FGT from a node/PC that is connected to a FSW port or a SSID/FAP not from the FSW/FAP itself (their management subnet). If this is the case than on the interface (VLAN or SSID) that you configure for the end users (gateway) in 'Administrative Access' you have to enable HTTPS/HTTP. This should be enough to gain access to FGT management interface (GUI) from an end host that is connected to that subnet.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
413
ajdinzutic
New Contributor II
In response to ebilcari

Created on ‎09-29-2024 10:34 AM

hi cool to know :)

It seems i can't even ping the FGT from the FAP

 

FGT got a DHCP with 192.169.100.1/24

and FAP DHCP with 192.169.10.1/24

is there a way to create a Shared DHCP so that i can ping them? Or do i have to buy a Forti Switch to handle VLAN Access?

366
0 Kudos
ebilcari
Staff
Staff
In response to ajdinzutic

Created on ‎09-30-2024 01:17 AM

For AP management, a dedicated management subnet/VLAN need to be created in FGT and spanned in the FSW or in a 3rd party switch and have ' Security Fabric Connection' enabled. There is no limitation from FGT, Fortilink/FSW just simplify configuration and monitoring the switch ports.

In case of a 3rd party switch a sub interface with a VLAN ID could be the easiest way to configure the AP management VLAN, like this for example:

subinter.PNG

After selecting the proper 'Administrative Access' options, FGT and FAP can manage and reach both ways.

The subnets you have shared in the last reply are not in the private IP range and are not in the same network.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
321
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.