Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yaronbeny7
New Contributor

Created on ‎10-21-2015 11:39 AM

how can i configure my access point to fortigate 80d ?

hello

i would to connect my access point to my fortigate.

i tried to configure port2 to access point and i did now succed.

please give me some help 

thanks

14048
0 Kudos
16 REPLIES 16
torgnyw
New Contributor

Created on ‎10-21-2015 12:05 PM

Hi, Have you enabled CAPWAC on interface? Could you upload screenshot or cli output of interface config? \\ Torgny

\\ Torgny

\\ Torgny
6238
0 Kudos
rwpatterson
Valued Contributor III
In response to torgnyw

Created on ‎10-21-2015 12:21 PM

What manufacturer/model is the access point?

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
6238
0 Kudos
yaronbeny7
New Contributor
In response to torgnyw

Created on ‎10-22-2015 09:01 AM

please see my printshot

Forti_Setting.jpg
Preview file
74 KB
6238
0 Kudos
yaronbeny7
New Contributor
In response to yaronbeny7

Created on ‎10-22-2015 09:03 AM

and the access point settings

1324323442343.jpg
Preview file
136 KB
6238
0 Kudos
torgnyw
New Contributor
In response to yaronbeny7

Created on ‎10-23-2015 12:55 AM

I'm not sure how you expect this to work?

Are you setting up an Access Point or router?

 

You are setting the Access Points IP address as Default Gateway, and this IP address is not in the same 

subnet as firewall interface.You are also using a Class B subnet on firewall.

 

I would suggest:

[ul]
  •  Setting a Class C subnet on firewall interface. (ex. 192.168.2.1/255.255.255.0)[ul]
  • If this is a company network you don't want to use 192.168.X.X addresses, at lest not the once that are used a lot in home networks.[/ul]
  •  Enabling DHCP on firewall interface. (192.168.2.100-200)[ul]
  • Default gateway 192.168.2.1
  • DNS (System defaults) or 8.8.8.8[/ul]
  • Management IP for Access Point (192.168.2.10)
  • Be sure to disable DHCP on AccessPoint
  • Make firewall rule from internal2 to wan interface with NAT enabled
  • Enable Ping on internal2 interface to test connectivity[/ul]

    If you are installing Access Point as a router I need to see more of the configuration.

     

    \\

    Torgny

     

     

     

     

    • \\ Torgny

    \\ Torgny
    6238
    0 Kudos
    rwpatterson
    Valued Contributor III
    In response to torgnyw

    Created on ‎10-23-2015 05:20 AM

    Several glaring issues here:

    [ol]
  • You cannot manage that AP from the Fortigate. It's not a FortiAP.
  • The subnets need to match between the FGT interface and the AP subnet. It appears there is no routing involved. This AP strictly takes wireless traffic and places it onto the wire. (correct me if I'm wrong)
  • The AP can do DHCP provided the FGT does not. Pick one or the other, your choice.
  • The default gateway needs to be the FGT for traffic to pass through it.
  • You need policies in place on the FGT to allow traffic to where you need it to go.[/ol]

    Get back to us with more information, if needed.

    • Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    Bob - self proclaimed posting junkie!See my Fortigate related scripts at: http://fortigate.camerabob.com
    6238
    0 Kudos
    yaronbeny7
    New Contributor
    In response to yaronbeny7

    Created on ‎10-23-2015 10:54 AM

    i did all what you said but i do not know how to do :

     * Make firewall rule from internal2 to wan interface with NAT enabled  * Enable Ping on internal2 interface to test connectivity

    Please help how to do it from putty.

    Thanks!

     

    6238
    0 Kudos
    yaronbeny7
    New Contributor
    In response to yaronbeny7

    Created on ‎10-24-2015 02:25 AM

    now i even not receving dhcp from port2 on fortigate

    please help !

    6238
    0 Kudos
    torgnyw
    New Contributor
    In response to yaronbeny7

    Created on ‎10-24-2015 03:28 AM

    Did DHCP from Fortigate work before? 

    Why would you configure it from putty? Your screenshots are from web, and if you don't know how to enable ping on a interface, i don't think you should start by trying to do it from CLI (putty).

     

    But if you have to, this enables ping on 

    config system interface

     

       edit internal2
          set allowaccess ping <other access you want to allow>
          end

     

    To enable ping from web GUI there is a checkbox on interface configuration page (the one you sent screenshot of).

     

    Firewall rules are created under Policy & Object... Policy... IPv4.

    config firewall policy

     

       edit 0

     

          set srcintf "internal2"

     

          set dstintf "wan1"

     

          set srcaddr "all"

     

          set dstaddr "all"

     

          set action accept

     

          set schedule "always"

     

          set service "ALL"

     

          set nat enable

     

       end

     

    This should give full access to internet. (replace WAN1 with your external interface).

    If you want access to other internal network you could change wan1 to a internal interface, and set nat disable

     

    \\

    Torgny

    \\ Torgny

    \\ Torgny
    6238
    0 Kudos
    Announcements
    Check out our Community Chatter Blog! Click here to get involved
    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2025 Fortinet, Inc. All Rights Reserved.