- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Old fortiAP problem to connect fortigate
maybe some one know how to repair old ap to be able to connect to fortigate.
FortiAP log:
01604.070 cwDtlsSslInitClient 0x101f3168 0x101f2b90 0x101cf138
01604.071 cwDtlsInfoCbFn: failed(?); DTLS connect:SSLv3 read server hello A
01604.072 cwEventFdsUpdate: updated fds. Curr gNumEventFds: 9. gMaxFd: 28
01604.073 cwDtlsInfoCbFn: failed(?); DTLS connect:SSLv3 read server hello A
01604.074 cwWtpDtlsThread: handshake was not successful! Fatal error: 5
01604.121 cwDtlsInfoCbFn: failed(?); DTLS connect:SSLv3 read server session ticket A
01604.122 cwWtpDtlsThread: handshake was not successful! Fatal error: 5
01604.142 cwDtlsCertVerify Cert Error (10: certificate has expired)
01604.142 =================================================
01604.142 cwWtpDtlsThread cwDtlsCertVerify failed
01604.142 =================================================
01604.142 cwWtpDtlsThread: Own Certificate
01604.143 cwWtpDtlsThread: Peer Certificate
01604.144 wlan_set_led led 4 state 3
01604.144 cwDevIoctl_ifru_data wldvlan 89f0 ERR - Invalid argument
01604.145 cwDevIoctl_vbr_ifru_data cmd drv ERR - Invalid argument
01604.145 cwWtpKernDvlanSetFlush 1 ERR - Invalid argument
01604.147 Unsupported scan mode change DISABLE ==> DISABLE
01604.147 cwDtlsInfoCbFn: DTLS ALERT: (write) warning:close notify
01604.147 cwWtpDtlsSessionStop_chan SSL_shutdown rc 0
01604.148 CWWS_DTLS_TD_enter FailedDTLSAuthFailCount 0 FailedDTLSSessionCount 0 max 3
01604.149 cwEventFdsUpdate: updated fds. Curr gNumEventFds: 7. gMaxFd: 16
01606.070 wlan_set_led led 4 state 1
01607.069 SYNC local time to 2023-01-26 21:43:23 based on AC (10.10.130.1) TS
01607.070 cwDtlsSslInitClient 0x101f3168 0x101f2b90 0x101cf138
01607.071 cwDtlsInfoCbFn: failed(?); DTLS connect:SSLv3 read server hello A
01607.072 cwEventFdsUpdate: updated fds. Curr gNumEventFds: 9. gMaxFd: 28
- Labels:
-
FortiAP
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you specify which version of AP/FGT are you trying to match?
You can try to manually disable DTLS as described here:
https://docs.fortinet.com/document/fortiap/7.2.1/fortiwifi-and-fortiap-configuration-guide/350248/wi...
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I try to match
Fortigate: 6.2.12
FortiAP-210B v5.2,build0265,180118 (GA)
no luck after turning dtls off. Error looks the same whit certificate error. :\
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yeah no matter what this ancient AP will offer an awful user experience to any wireless clients connected to it. I would also suggest upgrading your FortiGate firmware as well.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Please review the compatibility matrix: https://docs.fortinet.com/document/fortiap/6.4.0/fortiap-and-fortios-compatibility-matrix/495193/for...
The 210B is not listed as a supported AP under FOS 6.X.
Graham
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That looks like a very old AP, it's trying to use SSLv3 that is deprecated for a long time. The oldest firmware on Fortinet's documentations is 5.4 and this specific AP is not mentioned on the release notes. The only document I could find is this one: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ec78e486-1eab-11e9-b6f6-f8bc12...
If you have found a solution, please like and accept it to make it easily accessible for others.