Greetings!
I confess to be somewhat clueless to the admin of a fortigate 70D in my basement. running fortios 5.2.4.
I can use the WebGUI and also managed to ssh to the device. It lives at address 172.16.1.1 and has 4 Fortigate managed APs connecting using tunnelling.
I have had no problems with most Wifi devices entering the WLAN.
However, as of lately I have tried to integrate a Netgear Wifi Extender. The device itself can join the Wifi, but DHCP for devices trying to connect to the extending Wifi fails (no response for DHCP Discovery; I traced that via WireShark on yet another box).
Hence I'm wondering why the Fortigate router seems to refuse to reply with a DCHP Offer.
I can manually configure the Netgear Wifi Extender (gateway, netmask, DNS, static IP address) and then things do work, i.e. devices can connect to the Wifi extension.
Any suggestions where to start looking would be appreciated.
Also: I have tried to use DHCP extended mgmt. However, I get following error message:
FGT70D3Z15000675 $ config global command parse error before 'global' Command fail. Return code 1
when trying to start on that.... Do I not have sufficient privileges?
At least I have the answer to the last question. Unless it's in multiple-vdom environment, "config global" doesn't exist at root. Only "config sys global" exists.
For the WiFi extender device in multiple AP environment, I would recommend sniffing the DHCP protocol packet at the interface(SSID) you're intending to terminate the connection from the clients behind the extender. My guess is the requests are not reaching the FG. DHCP uses UDP 67 and 68.
You can determine this quite easily if your in a vdo env
FG100DSOCPUPCHIILEVN # get sys status | grep Virtual Virtual domains status: 10 in NAT mode, 0 in TP mode Virtual domain configuration: enable <-----here
PCNSE
NSE
StrongSwan
Thank you for your answers.
I did sniff the DHCP traffic and am of the opinion it goes over the SSID of the "base" Wifi.
config sys global: yes, I erred. but I get the same parsing error before symbol "global"
get sys status indicates virtual domain configuration disabled. Do I need to enable this? and if so, what would be the magic incantation? (since config sys global doesn't seem to work for my credentials?)
Thanks
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.