Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
EdChen
New Contributor

Created on ‎03-02-2025 08:26 PM

When trying to manage AP via FG-VM, the channel SSID cannot access the Internet.

I am trying a schema as shown in the screenshot.

0303.jpg

Currently, when the setting is like this, you can access the Internet normally using bridging, but when using the channel, you can obtain an IP but cannot access the Internet. Checking the AP log, you can see DNS-no-resp.

There are also policies set. Not sure what went wrong.
FG-VM uses the free version.

250
0 Kudos
6 REPLIES 6
Stephen_G
Moderator
Moderator

Created on ‎03-05-2025 07:12 AM

Hello,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Stephen - Fortinet Community Team
214
0 Kudos
adambomb1219
SuperUser
SuperUser

Created on ‎03-05-2025 07:14 AM

Are the policies correct?  Can the client access anything?  What do you mean "using the channel"?

212
EdChen
New Contributor

Created on ‎03-05-2025 08:30 PM

sorry,I updated, I typed the wrong channel, it should be tunnel.
You can access the Internet normally in bridge mode, but not in tunnel mode.

P3<->mgmt You can ignore it.

179
0 Kudos
jhonmu_882
New Contributor

Created on ‎03-05-2025 08:36 PM

Hi EdChen,

 

It sounds like the issue is related to how traffic is being handled in tunnel mode. Since you’re getting an IP but seeing DNS-no-resp in the AP logs, it might be worth checking if the FortiGate VM is properly handling DNS requests in tunnel mode. You could try setting a manual DNS on the client or checking if the policies allow DNS traffic through. Also, verifying DHCP relay settings and ensuring the AP is correctly forwarding traffic might help.

 

Regards

Jhon
Jhon
170
0 Kudos
EdChen
New Contributor

Created on ‎03-05-2025 11:02 PM

50E.jpgFG-VM.jpg

The policy is set to all-pass. After connecting to the tunnel ssid, you will not see the policy bytes increase. I have tried to manually set it to 8.8.8.8 OR 8.8.4.4 on the client side, and after connecting, I get DNS-no-resp.
How can I verify the DHCP relay settings and ensure the AP is forwarding traffic correctly?

139
0 Kudos
jhonmu_882
New Contributor

Created on ‎03-15-2025 11:06 PM Edited on ‎03-15-2025 11:08 PM

Hi EdChen,

 

It seems like the issue could be tied to how traffic is managed in tunnel mode. Since you're receiving an IP but encountering DNS-no-resp in the AP logs, it might be useful to check whether the FortiGate VM is correctly processing DNS requests in tunnel mode. You could try manually setting a DNS on the client or confirming that the policies permit DNS traffic on YouCine. Additionally, reviewing DHCP relay settings and ensuring the AP is forwarding traffic properly might help resolve the issue.

 

Regards

Jhon
Jhon
44
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.