Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortimaster
Contributor II

Created on ‎01-18-2024 12:41 AM

FortiAP Offline in Fortigate Security Fabric

Hi all,

 

I've several FortiAp registered in FortilanCloud and all is working well. These APs are connected to Fortiswitch and Fortiswitch is connected to Fortigate.

 

These APs are connected to an interface with security fabric enable. If I check in Fortigate security fabric topology, I see all these APs connected but offline.I also see them offline if I check "managed FortiAp". 

 

It is possible to see the real state of these APs in Fortigate or is it not possible if they are registered in Fortilancloud? Why do they appear offline, is this a normal behaviour?

 

Thanks ¡¡

Labels:
1971
0 Kudos
7 REPLIES 7
saleha
Staff
Staff

Created on ‎01-18-2024 04:56 AM

Hello fortimaster,

 

Thank you for reaching out. There are multiple possible reasons for this type of issues starting from whether the AP received an ip or if security fabric admin tool is enabled on the firewall interface. There systematic guide to troubleshooting this issue is found on the following article link:
https://community.fortinet.com/t5/FortiAP/Troubleshooting-Tip-FortiAP-Offline-Complete-Consolidated/...

 

Thank you,

saleha

1949
hbac
Staff
Staff

Created on ‎01-18-2024 06:02 AM

Hi @fortimaster,

 

What is the firmware version of FortiGate and FortiAPs? Based on your description, FortiAPs are functioning but appear to be offline? 

 

Regards, 

1939
fortimaster
Contributor II
In response to hbac

Created on ‎01-18-2024 06:42 AM

Reading the link provided by Saleha I've found this:

 

"Make sure the AP is not discovered on the cloud, if AP is discovered on the cloud it will not come online on the FortiGate Firewall. Ask the customer for a cloud account or wcfg output, look for AC_DISCOVERY_TYPE".

 

hbac, 7.0.13. Yes, the APs are working but appear offline in fortigate, not in forticloud. I would like to know if it's possible to see them correctly in FG or if when they are discovered in Fortilancloud this is not possible.

1930
0 Kudos
mle2802
Staff
Staff

Created on ‎01-18-2024 08:29 AM

Hi @fortimaster,

On the switch port connected to those AP, what is the native vlan? Is those native vlan has DHCP and security fabric is enabled?

1921
0 Kudos
fortimaster
Contributor II
In response to mle2802

Created on ‎01-18-2024 10:18 AM Edited on ‎01-18-2024 10:39 AM

Hi @mle2802 ¡

 

On Fortiswitch ports with connected AP I have "set lldp-profile "default-auto-isl" enabled .

 

The AP is connected to the default Vlan. That Vlan have DHCP, and "Security fabric connection" enabled. On the firewall that Vlan is type "fortilink (vsw.fortilink) and belongs to "Fortilink interface". The DHCP pool for the APs, is not the same as the one used for Fortiswitches. Fortiswitches have addressing mode "Dedicated to Fortiswitch" (default network 164.224.1.1/24) in Fortilink interface. I attach you an image:

 

DHCP.JPG

 

1911
0 Kudos
adambomb1219
SuperUser
SuperUser

Created on ‎01-18-2024 10:32 AM

NTP?

1907
0 Kudos
fortimaster
Contributor II

Created on ‎01-18-2024 01:00 PM

Fortigate and fortiswitches have NTP set. 

1893
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.