Suppress all other multicast/broadcast packets (282404)

The SSID broadcast-suppression field in the CLI contains several options for specific multicast and broadcast packet types. Two new options suppress multicast (mc) and broadcast (bc) packets that are not covered by any of the specific options.

config wireless-controller vap edit “wifi”

append broadcast-suppression all-other-mc all-other-bc end

 

A new configurable timer flushes the wireless station presence cache (283218)

The FortiGate generates a log entry only the first time that station-locate detects a mobile client. No log is generated for clients that have been detected before. To log repeat client visits, previous station presence data must be deleted (flushed). The sta-locate-timer can flush this data periodically. The default period is 1800 seconds (30 minutes). The timer can be set to any value between 1 and 86400 seconds (24 hours). A setting of 0 disables the flush, meaning a client is logged only on the very first visit.

The timer is one of the wireless controller timers and it can be set in the CLI. For example:

config wireless-controller timers set sta-locate-timer 1800

end

The sta-locate-timer should not be set to less than the sta-capability-timer (default 30 seconds) because that could cause duplicate logs to be generated.

 

Distributed Automatic Radio Resource Provisioning (DARRP) support (283501)

Through DARRP, each FortiAP unit autonomously and periodically determines the channel that is best suited for wireless communications. The distributed ARRP feature allows FortiAP units to select their channel so that they do not interfere with each other in large-scale deployments where multiple access points have overlapping radio ranges. Furthermore, Fortinet’s implementation of DARRP simplifies operations by removing dependency on client software or hardware.

By default, DARRP optimization occurs at a fixed interval of 1800 seconds. Optionally, you can now schedule optimization for a fixed time. This enables you to confine DARRP activity to a low-traffic period. Setting darrp- optimize to 0, makes darrp-day and darrp-time available. For example, here’s how to set DARRP optimization for 3:00am every day:

config wireless-controller timers set darrp-optimize 0

set darrp-day sunday monday tuesday wednesday thursday friday saturday set darrp-time 03:00

end

Both darrp-day and darrp-time can accept multiple entries.

 

The FAP-320C, 320B and 112B second WAN port can be configured as a LAN bridge (261415)

This change makes FortiAP models 320C, 320B and 112B work more like other FortiAP models with LAN ports. The LAN port can be

• bridged to the incoming WAN interface
• bridged to one of the WiFi SSIDs that the FortiAP unit carries
• connected by NAT to the incoming WAN interface

The LAN port is labeled LAN2. The port labeled LAN1 acts as a WAN port connecting the FortiAP to a FortiGate

or to FortiCloud. By default, LAN2 is bridged to LAN1. Access to other modes of LAN2 operation must be enabled in the CLI:

config wireless-controller wtp-profile edit <profile_name>

set wan-port-mode wan-lan end

By default wan-port-mode is set to wan-only. By default wan-port-mode is set to wan-only.

When wan-port-mode is set to wan-lan, LAN2 Port options are available in the FortiAP Profile, the same as other FortiAP models with LAN ports, such as 11C and 14C. In the GUI, see the LAN Port settings in Wireless

 

Controller > FortiAP Profiles. In the CLI, use the config lan subcommand of config wireless- controller wtp-profile. LAN Port settings can be overridden on individual FortiAPs.

SSID Groups (264010)

SSID groups have SSIDs as members and can be used just like an individual SSID. To create an SSID group go to WiFi Controller > SSID and select Create New > SSID Group. An SSID can belong to multiple groups.

GUI improvements (205523 278771 278898)

• Managed FortiAP pages now show WTP Mode, either Normal or Remote. WTP Mode is an optional column in the
• Managed FortiAPs list.
• WIDS Profile is an optional column in the FortiAP Profiles list.
• If a software switch interface contains an SSID (but only one), the WiFi SSID settings are available in the switch interface settings.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!