We have a number of FAP221C units managed through our Fortigate FG200E.
I would like to connect to the web interface of each AP, just to see what's going on with each unit.
I created a policy to allow traffic to the IPs of the APs in the wireless subnet. I can ping the units on their IP, but I can't access the web interface.
So I suspect that I might actually need to get a longer ethernet cable and connect directly to the units up in the roof space. Does anyone happen to know if that is required in order to see the web interface? I read elsewhere that the default IP of each AP would be 192.168.1.2 (or something like that).
Did you allow "https" access to the APs at the profiles? In GUI, "Administrative Access" checkboxes. In CLI, under "config wireless-controller wtp-profile" then edit the profile name, and "set allowaccess https".
If you need to connect to the AP GUI (and you do not have/see those admin connection options in the AP profiles) you should be able connect to it before it discovers/connects to the Wifi controller - either reboot it and/or temporary deauthorize it from the 200E - both options are really not good in my opinion.
If you need to monitor/troubleshoot the APs/wifi issues, you should be able to do it from the Wifi Health monitor
A couple things I do like to do on the APs though is set a default static IP on them (from 192.168.1.2?) in the event they are unable to obtain an IP from the network they are connected to, and add a static IP for the wifi controller (setting).
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.