- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortigate Transparent mode
We can manage the Forti-APs in fortigate Transparent Mode ?
@nithish.k@snsin.com,@sanjeevi.s@snsin.com
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Nitish,
Yes, you can manage FortiAPs in FortiGate Transparent Mode. Here are the steps to configure the FortiGate interface to manage FortiAP units:
Enable DHCP Server on the Interface:
Go to Network > Interfaces.
Edit the interface (e.g., port16) that will be used to manage FortiAPs.
In the IP/Network Mask field, enter an IP address for the interface.
Enable DHCP Server with the default settings.
Enable CAPWAP Access:
Go to Network > Interfaces.
Double-click the interface (e.g., port16).
Under Administrative Access, select Security Fabric Connection.
Click OK.
Configure VCI-Match (Optional):
If required, enable the VCI-match feature using the CLI to ensure only devices with a matching VCI name can acquire an IP address from the DHCP server:
shell
config system dhcp server
edit 1
set interface port16
set vci-match enable
set vci-string "FortiAP"
next
end
Enable Automatic FortiAP Discovery and Authorization:
To create a new FortiAP entry automatically when a new FortiAP unit is discovered:
shell
config system interface
edit port16
set allow-access fabric
set ap-discover enable
next
end
To allow FortiGate to authorize a newly discovered FortiAP to be controlled by the FortiGate:
shell
config system interface
edit port16
set allow-access fabric
set auto-auth-extension-device enable
next
end
By following these steps, you can manage FortiAPs even when the FortiGate is operating in Transparent Mode
Ref: https://docs.fortinet.com/document/fortiap/6.4.0/fortiwifi-and-fortiap-cookbook/252439/configuring-t...
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: FCA, FCF, FCP-NS, FCSS-NS
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Nitish,
Yes, you can manage FortiAPs in FortiGate Transparent Mode. Here are the steps to configure the FortiGate interface to manage FortiAP units:
Enable DHCP Server on the Interface:
Go to Network > Interfaces.
Edit the interface (e.g., port16) that will be used to manage FortiAPs.
In the IP/Network Mask field, enter an IP address for the interface.
Enable DHCP Server with the default settings.
Enable CAPWAP Access:
Go to Network > Interfaces.
Double-click the interface (e.g., port16).
Under Administrative Access, select Security Fabric Connection.
Click OK.
Configure VCI-Match (Optional):
If required, enable the VCI-match feature using the CLI to ensure only devices with a matching VCI name can acquire an IP address from the DHCP server:
shell
config system dhcp server
edit 1
set interface port16
set vci-match enable
set vci-string "FortiAP"
next
end
Enable Automatic FortiAP Discovery and Authorization:
To create a new FortiAP entry automatically when a new FortiAP unit is discovered:
shell
config system interface
edit port16
set allow-access fabric
set ap-discover enable
next
end
To allow FortiGate to authorize a newly discovered FortiAP to be controlled by the FortiGate:
shell
config system interface
edit port16
set allow-access fabric
set auto-auth-extension-device enable
next
end
By following these steps, you can manage FortiAPs even when the FortiGate is operating in Transparent Mode
Ref: https://docs.fortinet.com/document/fortiap/6.4.0/fortiwifi-and-fortiap-cookbook/252439/configuring-t...
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: FCA, FCF, FCP-NS, FCSS-NS
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your response. We will proceed with the suggested steps in our lab and will inform you of the outcomes.@akumar02
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks,
Please keep us posted.
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: FCA, FCF, FCP-NS, FCSS-NS
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much.