how can i configure my access point to fortigate 80d ?

yaronbeny7 · ‎10-21-2015

hello

i would to connect my access point to my fortigate.

i tried to configure port2 to access point and i did now succed.

please give me some help

thanks

torgnyw · ‎10-21-2015

Hi, Have you enabled CAPWAC on interface? Could you upload screenshot or cli output of interface config? \\ Torgny

\\ Torgny

rwpatterson · ‎10-21-2015

What manufacturer/model is the access point?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

yaronbeny7 · ‎10-22-2015

please see my printshot

yaronbeny7 · ‎10-22-2015

and the access point settings

torgnyw · ‎10-23-2015

I'm not sure how you expect this to work?

Are you setting up an Access Point or router?

You are setting the Access Points IP address as Default Gateway, and this IP address is not in the same

subnet as firewall interface.You are also using a Class B subnet on firewall.

I would suggest:

[ul]

Setting a Class C subnet on firewall interface. (ex. 192.168.2.1/255.255.255.0)[ul]

If this is a company network you don't want to use 192.168.X.X addresses, at lest not the once that are used a lot in home networks.[/ul]

Enabling DHCP on firewall interface. (192.168.2.100-200)[ul]

Default gateway 192.168.2.1

DNS (System defaults) or 8.8.8.8[/ul]

Management IP for Access Point (192.168.2.10)

Be sure to disable DHCP on AccessPoint

Make firewall rule from internal2 to wan interface with NAT enabled

Enable Ping on internal2 interface to test connectivity[/ul]

If you are installing Access Point as a router I need to see more of the configuration.

\\

Torgny

\\ Torgny

rwpatterson · ‎10-23-2015

Several glaring issues here:

[ol]

You cannot manage that AP from the Fortigate. It's not a FortiAP.

The subnets need to match between the FGT interface and the AP subnet. It appears there is no routing involved. This AP strictly takes wireless traffic and places it onto the wire. (correct me if I'm wrong)

The AP can do DHCP provided the FGT does not. Pick one or the other, your choice.

The default gateway needs to be the FGT for traffic to pass through it.

You need policies in place on the FGT to allow traffic to where you need it to go.[/ol]

Get back to us with more information, if needed.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

yaronbeny7 · ‎10-23-2015

i did all what you said but i do not know how to do :

* Make firewall rule from internal2 to wan interface with NAT enabled * Enable Ping on internal2 interface to test connectivity

Please help how to do it from putty.

Thanks!

yaronbeny7 · ‎10-24-2015

now i even not receving dhcp from port2 on fortigate

please help !

torgnyw · ‎10-24-2015

Did DHCP from Fortigate work before?

Why would you configure it from putty? Your screenshots are from web, and if you don't know how to enable ping on a interface, i don't think you should start by trying to do it from CLI (putty).

But if you have to, this enables ping on

config system interface

edit internal2
set allowaccess ping <other access you want to allow>
end

To enable ping from web GUI there is a checkbox on interface configuration page (the one you sent screenshot of).

Firewall rules are created under Policy & Object... Policy... IPv4.

config firewall policy

edit 0

set srcintf "internal2"

set dstintf "wan1"

set srcaddr "all"

set dstaddr "all"

set action accept

set schedule "always"

set service "ALL"

set nat enable

end

This should give full access to internet. (replace WAN1 with your external interface).

If you want access to other internal network you could change wan1 to a internal interface, and set nat disable

\\

Torgny

\\ Torgny