Hi all,
I tried to set up a FortiAP 14C for the first time and have some questions.
One of our customers wants to connect a few branches with the HQ, using FortiAP 14C on the remote side and a FortiGate 40C in the HQ. Each FortiAP should connect devices via WLAN and LAN with the company's network as well as offer them access to the Internet.
I found several videos and documents describing the setup of 14C as an AP for WLAN and LAN and following them, I could establish connections as wanted. But this works only, when the FortiAP 14C is located in the same network as the FortiGate 40C. My expectation was, that - if this works fine - I could bring the AP to the branch and the same functionality would be available. But unfortunately, the AP does not establish a VPN connection to the 40C.
So, obviously, I misunderstood the setup.
Unfortunately, I don't find a document or video which describes the necessary configuration tasks for our environment. So my questions are:
1. Does anybody have a link to information, which will help me to correct the setup?
2. Is there a way to configure the AP without being near the 40C? Problem is, that our customer is located 300 km away from our office. If I have to go there to configure the AP, I have no possibility to check the functionality, because I don't have external Internet access there beside the one of the 40C. So if I think, the setup is correct, I have to drive back to our office or to one of the branches to test the device and if there is still something wrong, I've to drive back to the customer's HQ.
Would be great to get some help from one of you!
Regards, Lars
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Yes, CAPWAP on wan1 is enough. You'll want to make sure to enable DTLS on the AP profile so that CAPWAP tunnel is encrypted.
What kind of internet access equipment do you have at the remote location? A Remote AP won't be enough on it's own - you need at least a xDSL router to connect. The RAP will then connect to the FGT, provided it can reach the internet and you have configured the FGT's public IP address.
The RAP is just an accesspoint, plus router. There is no interface electronics for WAN access - DSL, cable, GSM/3G/4G. If this surprises you, look at the price (and the datasheet).
As to your visit to the remote office, you could get a Webstick to connect to the internet there. This would be independent of the access the remote AP would use.
Hi ede_pfau,
for sure there are DSL routers at the branches, the usual German stuff (I saw you're from Heidelberg :-)) like Easybox, Fritz!Box and Speedports.
I assume my problems are based within the configuration itself. Do you know a good source or step-by-step documentation for setting up a remote AP?
Regards, Lars
I configured the public IP address of the 40C as "AC IP Address 1" in the 14Cs.
The WAN1 interface of the 40C is not enabled for CAPWAP in general yet. It's enabled for two VPN tunnels bound to WAN1, but not on the interface itself. Can I do that without implications to the VPN tunnels without CAPWAP (there are also those bound to that interface)?
Additional question: There is a radio button "Dedicated to FortiAP", which is not enabled. Is this obsolete for our situation?
Thanks, Lars
Check that d...ed Windows firewall...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1641 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.