Devices connected to FortiAP unable to connect to websites

generaltab · ‎02-17-2015

Hello, I've just replaced my old FortiGate 100 with a FortiGate 90D and FortiAP 221B. I configured the FortiAP according to the recipe. Devices can see and connect to the FortiAP, but fail to reach to web sites. I don't see anything wrong with the policy or DNS setting. I've attached my policies and the settings under Wifi & Switch Controller. Anything jump out at anyone?

Thanks!

Bromont_FTNT · ‎02-17-2015

Internal or external DNS server? Internal would need another policy....

generaltab · ‎02-17-2015

Thanks. DNS is internal. What would that policy look like?

Would that be internal -> internal or wireless -> internal allowing access to port 53?

Bromont_FTNT · ‎02-17-2015

wireless ---> internal and restrict to service UDP 53

Typically for guest wireless access you'd set DNS to 8.8.8.8 then they don't need to access anything internal

generaltab · ‎02-17-2015

I understand now. This SSID is for corporate users, so I've created a policy to allow ALL for wireless -> internal. I'll create another SSID for guest users, who shouldn't need a policy if I supply them an external DNS.

Two questions:

1. Should guest users use the same address range as the corporate users (attached ssid-guest.jpg)

2. For the corporate users SSID, I'd like to use WPA2 Enterprise for LDAP (AD) integrated authentication. Is there a how-to somewhere for setting that up? I didn't see anything in the cookbook..

Thanks again!

Bromont_FTNT · ‎02-17-2015

1 - You won't be able to configure the same address range on the new SSID and you probably don't want to either.

2 - Not sure about anything in the cookbook on this, it's pretty simple on the Fortigate side, most of the work will be getting your your Radius server set up correctly (IAS/NPS on Windows Server)

Devices connected to FortiAP unable to connect to websites

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website