Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ashish-pal
New Contributor

Created on ‎10-23-2024 06:05 AM

FortiAP 221C stuck in discovery AC and unable to connect to fortigate firewall

I have replaced the FortiAP 221c from Fortigate 100F to fortigate 80E. I was connected on 100F but when i connect the same AP to 80E it is showing as discovery AC and stuck in connecting mode. I am able to connect reach the device and able to https also but not able to connect to fortigate 80E at new location. 

Fortiap 221c v4.jpgFortiap 221c v3.jpgFortiap 221c v2.jpgFortiap 221c v1.jpg

Labels:
744
0 Kudos
7 REPLIES 7
ebilcari
Staff
Staff

Created on ‎10-23-2024 08:42 AM Edited on ‎10-23-2024 08:44 AM

It may be a firmware incompatibility issue, you can check in the Compatibility Matrix the firmware versions of FortiAP and FortiOS.

There is also a note that applies for this AP:

*These FortiAP models and versions do not support strong ciphers. To allow connections, input the following commands in the FortiOS CLI:

For FortiOS 7.0.0:

config system global

set ssl-static-key-ciphers enable

set strong-crypto disable

end

For FortiOS 7.0.1+:

config wireless-controller global

set tunnel-mode compatible

end

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
711
Ashish-pal
New Contributor
In response to ebilcari

Created on ‎10-23-2024 09:41 PM

Hi @ebilcari , I tried the same command but there is no improvement on this. still the AP is showing as offline mode only. kindly suggest further

Forti OS 80E - v7.0.15 build0632 (Mature)

Forti AP - 6.0.6Fortiap 221c v5.jpg

682
0 Kudos
ebilcari
Staff
Staff
In response to Ashish-pal

Created on ‎10-24-2024 07:59 AM

You can try to delete the AP from the FGT, reset it to default and add it again.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
648
Ashish-pal
New Contributor
In response to ebilcari

Created on ‎10-24-2024 09:49 PM

Hi @ebilcari  i tried that part also but unfortunately it didn't work is anything related to date and Time for that i tried below command but that also didn't work neither the date and Time changed on AP. Also, Radio 1 and Radio 2 are in disabled mode.

 

cfg -a AC_DISCOVERY_FCLD_APCTRL=208.91.113.187
cfg -a AC_CTL_PORT=443
cfg -c

 

Fortiap 221c v2.jpgFortiap 221c v1.jpg

 

623
0 Kudos
ebilcari
Staff
Staff
In response to Ashish-pal

Created on ‎10-25-2024 01:21 AM

Yes correct, time is required to validate the certificates, you can take a look at this article for more details and some troubleshooting commands.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
598
Ashish-pal
New Contributor
In response to ebilcari

Created on ‎10-25-2024 02:19 AM

I tried that also but still no success and on Fortigate firewall side NTP is configured properly

 

show full system nt
config system ntp
set ntpsync enable
set type fortiguard
set syncinterval 30
set source-ip 0.0.0.0
set source-ip6 ::
set server-mode enable
set authentication disable
set interface "fortilink"
end

 

Fortiap 221c v6.jpg

584
0 Kudos
ebilcari
Staff
Staff
In response to Ashish-pal

Created on ‎10-25-2024 05:59 AM

You can check with the debug or the sniffing commands to verify if the AP is actually willing to communicate with FGT, for example NTP or CAPWAP traffic.

- Emirjon
If you have found a solution, please like and accept it to make it easily accessible for others.
569
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.