FortiAP 421E Blocked by local-in-policy

Author
Bob_Shaw
Bronze Member
  • Total Posts : 47
  • Scores: 0
  • Reward points: 0
  • Joined: 2004/09/08 07:06:33
  • Location: Slippery Rock, PA
  • Status: offline
2019/06/11 06:27:27 (permalink)
0

FortiAP 421E Blocked by local-in-policy

I'm trying to setup a couple of AP. I got the AP setup in the FortiGate unit but its being blocked by the local-in-policy. Am I even looking at the correct local-in-policy? I even tried setting the deny to accept on the 2nd and 4th policies. Only wan1 is active wan2 is disabled, these are configured for SD-Wan. We stopped using the 2nd wan some time ago, I just haven't reconfigured the fortigate unit. Any advice on getting the AP connecting would be greatly appreciated.
 
Devices:
FortiAP 421E - v6.0.5 - 192.168.1.178
FOrtiGate 200D - v6.0.5 - 192.168.1.100
 
 
config firewall local-in-policy
edit 1
set intf "wan1"
set srcaddr "usa"
set dstaddr "all"
set action accept
set service "ALL"
set schedule "always"
next
edit 2
set intf "wan1"
set srcaddr "all"
set dstaddr "all"
set service "ALL"
set schedule "always"
next
edit 3
set intf "wan2"
set srcaddr "usa2"
set dstaddr "all"
set action accept
set service "ALL"
set schedule "always"
next
edit 4
set intf "wan2"
set srcaddr "all"
set dstaddr "all"
set service "ALL"
set schedule "always"
next
end
 
 
Local Traffic log entry looks like this:
General
Date 2019/06/11
Time 09:17:18
Duration 0s
Session ID 1121662
Virtual Domain root
Source
IP 192.168.1.178
Source Port 35246
Country/Region Reserved
Primary MAC 70:4c:a5:52:98:40
Source Interface lan
Host Name FP421E3X17006836
Device Type Fortinet Device
OS Name FortiAP
Destination
IP 192.168.1.100
Port 5246
Country/Region Reserved
Destination Interface root
Application
Application Name Local Wireless Controller
Category unscanned
Protocol udp
Service udp/5246
Data
Received Bytes 0 B
Sent Bytes 0 B
Sent Packets 0
Action
Action deny
Threat 262144
Policy 0
Policy Type local-in-policy
Security
Level
Threat Level low
Threat Score 5
Other
Device Category Fortinet Device
Source Interface Role lan
Log ID 14
byod_name FP421E3X17006836
Protocol Number 17
roll 63521
byod_device fortinet-device
Log event original timestamp 1560259037
Destination Interface Role undefined
Source Server 0
Sub Type local
#1

2 Replies Related Threads

    Dave Hall
    Expert Member
    • Total Posts : 1395
    • Scores: 152
    • Reward points: 0
    • Joined: 2012/05/11 07:55:58
    • Location: Canada
    • Status: offline
    Re: FortiAP 421E Blocked by local-in-policy 2019/06/11 07:45:46 (permalink)
    5 (1)
    Have you checked CAPWAP on the internal interface?  Has the AP been authorized?
     

     
     

    Attached Image(s)


    NSE4/FMG-VM64/FortiAnalyzer-VM/5.2/5.4 (FWF40C/FW92D/FGT200B/FGT200D/FGT101E)/ FAP220B/221C
    #2
    Bob_Shaw
    Bronze Member
    • Total Posts : 47
    • Scores: 0
    • Reward points: 0
    • Joined: 2004/09/08 07:06:33
    • Location: Slippery Rock, PA
    • Status: offline
    Re: FortiAP 421E Blocked by local-in-policy 2019/06/11 08:04:25 (permalink)
    0
    I did not have the CAPWAP enabled on the FortiGate internal interface. Enabled it and a minute or two later the unit status is now showing Online. Thank you very much!
     
    Now to cancel the ticket. I tried Support Chat first and they forwarded it to support.
    #3
    Jump to:
    © 2019 APG vNext Commercial Version 5.5