WTP Profile DTLS Policy set to IPSec-VPN FortiAP Never Returns to Up State
I have a FortiGate 80E (running 5.6.5) and a 320C FortiAP running 5.6.4. I want to utilize the wtp-profile setting dtls-policy ipsec-vpn instead of dtls-policy dtls-enable on my FortiAPs for better performance over the AP Secure Channel comms. I have found when enabling ipsec-vpn under the wtp-profile the FortiAPs management GUI shows it's using IPsec and is "Connecting" when I access its GUI directly, on the 80E firewall under Managed FortiAPs it continues to show a down state and never comes up (turns bold). When I have dtls-policy set to dtls-enable or clear-text the FortiAP shows up in the Managed FortiAPs list. I've contacted support (still waiting on a response) but wanted to see if anyone else has had this issue and knows the fix.
Support has directed me to upgrade the FortiGate to 6.0.2 and the FortiAPs to 6.0.2 firmware. The issue still remains. When the dtls-policy is set to to ipsec-vpn the FortiAPs remain in a "Connecting" state. I'll update this when we get to a fix.
Since you have already spoken to support, do you happen to have a Fortinet ticket number? I can look at that record to see whether we have already got some of basic info such as topology/configuration etc so you don't need to provide duplicate/sensitive info here.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.