Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
EdChen
New Contributor

When trying to manage AP via FG-VM, the channel SSID cannot access the Internet.

I am trying a schema as shown in the screenshot.

0303.jpg

Currently, when the setting is like this, you can access the Internet normally using bridging, but when using the channel, you can obtain an IP but cannot access the Internet. Checking the AP log, you can see DNS-no-resp.

There are also policies set. Not sure what went wrong.
FG-VM uses the free version.

6 REPLIES 6
Stephen_G
Moderator
Moderator

Hello,

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.


Thanks,

Stephen - Fortinet Community Team
adambomb1219
SuperUser
SuperUser

Are the policies correct?  Can the client access anything?  What do you mean "using the channel"?

EdChen
New Contributor

sorry,I updated, I typed the wrong channel, it should be tunnel.
You can access the Internet normally in bridge mode, but not in tunnel mode.

P3<->mgmt You can ignore it.

jhonmu_882
New Contributor

Hi EdChen,

 

It sounds like the issue is related to how traffic is being handled in tunnel mode. Since you’re getting an IP but seeing DNS-no-resp in the AP logs, it might be worth checking if the FortiGate VM is properly handling DNS requests in tunnel mode. You could try setting a manual DNS on the client or checking if the policies allow DNS traffic through. Also, verifying DHCP relay settings and ensuring the AP is correctly forwarding traffic might help.

 

Regards

Jhon
Jhon
EdChen
New Contributor

50E.jpgFG-VM.jpg

The policy is set to all-pass. After connecting to the tunnel ssid, you will not see the policy bytes increase. I have tried to manually set it to 8.8.8.8 OR 8.8.4.4 on the client side, and after connecting, I get DNS-no-resp.
How can I verify the DHCP relay settings and ensure the AP is forwarding traffic correctly?

jhonmu_882
New Contributor

Hi EdChen,

 

It seems like the issue could be tied to how traffic is managed in tunnel mode. Since you're receiving an IP but encountering DNS-no-resp in the AP logs, it might be useful to check whether the FortiGate VM is correctly processing DNS requests in tunnel mode. You could try manually setting a DNS on the client or confirming that the policies permit DNS traffic on YouCine. Additionally, reviewing DHCP relay settings and ensuring the AP is forwarding traffic properly might help resolve the issue.

 

Regards

Jhon
Jhon
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors