Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Aruba SSL Issue

Fortigate 81F v7.4.1


I have some Aruba APs at a new site.  7 of the 12 connect to Aruba Central without a problem, but 5 of them give a certificate error.  All APs connect through the same switch, VLAN and DHCP scope.  All can ping externally using DNS and by IP


The APs are trying to connect to  I found that the working ones resolve that to and the non-working ones resolve to, which seems to be


I have tried all the default SSL inspection security profiles and have removed all other security profiles.


Why would some APs be resolving to this Fortinet block page?


Screenshot 2023-09-29 101212.png


What are DNS settings of your 5 non-working Aruba APs? Do they have the same DNS configuration?
If you check from Fortigate
# exe ping
what ip is resolved?

New Contributor

Did you find the solution? Having the same problem with FG80F v7.2.6.
Tried different DNS servers/settings on Fortigate, with UTP enabled and disabled.
All Aruba access points are connections directly to Fortinet block page 55 IP address.

ap01# ping
Press 'q' to abort.
PING ( 56 data bytes
64 bytes from icmp_seq=0 ttl=56 time=36.8 ms
64 bytes from icmp_seq=1 ttl=56 time=36.7 ms
64 bytes from icmp_seq=2 ttl=56 time=36.5 ms
64 bytes from icmp_seq=3 ttl=56 time=36.6 ms
64 bytes from icmp_seq=4 ttl=56 time=36.6 ms

--- ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 36.5/36.6/36.8 ms


pminarik is the default IP address used for blocking domains by DNS filter.


Carefully review the policies used by your APs, especially for DNS traffic. Make sure they either don't have DNS profiles enabled, or review those profiles and check if they have any configuration that could lead to blocking those domain names.


If the APs are using some internal server for DNS, check relevant policies for that server's own upstream DNS traffic as well.


If everything looks fine, consider restarting the APs, maybe they've just cached a previously-blocked result that isn't being blocked anymore.

[ corrections always welcome ]

Hi, are these problematic and working APs have same DNS settings ? If yes and still getting same errors on some of the APs, you can try creating a static DNS entry pointing towards





**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
Top Kudoed Authors