Fortinet Community

jvanderzee · ‎08-30-2018

I have a FortiGate 80E (running 5.6.5) and a 320C FortiAP running 5.6.4. I want to utilize the wtp-profile setting dtls-policy ipsec-vpn instead of dtls-policy dtls-enable on my FortiAPs for better performance over the AP Secure Channel comms. I have found when enabling ipsec-vpn under the wtp-profile the FortiAPs management GUI shows it's using IPsec and is "Connecting" when I access its GUI directly, on the 80E firewall under Managed FortiAPs it continues to show a down state and never comes up (turns bold). When I have dtls-policy set to dtls-enable or clear-text the FortiAP shows up in the Managed FortiAPs list. I've contacted support (still waiting on a response) but wanted to see if anyone else has had this issue and knows the fix.

jvanderzee · ‎08-30-2018

Support has directed me to upgrade the FortiGate to 6.0.2 and the FortiAPs to 6.0.2 firmware. The issue still remains. When the dtls-policy is set to to ipsec-vpn the FortiAPs remain in a "Connecting" state. I'll update this when we get to a fix.

wanglei_FTNT · ‎08-30-2018

Since you have already spoken to support, do you happen to have a Fortinet ticket number? I can look at that record to see whether we have already got some of basic info such as topology/configuration etc so you don't need to provide duplicate/sensitive info here.

jvanderzee · ‎09-04-2018

2889943

wanglei_FTNT · ‎09-05-2018

Thanks. I don't see anything special in your config. Support has provided the instructions on what logs to collect when the issue is happening. will look at logs once that's available.

Fortinet Community

WTP Profile DTLS Policy set to IPSec-VPN FortiAP Never Returns to Up State