I've been having issues getting my AP to work while building my network. I have a Fortigate 40F connected to a Fortiswitch 108F connected to a a FortiAP 221E. The Fortigate is running 6.4.15 and the AP is running 6.0. The AP shows up in the Wifi/Switch controller > Managed FortiAPs and shows that it is online. Its broadcasting the SSID I setup, but when I connect to it, it shows connected with no wifi. It also has a VLAN with a manual IP config.
I'm confused and need help, would anyone know why this would be doing this?
Also does anyone know how to delete VLANS, its not giving me the option to delete them. I want to try and put them on the fortigate instead of the switch
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can FortiGate reach out internet (simply ping 8.8.8.8)?
If so, you can try to follow the steps from this guide to set up your SSID's users to reach internet: LAN Edge Deployment Guide
Is the Wifi SSID in Bridged mode? if yes, did you configure the VLAN id as allowed on the switchport, where the FortiAP is connected to? What VLAN id do you use? there are a few IDs that are reserved by Fortinet for internal purposes (see release notes).
Created on 10-03-2024 06:32 AM Edited on 10-03-2024 06:49 AM
The Wifi SSID is in Tunnel mode with HTTPS SSH PING and Security fabric connect checked. The AP is connected the the switch at port one. In fortiswitch ports, VLAN 20 is a native VLAN.
I just tried putting the VLAN on the allowed list instead of the native list and it made the AP 2.5 and 5 ghz light turn off
I think I should also mention I have a red! stating I am unable to connect to Fortiguard servers
If the AP is online (VLAN 20) and you are using tunneled SSID you don't need to change VLAN configuration on the switch port where the AP is connected. The user traffic will be tunneled to the FGT and the switch is not aware of other subnets/VLANs. You need to configure an IP network and a DHCP server for the WiFi users under SSID configuration:
and also create a firewall policy that allows internet access from the SSID as 'Incoming Interface'.
My WiFi network has an IP and a DHCP server, and it has a firewall policy
Incoming int: WiFi
Outgoing int: SD wan zone (WAN port)
Source: Wifi address
Destination: All
Service: All
Hi
Have you configured firewall policy to allow traffic from SSID interface to wan interface.
You can run the below debug logs and check the traffic is allowing by firewall policy
diag debug flow filter addr x.x.x.x ---where x.x.x.x is the IP address of client
diag debug flow show function-name enable
diag debug console timestamp enable
diag debug flow trace start 100
diag debug enable
Also i would suggest to configure the DHCP server in the ssid and check the client is receiving the IP address.
Regards
Jamal
I replied in the comment below
I can't connect to the CLI of the AP (no power cable) itself but I tried running those commands in the fortigate CLI and it wasnt going through.
Theres a Wifi Firewall policy.
Incoming interface: The wifi network
Outgoing interface: SD WAN zone (WAN port on fortigate)
Source: Wifi Address
Destination: all
Service: All
Policy for VLAN 20
Incoming Int: VLAN 20
Outgoing int: SD wan zone
Source: VLAN 20 wifi address
Destination: All
Service: All
I just configuered the SSID IP/Netmask so its in the same subnet instead of being 0.0.0.0/0.0.0.0
When I connect to the AP and it shows connected but no internet, my computer does not recieve the IP address the the AP recieves my computers IP
By the way, if you can't connect to the AP but it is online, you may reach it via SSH. You just need to enable the access via SSH: Technical Tip: How to enable SSH access to FortiAP managed by FortiGate
If your computer is not receiving an IP address when connected to the SSID, that means that there is no DHCP Server configured. Go to the SSIDs and make sure you have already set up the IP/Netmask, then enable the DHCP Server. After the station connects to the SSID, it should receive an IP from this pool.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.