kinto
(kinto)
1
Hello everyone, I recently purchased a Fortigate with FortiSwitch POE and some FortiAPs.
In the first configurations I followed this guide: link
So, the Fortigate is NTP Server and on the VLAN for the APs there is the Security Fabric and the DHCP Server.
I have the Fortigate that is configured and works to navigate without problems;
I have the Fortiswitch that via Fortilink is connected to the Fortigate;
I have the FortiAPs that are connected to the switch and receive the DHCP from the VLAN configured on the ports of the switch itself.
However, the APs are not shown on the Fortigate but from the Fortigate, via cli, I can connect in SSH.
The APs are not even able to synchronize with the NTP.
What could I check?
Thank you.
6 Spice ups
It’s been about 2 years since I got to use FortiVerse, so my memory is a little fuzzy. I do recall that you have to enable the FAP control module in the GUI in order to access it. From there you go into the FAP control and you have to adopt the APs.
I guess what I’m saying is that you should adopt the APs first.
From your description I assume that you are doing this in your home lab?
2 Spice ups
jadrien
(Jim Peters)
3
I’m afraid I’m too long removed from having dealt with this in my environment - adding a Fortiswitch and FortiAPs to my Fortigate 61F to remember how to solve your problem.
What I want to mention is that newly purchased devices often come off the shelf or out-of-inventory with relatively old firmware - 7.0.something on my APs. The firewall was on a version of 7.2 or 7.4 and when I got the switch in place I moved it up to 7.6.0.
To solve the problem of registering the APs, I remember support downgrading the firmware version on the Fortigate a couple of versions within its major.minor family. I surmised that the 7.0.x version on the APs was too far from 7.6 on the switch to function together.
Once I got my whole environment up and running and it had settled, I researched the story across these three devices with respect to the version numbers and what was going on. I am now running the APS on the 7.4 version that is known to be supported by the Fortigate. I left the switch on 7.6 rather than downgrading it.
Since the Fortigate is the main hub, I move that forward on 7.4 as things go. I know I can’t go to 7.6 due to dependencies I have for things that are being removed in 7.6. I also feel I have to leave auto-updates off in this mixed environment, because I do not think it is smart enough to not just bring me up to 7.6 across everything. I can’t go until I resolve the VPN client dependency I have on 7.4. The shortest thing I can say is that Fortinet tries to use the same versions across their multiple devices, but realistically the same versions are in different places. And I believe also that 7.4 versus 7.6 are stable versus latest. They don’t refer to them that way, 7.4 declares it is Mature, but I had enough issues with it and reviewing the release notes, strongly suggested that 7.6 had changes that resolved issues there but not (currently) in 7.4.
1 Spice up
kinto
(kinto)
4
The configuration is currently in the lab and I have enabled the AP management functionality from the beginning.
The problem is that it seems that the APs are seen by the Fortigate (through which I can access them) but for some reason the APs themselves cannot be visible among those to be managed on the fortigate.
The firmwares are all at the versions reported in the Fortinet compatibility matrices.
kinto
(kinto)
5
I have tried resetting everything and following the Fortinet guide step by step but the problem remains.
Any ideas?
mdhondt
(mdhondt)
6
Did you make sure these settings are also into place?
mdhondt
(mdhondt)
7
And add the VLAN interface to the NTPserver service at System → Settings
![\"image\"](\"https://us1.discourse-cdn.com/spiceworks/original/4X/0/e/c/0ec2af4b3cb4ee1ef7f352ff63800afd9e7cd5f9.png\")