I tried to set up a FortiAP 14C for the first time and have some questions.
One of our customers wants to connect a few branches with the HQ, using FortiAP 14C on the remote side and a FortiGate 40C in the HQ. Each FortiAP should connect devices via WLAN and LAN with the company's network as well as offer them access to the Internet.
I found several videos and documents describing the setup of 14C as an AP for WLAN and LAN and following them, I could establish connections as wanted. But this works only, when the FortiAP 14C is located in the same network as the FortiGate 40C. My expectation was, that - if this works fine - I could bring the AP to the branch and the same functionality would be available. But unfortunately, the AP does not establish a VPN connection to the 40C.
So, obviously, I misunderstood the setup.
Unfortunately, I don't find a document or video which describes the necessary configuration tasks for our environment. So my questions are:
1. Does anybody have a link to information, which will help me to correct the setup?
2. Is there a way to configure the AP without being near the 40C? Problem is, that our customer is located 300 km away from our office. If I have to go there to configure the AP, I have no possibility to check the functionality, because I don't have external Internet access there beside the one of the 40C. So if I think, the setup is correct, I have to drive back to our office or to one of the branches to test the device and if there is still something wrong, I've to drive back to the customer's HQ.
I configured the public IP address of the 40C as "AC IP Address 1" in the 14Cs.
The WAN1 interface of the 40C is not enabled for CAPWAP in general yet. It's enabled for two VPN tunnels bound to WAN1, but not on the interface itself. Can I do that without implications to the VPN tunnels without CAPWAP (there are also those bound to that interface)?
Additional question: There is a radio button "Dedicated to FortiAP", which is not enabled. Is this obsolete for our situation?
If you have the public IP of the 40C configured as the AC IP address on the 14C then CAPWAP needs to be enabled on the wan port. If you want to use the VPN tunnels instead then configure the 14C to use one of the internal IPs of the 40C
Many thanks for your assistance, enabling CAPWAP on WAN1 was the solution. The APs now connect with the 40C in the HQ.
Unfortunately I've another problem now:
Using a Win7-based PC connected to one of the APs works fine: I could surf the web as well as use servers in the HQ. But there is one application in the HQ which needs access to the harddrive of the Win7 PC by using "net use \\ipaddress\sharename".
Whatever I've tried, I'm not able to access the harddrive of a device connected to an AP. The other way round works fine. Do you have any idea? Actually I can't even send a ping from the HQ to the PC. So embarassing... :(
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.