Skip to main content
fortibey
fortibey
New Member
October 22, 2017
Question

GUI Connection Problem

  • October 22, 2017
  • 1 reply
  • 12200 views

Hello,

 

We've recently upgraded our FortiAP's (221C) firmwares to 5.4 family.

Also we've upgraded our fortigate firmware to 5.4 family.

 

Right now we can not access or fortiaps web gui.

They are rejecting the connection.

We've tried to revoke dhcp release and we see that we can connect for a very short period.

 

How can we solve this problem ?

 

Thanks

1 reply

tanr
tanr
New Member
October 22, 2017

I haven't had to do much with my FAP's for a while.  A few thoughts:

[ol]
  • I didn't run into it, but the documentation says you may need to disconnect the CAPWAP interface to the FAP (and I assume do the mandatory 30 second pause) then reconnect it.  If you are not running the FAP's on POE, rebooting them is always next on my list of things to try.
  • What versions do you have your FortiGate and FAP's at?  Hopefully you followed the upgrade path: http://cookbook.fortinet.com/supported-upgrade-paths-fortiap/?  On the FAP side, I believe you need to upgrade to 5.4.1, then 5.4.2, then 5.4.3.  I know there is a matching specific sequence for which FGT versions changes you should do for each FAP version change, but I all I've found so far is the security fabric upgrade document: http://docs.fortinet.com/uploaded/files/3995/Coop-Security-Fabric-5.4.6-Upgrade-Guide.pdf
  • I assume you've enabled CAPWAP on the command interfaces to the 221C's?
  • Is your CAPWAP interface to the FAP's vlan tagged on the FAP side?  That is, will the FAP be getting vlan tagged packets on the controlling interface?  My own CAPWAP default interface to 221C FAP's is not vlan tagged, though all of the bridged interfaces my FAP exposes ARE vlan tagged.  IIRC, the CAPWAP to FAP connection had some issue when working with a CAPWAP interface that was vlan tagged.
  • Can you connect to the FAP directly, by HTTPS or SSH?  What does it show for it's Status, Wifi Admin Status, etc.?[/ol]
    • tanr
    tanr
    New Member
    October 22, 2017

    Found the notes on FGT and FAP version compatibility.

    FAP          FortiOS

    5.4.0        5.4.0 5.4.1        5.4.1 5.4.2        5.4.2 AND LATER 5.4.3        5.4.5 AND LATER

     

    fortibey
    fortibeyAuthor
    New Member
    October 29, 2017

    Thank you very much for your reply.

     

    I've found the problem :)

    It seems we can not reach fortiap gui if we authorize the device with fortigate.

    I've deauthorized fortiapps and i've managed to access their gui.

     

    I hope this information will be helpfull in future for similiar cases.

    Terms & ConditionsAccessibility statement