maybe some one know how to repair old ap to be able to connect to fortigate.
FortiAP log:
01604.070 cwDtlsSslInitClient 0x101f3168 0x101f2b90 0x101cf138
01604.071 cwDtlsInfoCbFn: failed(?); DTLS connect:SSLv3 read server hello A
01604.072 cwEventFdsUpdate: updated fds. Curr gNumEventFds: 9. gMaxFd: 28
01604.073 cwDtlsInfoCbFn: failed(?); DTLS connect:SSLv3 read server hello A
01604.074 cwWtpDtlsThread: handshake was not successful! Fatal error: 5
01604.121 cwDtlsInfoCbFn: failed(?); DTLS connect:SSLv3 read server session ticket A
01604.122 cwWtpDtlsThread: handshake was not successful! Fatal error: 5
01604.142 cwDtlsCertVerify Cert Error (10: certificate has expired)
01604.142 =================================================
01604.142 cwWtpDtlsThread cwDtlsCertVerify failed
01604.142 =================================================
01604.142 cwWtpDtlsThread: Own Certificate
01604.143 cwWtpDtlsThread: Peer Certificate
01604.144 wlan_set_led led 4 state 3
01604.144 cwDevIoctl_ifru_data wldvlan 89f0 ERR - Invalid argument
01604.145 cwDevIoctl_vbr_ifru_data cmd drv ERR - Invalid argument
01604.145 cwWtpKernDvlanSetFlush 1 ERR - Invalid argument
01604.147 Unsupported scan mode change DISABLE ==> DISABLE
01604.147 cwDtlsInfoCbFn: DTLS ALERT: (write) warning:close notify
01604.147 cwWtpDtlsSessionStop_chan SSL_shutdown rc 0
01604.148 CWWS_DTLS_TD_enter FailedDTLSAuthFailCount 0 FailedDTLSSessionCount 0 max 3
01604.149 cwEventFdsUpdate: updated fds. Curr gNumEventFds: 7. gMaxFd: 16
01606.070 wlan_set_led led 4 state 1
01607.069 SYNC local time to 2023-01-26 21:43:23 based on AC (10.10.130.1) TS
01607.070 cwDtlsSslInitClient 0x101f3168 0x101f2b90 0x101cf138
01607.071 cwDtlsInfoCbFn: failed(?); DTLS connect:SSLv3 read server hello A
01607.072 cwEventFdsUpdate: updated fds. Curr gNumEventFds: 9. gMaxFd: 28
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Can you specify which version of AP/FGT are you trying to match?
You can try to manually disable DTLS as described here:
https://docs.fortinet.com/document/fortiap/7.2.1/fortiwifi-and-fortiap-configuration-guide/350248/wi...
I try to match
Fortigate: 6.2.12
FortiAP-210B v5.2,build0265,180118 (GA)
no luck after turning dtls off. Error looks the same whit certificate error. :\
Yeah no matter what this ancient AP will offer an awful user experience to any wireless clients connected to it. I would also suggest upgrading your FortiGate firmware as well.
Please review the compatibility matrix: https://docs.fortinet.com/document/fortiap/6.4.0/fortiap-and-fortios-compatibility-matrix/495193/for...
The 210B is not listed as a supported AP under FOS 6.X.
That looks like a very old AP, it's trying to use SSLv3 that is deprecated for a long time. The oldest firmware on Fortinet's documentations is 5.4 and this specific AP is not mentioned on the release notes. The only document I could find is this one: https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/ec78e486-1eab-11e9-b6f6-f8bc12...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.