Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
RedDragon
New Contributor

Moving AP from WLC to FortiGate

Howdy

I have to deal with a very mysterious problem of FortiAP U231F. To start with, I plan to move my U221EV and U231F from WLC to FortiGate. With the U221EV it's no problem at all and with brand new U231F, that were never connected to the WLC will work like a charm

But now there is the point, I have multiple U231F that got to know WLC, when I do the same like with my U221EV, then it "should" work and welcome me in my FortiGate, but sadly it never happens.

 

My procedure is the following:

1. WLC CLI to AP

2. bootimg imageid 3

3. When AP is rebooting and for a moment offline, I switch the VLAN (only difference is the DHCP that is linking to FortiGate and not WLC)

4. AP boots up and I can authorize it at FortiGate

5. Firmware update

6. Profit :)

 

This works with all U221EV perfectly, with the brand new U231F it starts from point 4. so no problem at all, too.

But with U231F that were once connected to WLC I tried the bootimg, reset-default command via WLC CLI, hard reset via reset button at the AP, but never will this AP try to authorize at FortiGate.

I used already Wireshark to look what happens on the network and the AP get's an IP address and is sending pings to FortiGate, but that's it. The LAN 1 led is green blinking, while the power led is slowly green blinking.

 

Well, I have no real clue how to fix this weird issue. Maybe someone had the same problem or something similar.

Thanks!

1 Solution
RedDragon
New Contributor

The solution is weird but works:

When connecting from WLC to your U231F, use bootimg iid 2 and not 3.

It seems that the primary FortiGate image is broken/bricked by the firmware you have to add to the WLC, because Fortinet delivers for newer devices no out of the box support anymore.

 

After a reboot and the new VLAN, I can authorize the new AP in FortiGate without any problems.

 

tl;dr

1. WLC CLI: conn ap XX

2. bootimg iid 2

(optional: 3. change vlan)

4. AP pops up in FortiGate

View solution in original post

2 REPLIES 2
Christian_89
Contributor III

Hello

I understand you're facing a mysterious problem with FortiAP U231F devices. It seems that you're trying to migrate these devices from a WLC (Wireless LAN Controller) environment to a FortiGate environment. While the process works smoothly for brand new U231F devices and U221EV devices, you're encountering difficulties with U231F devices that were previously connected to the WLC.

Based on the information you provided, it appears that the U231F devices are not successfully authorizing with the FortiGate after the firmware update. Here are a few suggestions you can try to troubleshoot and resolve the issue:

1. Ensure VLAN Configuration: Double-check the VLAN configuration on the FortiGate and make sure it aligns with the new DHCP settings. Verify that the VLAN is correctly tagged and accessible by the FortiAP devices.

2. Verify Network Connectivity: Confirm that there are no network connectivity issues between the U231F devices and the FortiGate. Ensure that the APs can reach the FortiGate's management interface and that there are no firewall rules or ACLs blocking communication.

3. Factory Reset the U231F Devices: If you haven't already, perform a factory reset on the U231F devices that were previously connected to the WLC. This can be done using the reset button on the AP or through the WLC CLI. By doing a factory reset, you can eliminate any residual configurations from the previous WLC environment.

4. Check Firmware Compatibility: Ensure that the firmware version you are using on the FortiGate is compatible with the U231F devices. Verify the recommended firmware versions for the U231F model and upgrade if necessary.

5. Review Debug Logs: Enable debug logging on the FortiGate for the AP authorization process. Check the logs for any relevant error messages or indications of why the authorization is failing. This can provide more insight into the issue and help narrow down the problem.

6. Contact Fortinet Support: If the issue persists, it would be beneficial to reach out to Fortinet Support for further assistance. They can analyze the specific configuration and logs, and provide guidance or solutions tailored to your environment.

By following these steps and seeking assistance from Fortinet Support if needed, you should be able to troubleshoot and resolve the problem with the U231F devices not authorizing with the FortiGate after migration from the WLC.

RedDragon
New Contributor

The solution is weird but works:

When connecting from WLC to your U231F, use bootimg iid 2 and not 3.

It seems that the primary FortiGate image is broken/bricked by the firmware you have to add to the WLC, because Fortinet delivers for newer devices no out of the box support anymore.

 

After a reboot and the new VLAN, I can authorize the new AP in FortiGate without any problems.

 

tl;dr

1. WLC CLI: conn ap XX

2. bootimg iid 2

(optional: 3. change vlan)

4. AP pops up in FortiGate

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors