Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Is it Required to Open Ports to Allow Access Point to Broadcast on WAN?

Hi there,


I have two Access Points on my LAN network. I have a FortiGate 200E firewall located at a different building, maybe fifteen miles away from my LAN network. For testing I have installed two AP's on my LAN network, and also installed software to manage AP's. Both AP's are broadcasting and working on LAN.


I've decided to have a central location to manage AP's. That location is fifteen miles away from LAN and I'm able to remote into WAN computers and servers. WAN location has a FortiGate 200E firewall. We have VPN working, I can ping network computers. Communication between LAN and WAN is working great, and we have no complaints.


I've uninstalled AP software and did a factory reset on the AP's. I know for a fact, the two AP's are broadcasting and waiting to be connected via its software. 


On the WAN network, I decided to install AP software on a workstation. After successfully installing software, I noticed AP's aren't being detected, which means AP's are not broadcasting pass my LAN network. On the FortiGate firewall, do I need to create a new policy and open ports TCP 8080, 8443, 8843, 27117  and UDP 3478 to allow AP's to broadcast on the WAN network?


Both AP's are connected to the network and are ready to be configured. I attached an image of my network setup.








I think you should configure ip-helper with the required for your wireless APs DHCP option. If you don't know what option then contact your wireless vendor for detailed instructions.


I was told by vendor that AP's are layer 2 devices and therefore we can't configure ip-helper. Vendor mention ip-helper can still be configured if firewall has option available. Do you know if FortiGate 200E firewall has ip-helper option available?  

Top Kudoed Authors