Troubleshooting a FortiAP that FortiSASE does not see
If after configuring the FortiAP, FortiSASE does not see it, take the following troubleshooting steps.
To troubleshoot a FortiAP that FortiSASE does not see:
- Ensure that the FortiAP is registered in the same FortiCloud account as FortiSASE. See FortiCloud account prerequisites.
- Ensure that the FortiAP is registered with a FortiSASE subscription license in the same FortiCloud account as FortiSASE. See FortiCloud account prerequisites.
- Ensure that after you make configure the FortiSASE domain name in the FortiAP GUI or CLI in Configuration mode, you reboot the FortiAP.
- Ensure that after you connect the FortiAP to a wired network that it is getting a valid IP address, can access the internet, and can connect to the FortiSASE wireless controller. By default, the FortiAP obtains a LAN IP using DHCP. You can connect to the FortiAP CLI using a serial console connection and serial terminal software to perform these steps:
- Check the FortiAP LAN IP address and netmask, and default gateway, respectively, using these commands:
ifconfig br0 route
- Ping the FortiSASE domain name using
ping <FortiSASE domain name>
and then cancel it using Ctrl+C. - Check the FortiAP has a valid CAPWAP connection to the wireless controller using this command:
FortiAP-431F # cw_diag -c acs WTP Configuration name : FortiAP-431F loc : N/A ap mode : thin AP ... ACS 0 info wcha info : mode=0 max=10 wait=10 peer_cnt=0 acPri : 1 fsm-state : RUN 768 ac-ip-addr : 154.52.4.72:5246,5247 DNS ac-name : FGVMABCD00000EFG ... data-chan-sec-oper : ipsec-sn ... ACS 1 info wcha info : mode=0 max=0 wait=0 peer_cnt=0 acPri : 2 fsm-state : START 796 ac-ip-addr : 0.0.0.0:0,0 UNKNOWN ac-name : ...
- Check the FortiAP LAN IP address and netmask, and default gateway, respectively, using these commands: