Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Allwyn_Mascarenhas
Contributor

web pages won't open through fortiap on a laptop and some mobile phones

HI

 

I have 2 FAP221B configured with a FGT 70d in the tunnel mode with WPA2-Personal. Everything worked really well till we tried connecting some more devices to it as this was a demo i was performing. And suddenly we see that 2 nokia lumia and 2 android smartphones won't load any webpages at all in the browser. Also my own samsung ace won't even get to the internet.

 

While at the same time one samsung and one htc both android devices were getting full internet access for all apps and browsers.

 

Then i tried with a laptop just to see what's happening. Tracert and ping to google.com(means dns works) works but it just won't open any webpages in the browser, the browser simply acts like there's no internet. Then I saw skype was logged on so i did a test call to their server and that worked. I changed DNS server to 8.8.8.8 and still nothing in any of the browsers chrome,ff and ie.

 

The basic policy with full access is in use with no UTM features.

 

Any help and ideas where to look next please.

10 REPLIES 10
Bromont_FTNT
Staff
Staff

Which devices are connected to the 2.4 and 5GHz radios? Any difference if you have it configured in bridge mode?

 

Allwyn_Mascarenhas

All the devices we used mostly don't even support 5GHz. So good to assume all were on 2.4 only.

 

I did not try with bridge mode, i am actually not aware what is the difference between the two. The fgt 70D datasheet says it supports 32 fortiaps maximum and 16 in tunnel mode. So the other is the bridge mode you are mentioning? Also what else would be different in bridge then in tunnel and why exactly this limit of 32 and 16?

 

Thanks a lot.

Bromont_FTNT

The 70D controller should tell you what radio (24./5GHz) the clients are connected to. Tunnel mode requires more processing power in the Fortigate vs bridge mode but this shouldn't be an issue with only 2 APs on a 70D. 

Allwyn_Mascarenhas

I went through the fortiap setup videos and they only demonstrated tunnel mode and as it goes with the demos only the steps are mentioned with no explanation at all.

 

 

But could this problem have to do with any of it, because on some phones everything just works fine. And even on the one laptop with the issue the pings work fine and so did skype, what could exactly prevent only the browser from getting to the internet?

 

I tried wireshark and i noticed some mention of malformed packets in the capture, i have no experience to troubleshoot with wireshark any more than that.

 

thanks.

Bromont_FTNT

In the client monitor on the Fortigate controller you should be able to see which clients are connected at 2.4 and 5GHz.... is there a correlatikon there?

Allwyn_Mascarenhas

I'm sorry i don't really have that information now. But my best guess would be that none of the devices had 5GHz support anyway so they were all on 2.4GHz.

 

But now the next day my colleague went to the client for this same demo and one of the samsung phones on which the internet was working fine before can't get to the internet now and the other lumia phones and the laptop which had the issue can now get to the internet just fine.

 

 

Incelli

Hi,

 

I have the same issue. did you solve this?

 

thanks.

Alex_l
New Contributor

I have too 221B. My works fine. Have good roaming. Do you have latest firmware at Gate and AP installed?

FG-50E/60D/60E, FAP-221B/21D, FortiClient. 

Incelli
New Contributor

My enviroment is FG 60D with AP221B. I'm using the last firmware version on both appliances.