On a Fortigate 60E with v6.2.3 - build1066 I have 3 FAP-221C FortiAP's successfully "connected". Thus 3 AP's have a fortiprofile connected to them and are working and having clients etc.
Now when I want to connect a 4th FAP-221C I have issues. Whatever I tried I can't get this AP "connected". The AP has the latest FW 6.0 Build 0044. I upgraded it via CLI (via 192.168.1.2 etc). If connected that way I can login via SSH and via browser. I have done "factoryreset" and cfg -x the AP and it boots up via POE and via 12V (if I go to it via 192.168.1.2) etc.
But when connected to the same interface as the other 3 AP's, having an IP address, can ping from Fortigate, etc. It just does not get "connected"...
What can be wrong? the only thing different is that the 3 working APs are model "FAP-221C-E" and the problematic one is "FAP-221C-I"...
Please help me out :)
EDIT: Now after 1 hour... I see to great astonishment that the AP is sending out a "test123" SSID... just out of the blue despite the FAP has been factory defaulted multiple times via CLI and via the "paperclip... I can successfully connect to that test123 SSID and access my local network instantly without any password... and in the Fortigate everything is the same Ehm... What the heck?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Sounds like the problematic one is set for a different region?
Log back into the AP's GUI and see if it has located the wifi controller (under AC Discovery Status). If not, make sure CAPWAP is checked on the interface that the AP is connecting through. I would also manually configure one of the AC IP address entries to point to the Fortigate's IP address.
Can't comment on the test123 SSID, but while logged into the AP, check the Wireless Information tab.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
I don't know if you can change the region on the FAP itself. If you bought it recently I would just return it for one with the correct region. You can see a list of regions from the FortiAP CLI with cw_diag -c all-countries, I think.
I think -E is Europe and -I is Israel.
Dave, tanr, I was not ware of regions... yes I was aware of regions in terms of channels, frequencies etc. but i thought this was all manageable by AP profiles... seems not.
I have now selected "AC discovery type broadcast" and that gives me a "online" AP in fortigate. It seems like the AP has some sort of connection with foritapcloud??? And after 20 minutes or so configures its self with a test123 SSID on both 2.4 and 5 gs which is bridged (with no security!). My logic is that when I select broadcast it skips the forticloud (??).
Attached the "test123" ssid & the AP is now functional but only gives and error:
It all seems a bit strange to me.
and why is it so frikkin hard to add a picture in this forum.
Since it's for the wrong region you should really just return it and get one for the correct region if you can.
Regarding the FortiAP-Cloud, if you bought it used it might still be set up to be cloud controlled. IIRC, you can add a FortiGate security policy to block it from WAN access, factory reset it, then when it realizes it can't access FortiCloud you can authorize it from the FortiGate and start to manage it. Haven't had to do that myself so may be other issues there.
Returning is not an option anymore. I purchased it already. It now works, but with a region mismatch (channel selection is set to correct country no no laws broken there). It seems there should be an option to "change" that I to an E in the AP, anyone aware of how to do this? I think tha hardware is universal as well as the firmware and it can be configured. The little stickers of the model numbers (221C-I 221C-E) on the AP are different than the rest.
Perhaps have a look at KB#FD35116 - there should be a 6.x version of the info but the commands in the KB should still work.
sanderl wrote:[...] It now works, but with a region mismatch (channel selection is set to correct country no no laws broken there). It seems there should be an option to "change" that I to an E in the AP, anyone aware of how to do this? [...]
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Dave, that are settings for the controller, not the AP.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1665 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.