Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
fortibey
New Contributor

Created on ‎10-22-2017 07:20 AM

GUI Connection Problem

Hello,

 

We've recently upgraded our FortiAP's (221C) firmwares to 5.4 family.

Also we've upgraded our fortigate firmware to 5.4 family.

 

Right now we can not access or fortiaps web gui.

They are rejecting the connection.

We've tried to revoke dhcp release and we see that we can connect for a very short period.

 

How can we solve this problem ?

 

Thanks

Labels:
10854
0 Kudos
4 REPLIES 4
tanr
Valued Contributor II

Created on ‎10-22-2017 12:56 PM

I haven't had to do much with my FAP's for a while.  A few thoughts:

[ol]
  • I didn't run into it, but the documentation says you may need to disconnect the CAPWAP interface to the FAP (and I assume do the mandatory 30 second pause) then reconnect it.  If you are not running the FAP's on POE, rebooting them is always next on my list of things to try.
  • What versions do you have your FortiGate and FAP's at?  Hopefully you followed the upgrade path: http://cookbook.fortinet.com/supported-upgrade-paths-fortiap/?  On the FAP side, I believe you need to upgrade to 5.4.1, then 5.4.2, then 5.4.3.  I know there is a matching specific sequence for which FGT versions changes you should do for each FAP version change, but I all I've found so far is the security fabric upgrade document: http://docs.fortinet.com/uploaded/files/3995/Coop-Security-Fabric-5.4.6-Upgrade-Guide.pdf
  • I assume you've enabled CAPWAP on the command interfaces to the 221C's?
  • Is your CAPWAP interface to the FAP's vlan tagged on the FAP side?  That is, will the FAP be getting vlan tagged packets on the controlling interface?  My own CAPWAP default interface to 221C FAP's is not vlan tagged, though all of the bridged interfaces my FAP exposes ARE vlan tagged.  IIRC, the CAPWAP to FAP connection had some issue when working with a CAPWAP interface that was vlan tagged.
  • Can you connect to the FAP directly, by HTTPS or SSH?  What does it show for it's Status, Wifi Admin Status, etc.?[/ol]
    • 2032
    0 Kudos
    tanr
    Valued Contributor II
    In response to tanr

    Created on ‎10-22-2017 01:08 PM

    Found the notes on FGT and FAP version compatibility.

    FAP          FortiOS

    5.4.0        5.4.0 5.4.1        5.4.1 5.4.2        5.4.2 AND LATER 5.4.3        5.4.5 AND LATER

     

    2032
    0 Kudos
    fortibey
    New Contributor
    In response to tanr

    Created on ‎10-29-2017 01:00 AM

    Thank you very much for your reply.

     

    I've found the problem :)

    It seems we can not reach fortiap gui if we authorize the device with fortigate.

    I've deauthorized fortiapps and i've managed to access their gui.

     

    I hope this information will be helpfull in future for similiar cases.

    2032
    0 Kudos
    neonbit
    Valued Contributor
    In response to fortibey

    Created on ‎10-29-2017 04:34 AM

    FYI you can enable admin access to the FAP once it's registered to the FortiGate but you need to do this via the CLI (it's disabled by default).

    2032
    0 Kudos
    Labels
    Top Kudoed Authors
    View all
    Broad. Integrated. Automated.

    The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

    Social Media
    Security Research
    Company
    News & Articles
    Contact Us

    Copyright 2024 Fortinet, Inc. All Rights Reserved.