This article describes the steps to gain access through SSH to a FortiAP from FortiGate.
Scope
FortiAP.
Solution
By default, the profile created on FortiGate for the managed model FortiAP is created with no management access; that is, no HTTPS SSH nor SNMP access. Therefore, no access to CLI is available when ‘right-clicking’ the device:
Most commonly, to fix this, there are two ways to allow SSH access:
- From GUI.
- From FortiGate CLI.
From GUI
Go to WiFi & Switch Controller > FortiAP Profiles, select the name of the FotiAP Profile used on the FortiAP, edit it through GUI, and select ‘OK’ on the bottom to save the changes.
From CLI
Open a new CLI on FortiGate and use the command ‘set allowaccess‘ under ‘config wireless-controller wtp-profile‘.
FG # config wireless-controller wtp-profile FG (wtp-profile) # edit Test-233G FG (Test-233G) # set allowaccess https HTTPS access. ssh SSH access. snmp SNMP access. FG (Test-233G) # set allowaccess ssh FG (Test-233G) # next FG (wtp-profile) # end
The configuration should be seen as follows:
FG # show wireless-controller wtp-profile Test-233G config wireless-controller wtp-profile edit "Test-233G" config platform set type 233G end set allowaccess ssh <---- Accesses allowed (in this case only SSH was granted permissions) ... next end
Once the changes have been saved, the result will be the following:
