I have a FortiGate 80E (running 5.6.5) and a 320C FortiAP running 5.6.4. I want to utilize the wtp-profile setting dtls-policy ipsec-vpn instead of dtls-policy dtls-enable on my FortiAPs for better performance over the AP Secure Channel comms. I have found when enabling ipsec-vpn under the wtp-profile the FortiAPs management GUI shows it's using IPsec and is "Connecting" when I access its GUI directly, on the 80E firewall under Managed FortiAPs it continues to show a down state and never comes up (turns bold). When I have dtls-policy set to dtls-enable or clear-text the FortiAP shows up in the Managed FortiAPs list. I've contacted support (still waiting on a response) but wanted to see if anyone else has had this issue and knows the fix.
Support has directed me to upgrade the FortiGate to 6.0.2 and the FortiAPs to 6.0.2 firmware. The issue still remains. When the dtls-policy is set to to ipsec-vpn the FortiAPs remain in a "Connecting" state. I'll update this when we get to a fix.
Since you have already spoken to support, do you happen to have a Fortinet ticket number? I can look at that record to see whether we have already got some of basic info such as topology/configuration etc so you don't need to provide duplicate/sensitive info here.
2889943
Thanks. I don't see anything special in your config. Support has provided the instructions on what logs to collect when the issue is happening. will look at logs once that's available.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1736 | |
1107 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.