Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nithishkumar
New Contributor II

Fortigate Transparent mode

We can manage the Forti-APs in fortigate Transparent Mode ?

 

 

@nithish.k@snsin.com,@sanjeevi.s@snsin.com

Nithishkumar S
Nithishkumar S
1 Solution
akumar02
Staff
Staff

 

Hello Nitish,

 

Yes, you can manage FortiAPs in FortiGate Transparent Mode. Here are the steps to configure the FortiGate interface to manage FortiAP units:
Enable DHCP Server on the Interface:
Go to Network > Interfaces.
Edit the interface (e.g., port16) that will be used to manage FortiAPs.
In the IP/Network Mask field, enter an IP address for the interface.
Enable DHCP Server with the default settings.
Enable CAPWAP Access:
Go to Network > Interfaces.
Double-click the interface (e.g., port16).
Under Administrative Access, select Security Fabric Connection.
Click OK.
Configure VCI-Match (Optional):
If required, enable the VCI-match feature using the CLI to ensure only devices with a matching VCI name can acquire an IP address from the DHCP server:
shell
config system dhcp server
edit 1
set interface port16
set vci-match enable
set vci-string "FortiAP"
next
end

Enable Automatic FortiAP Discovery and Authorization:
To create a new FortiAP entry automatically when a new FortiAP unit is discovered:
shell
config system interface
edit port16
set allow-access fabric
set ap-discover enable
next
end

To allow FortiGate to authorize a newly discovered FortiAP to be controlled by the FortiGate:
shell
config system interface
edit port16
set allow-access fabric
set auto-auth-extension-device enable
next
end

By following these steps, you can manage FortiAPs even when the FortiGate is operating in Transparent Mode

Ref: https://docs.fortinet.com/document/fortiap/6.4.0/fortiwifi-and-fortiap-cookbook/252439/configuring-t...

Best Regards,
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: 1,2,3,4,5,7
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up

View solution in original post

5 REPLIES 5
hbac
Staff
Staff

Hi @nithishkumar,

 

You should be able to.

 

Regards,

akumar02
Staff
Staff

 

Hello Nitish,

 

Yes, you can manage FortiAPs in FortiGate Transparent Mode. Here are the steps to configure the FortiGate interface to manage FortiAP units:
Enable DHCP Server on the Interface:
Go to Network > Interfaces.
Edit the interface (e.g., port16) that will be used to manage FortiAPs.
In the IP/Network Mask field, enter an IP address for the interface.
Enable DHCP Server with the default settings.
Enable CAPWAP Access:
Go to Network > Interfaces.
Double-click the interface (e.g., port16).
Under Administrative Access, select Security Fabric Connection.
Click OK.
Configure VCI-Match (Optional):
If required, enable the VCI-match feature using the CLI to ensure only devices with a matching VCI name can acquire an IP address from the DHCP server:
shell
config system dhcp server
edit 1
set interface port16
set vci-match enable
set vci-string "FortiAP"
next
end

Enable Automatic FortiAP Discovery and Authorization:
To create a new FortiAP entry automatically when a new FortiAP unit is discovered:
shell
config system interface
edit port16
set allow-access fabric
set ap-discover enable
next
end

To allow FortiGate to authorize a newly discovered FortiAP to be controlled by the FortiGate:
shell
config system interface
edit port16
set allow-access fabric
set auto-auth-extension-device enable
next
end

By following these steps, you can manage FortiAPs even when the FortiGate is operating in Transparent Mode

Ref: https://docs.fortinet.com/document/fortiap/6.4.0/fortiwifi-and-fortiap-cookbook/252439/configuring-t...

Best Regards,
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: 1,2,3,4,5,7
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up
nithishkumar

Thank you for your response. We will proceed with the suggested steps in our lab and will inform you of the outcomes.@akumar02

Nithishkumar S
Nithishkumar S
akumar02

Thanks, 
Please keep us posted. 

Best Regards,
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: 1,2,3,4,5,7
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up
DylanBennett
New Contributor

Thank you so much. 

Spoiler
Thank you so much. And I also would like to help you by sharing the https://www.topessaywriting.org/samples/emotions website with you where you can find essay samples. I am also using that website to read free essay samples.
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors