Hello, I've just replaced my old FortiGate 100 with a FortiGate 90D and FortiAP 221B. I configured the FortiAP according to the recipe. Devices can see and connect to the FortiAP, but fail to reach to web sites. I don't see anything wrong with the policy or DNS setting. I've attached my policies and the settings under Wifi & Switch Controller. Anything jump out at anyone?
Thanks!
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Internal or external DNS server? Internal would need another policy....
Thanks. DNS is internal. What would that policy look like?
Would that be internal -> internal or wireless -> internal allowing access to port 53?
wireless ---> internal and restrict to service UDP 53
Typically for guest wireless access you'd set DNS to 8.8.8.8 then they don't need to access anything internal
I understand now. This SSID is for corporate users, so I've created a policy to allow ALL for wireless -> internal. I'll create another SSID for guest users, who shouldn't need a policy if I supply them an external DNS.
Two questions:
1. Should guest users use the same address range as the corporate users (attached ssid-guest.jpg)
2. For the corporate users SSID, I'd like to use WPA2 Enterprise for LDAP (AD) integrated authentication. Is there a how-to somewhere for setting that up? I didn't see anything in the cookbook..
Thanks again!
1 - You won't be able to configure the same address range on the new SSID and you probably don't want to either.
2 - Not sure about anything in the cookbook on this, it's pretty simple on the Fortigate side, most of the work will be getting your your Radius server set up correctly (IAS/NPS on Windows Server)
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1519 | |
1019 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.