Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
macy200200
New Contributor

FortiAP Won't Go Online After Firmware Update on AP? Cipher Suites Again?

Hello Everyone,

 

Posting here in Firewalls because this happened to me once before and Fortinet Tech Support fixed it in CLI to the Fortigate.

 

They mentioned something about having to modify ciphers being used between the AP and the Fortigate? I wasn't sure what they did or understand the explanation really.

 

I have a 221E FortiAP going to a 108E Switch going to my Fortigate 60F. This is just my home network so nothing crazy. AP is in bridge mode, switch is setup with Fortilink to firewall

 

Hoping someone understands what I'm talking from my attempt to describe the fix last time and can give me the pointers I need to get my WiFi back

 

Finally, below is the output from the AP. I was able to SSH into it from my LAN to dump this while it's reading disconnected yet

 

No config changes to anything, I clicked to update the AP firmware without thinking and it hasn't been up since.

 

 

 

Thank's so much everyone! If I get the chance to call Fortinet during business hours first I'll post the fix too

 

 # diagnose wireless-controller wlac -c wtp
-------------------------------WTP 1----------------------------
WTP vd : root
    vfid : 0
    id : FP221E5520084403
    uuid : 5deaf23e-b124-51eb-68bf-bbcb800a796a
    mgmt_vlanid : 0
    region code : A
    regcode status : valid
    refcnt : 2 own(1) wtpprof(1)
    apcfg status : N/A,N/A cfg_ac=0.0.0.0:0 val_ac=0.0.0.0:0 cmds T 0 P 0 U 0 I 0 M 0
    apcfg cmd details:
    plain_ctl : disabled
    deleted : no
    image-dl(wtp,rst): yes,yes
    admin : enable
    cfg-wtp-profile : Clone of FAP221E-default
    override-profile : enabled
    oper-wtp-profile : resv-dflt-FP221E5520084403
    wtp-mode : remote
    cfg-apcfg-prof :
    oper-apcfg-pro :
    bonjour-profile :
    wtp-group :
    name :
    location :
    led-blink : disabled
    led-state : enabled
    led-schedules :
    poe-mode : auto
    poe-mode-oper : invalid
    ext-info-enable : enabled
    ip-frag-prevent : TCP_MSS
    tun-mtu : 0,0
    split-tunneling-acl-path : local
    split-tunneling-local-ap-subnet : disabled
    active sw ver : FP221E-v7.0-build0008
    local IPv4 addr : 10.0.2.2
    board mac : e0:23:ff:be:73:e8
    join_time : Sat Jul 24 17:30:36 2021
    mesh-uplink : ethernet
    mesh hop count : 0
    parent wtp id :
    connection state : Disconnected
    image download progress: 0
    last failure : 20 -- ECHO REQ is missing
    last failure param: N/A
    last failure time: Sat Jul 24 17:26:53 2021
    station info : 0/0
    geo : World (0)
    deployment : cfg platform-determined oper indoor
  LLDP : enabled (total 1)
    local port : lan1
    chassis id : mac e0:23:ff:ea:2d:11
    sys name : S108EN5920011071
    sys description : FortiSwitch-108E v7.0.0,build0022,210415 (GA)
    capability : Bridge Router
    port id : port8
    port description : FortiAP
    MAU oper type : 1000BaseTFD - Four-pair Category 5 UTP, full duplex mode
    ip : 192.168.2.1
    vlan id : N/A
  SNMP : enabled
  Radio 1 : AP
    country name : US
    country code : 841
    drma_manual_mode : ncf
    radio_type : 11N
    channel list : 1 6 11
    darrp : disabled
    airtime fairness : disabled
    txpower : high 25 low 5 tgt 0 (calc 25 oper 25 dBm)
    beacon_intv : 100
    rts_threshold : 2346
    frag_threshold : 2346
    ap scan : background scan (regular)
    ap scan passive : disabled
    bgscan oper : enabled
      bgscan period : 600
      bgscan intv : 1
      bgscan dur : 20
      bgscan idle : 250
      bgscan rptintv : 30
    sensor mode : disabled
    ARRP profile : ---
    WIDS profile : ---
      wlan 0 : skynet
    max vaps : 8
    base bssid : e0:23:ff:be:73:f0
    oper chan : 0
    noise_floor : -91
    chutil : enabled
    oper chutil time : Tue Aug 17 20:17:52 2021 (age=2370)
    oper chutil data : 19,17,19,18,17, 20,21,21,22,20, 18,19,20,21,20 ->newer
    station info : 0/0
    antenna RSSI : 29 31 (age=8175)
    antenna event : 19* 37 (age=1219519)
  Radio 2 : AP
    country name : US
    country code : 841
    drma_manual_mode : ncf
    radio_type : 11AC
    channel list : 36 40 44 48 52 56 60 64 100 104 108 112 116 120 124 128 132 ...
    darrp : disabled
    airtime fairness : disabled
    txpower : high 23 low 5 tgt 0 (calc 17 oper 17 dBm)
    beacon_intv : 100
    rts_threshold : 2346
    frag_threshold : 2346
    ap scan : background scan (regular)
    ap scan passive : disabled
    bgscan oper : enabled
      bgscan period : 600
      bgscan intv : 1
      bgscan dur : 20
      bgscan idle : 250
      bgscan rptintv : 30
    sensor mode : disabled
    ARRP profile : ---
    WIDS profile : ---
      wlan 0 : skynet
    max vaps : 8
    base bssid : e0:23:ff:be:73:f8
    oper chan : 0
    noise_floor : -95
    chutil : enabled
    oper chutil time : Tue Aug 17 20:17:52 2021 (age=2370)
    oper chutil data : 11,13,12,13,12, 13,13,12,12,13, 11,10,10,11,14 ->newer
    station info : 0/0
    antenna RSSI : 40 34 (age=2385)
    antenna event : 48 31* (age=1837910)
  Radio 3 : Not Exist
  Radio 4 : Not Exist
  Radio 5 : Not Exist
  WAN/LAN stats :
                     : lan1 rx,tx bytes 259970316512,10798594345 packets 183823631,69522553 errors 0,0 dropped 692961,0
  uplink status :
                       lan1 carrier=1, speed=1000, duplex=full
-------------------------------Total 1 WTPs----------------------------

1 REPLY 1
macy200200
New Contributor

Got to work from home this afternoon!

 

That firmware update on the AP turned CapWap + Fortitelemetry off on the VLAN was all

 

Reenabling that was all it took

 

Thanks!

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors