Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiAPs not connecting to Fortigate
Fortigate 80C v4.0,build0482,110920 (MR3 Patch 2)
FortiAP 210B' s
I cannot get the FortiAP to connect to the Fortigate. We have four of the 210B' s, all plugged into a POE switch. The fortigate is on the 192.168.5.x subnet and the APs are on the 192.168.31.x subnet. The APs are getting an IP from DHCP, I can ping the IP of the APs from my workstation and from the fortigate CLI. 2 of the 4 APs show up in the list of Managed FortiAP on the Fortigate, however if I Authorize each one they are forever stuck in a " Disconnected" status.
The same thing happens if I connect the APs to the 192.168.5.x subnet (same as Fortigate). I have tried multiple patch cables, switches, switch ports, etc. No matter what I try 2 of the 4 APs never show up at all on the Fortigate and the other 2 show up but don' t successfully connect. Am I missing something here? This was supposed to be an easy plug-and-play setup, i.e. plug the APs into the network, Fortigate sees them and pushes down the config and you are done.
Please help!
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, and welcome,
What firmware do you have on the FortiAP´s ?
When using MR3 on the FortiGate it is very important you have MR3 on the FortiAP´s as well,
Check under the FortiAP folder, you will find MR3 Patch 5, that was released today.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I do not know what the firmware is. How can I check this if the Fortigate can' t even see them? I tried to pull up a web interface for the FortiAP using their assigned IP but they do not seem to respond to http requests.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
There is no web interface in MR3,
you have 2 options,
1. Connect to a FortiAP with the console cable.
2. Connect with telnet.
Either way, you need to use one of them to upgrade the FortiAPs to the
Here is a link to the command for getting the version:
http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=FD33496&sliceId=1&docTypeID=DT_KCARTICLE_1_1
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK I downloaded the latest firmware from the support site, upgraded the firmware on all 4 APs, and plugged them back into the 192.168.31.x network. Now NONE of the APs are discovered by the Fortigate. They are all grabbing IPs, IPs that I can ping from my workstation and can ping from the fortigate. On the Fortigate - WiFi Controller - Managed Access Points - Managed FortiAP, the list is now empty.
Any suggestions?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
if you seperate the APs from the subnet your fortigate is on, you must set the IP on the fortiap,
search on kb.fortinet.com and docs.fortinet.com and read up on how it works.
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you must set the IP on the fortiap,I must set -what- IP? The ip of the fortigate? This doesn' t make sense because 2 of them showed up in the fortigate.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
yes i know, and i can´t explain why, because they shouldn´t
if you are seperating the AP´s with a layer3 network, you must configure the AP with an IP of the fortigate, so it can " phone home" .
FCNSA, FCNSP
---
FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice, 60B/C/CX/D, 50B, 40C, 30B
FortiAnalyzer 100B, 100C
FortiMail 100,100C
FortiManager VM
FortiAuthenticator VM
FortiToken
FortiAP 220B/221B, 11C
FCNSA, FCNSP---FortiGate 200A/B, 224B, 110C, 100A/D, 80C/CM/Voice,
60B/C/CX/D, 50B, 40C, 30BFortiAnalyzer 100B, 100CFortiMail
100,100CFortiManager VMFortiAuthenticator VMFortiTokenFortiAP 220B/221B,
11C
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You might want to connect the FortiAP' s in a separate network and let the FortiGate handle the DHCP. That way they will connect to the FortiGate automaticly. If you use for example windows dhcp server they won' t.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
OK at Fortinet Support' s suggestion I downgraded the firmware to the 222 release and that fixed it, now they are all seen by the Fortigate. Thanks to everyone for their suggestions.
