Creating a FortiAP Profile

A FortiAP Profile defines radio settings for a particular platform (FortiAP model). The profile also selects which SSIDs (virtual APs) the APs will carry. FortiAP units contain two radio transceivers, making it possible, for example, to provide both 2.4GHz 802.11b/g/n and 5GHz 802.11a/n service from the same access point. The radios can also be used for monitoring, used for the Rogue AP detection feature.

You can modify existing FortiAP profiles or create new ones of your own.

 

On FortiGate model 30D, web-based manager configuration of FortiAP Profiles is dis- abled by default. To enable AP profiles, enter the following CLI commands:

 

config system settings

set gui-ap-profile enable end

 

 

To configure a FortiAP Profile – web-based manager

1. Go to WiFi & Switch Controller > FortiAP Profiles and select Create New.

2. Enter a Name for the FortiAP Profile.

3. In Platform, select the FortiWiFi or FortiAP model to which this profile applies.

4. If split tunneling is used, in Split Tunneling Subnets, enter a comma-separated list all of the destination IP

address ranges that should not be routed through the the FortiGate WiFi controller.

5. For each radio, enter:

 

Mode                                           Select the type of mode.

Disable – radio disabled

Access Point – the platform is an access point

Dedicated Monitor – the platform is a dedicated monitor. See Wireless network monitoring on page 894.

WIDS Profile                              Optionally, select a Wireless Intrusion Detection (WIDS) profile. See Pro- tecting the WiFi Network on page 891.

Radio Resource

Provision

Select to enable the radio resource provision feature. This feature meas- ures utilization and interference on the available channels and selects the clearest channel at each access point. The measurement can be repeated periodically to respond to changing conditions.

 

Client Load

Balancing

Select Frequency Handoff or AP Handoff as needed. See Access point deployment on page 850.

Band                                           Select the wireless protocols that you want to support. The available choices depend on the radio’s capabilities. Where multiple protocols are supported, the letter suffixes are combined: “802.11g/b” means 802.11g and 802.11b.

Note that on two-radio units such as the FortiAP-221C it is not possible to put both radios on the same band.

Select Channel Width               Select channel width for 802.11ac or 802.11n on 5GHz.

Short Guard

Interval

Select to enable the short guard interval for 802.11ac or 802.11n on 5GHz.

Channel                                      Select the channel or channels to include. The available channels depend on which IEEE wireless protocol you selected in Band. By default, all avail- able channels are enabled.

 

Auto Tx Power

Control

Optionally, enable automatic adjustment of transmit power, specifying min- imum and maximum power levels.

TX Power                                    When Auto Tx Power is not used, the TX power is set by default to 100% of the maximum power permitted in your region. To change the level, drag the slider.

SSID                                            Choose one of

Automatically assign Tunnel-mode SSIDs

or

Select SSIDs. Choose the required SSIDs.

 

Radio 1 settings are the same as Radio 2 settings except for the options for Channel. Radio 2 settings are available only for FortiAP models with dual radios.

 

6. Select OK.

 

 

To configure a FortiAP Profile – CLI

This example configures a FortiAP-220B to carry all SSIDs on Radio 1 but only SSID example_wlan on Radio 2.

config wireless-controller wtp-profile edit guest_prof

config platform set type 220B

end

config radio-1 set mode ap

set band 802.11g set vap-all enable

end

config radio-2 set mode ap

set band 802.11g

set vaps example_wlan end

end

 

 

Defining a wireless network interface (SSID)

You begin configuring your wireless network by defining one or more SSIDs to which your users will connect. When you create an SSID, a virtual network interface is also created with the Name you specified in the SSID configuration. You can configure the settings of an existing SSID in either WiFi Controller > WiFi Network > SSID or System > Network > Interface.

 

If a software switch interface contains an SSID (but only one), the WiFi SSID settings are available in the switch interface settings.

 

To create a new SSID

1. Go to WiFi & Switch Controller > SSID and select Create New > SSID.

2. Fill in the SSID fields as described below.

To configure the settings of an existing SSID

1. Either

Go to WiFi & Switch Controller > SSID.

or

Go to Network > Interfaces.

WiFi interfaces list the SSID beside the interface Name.

2. Edit a WiFi interface, modifying the SSID fields as needed.

 

 

SSID fields

Interface Name         Enter a name for the SSID interface.

 

Type                          WiFi SSID.

 

Traffic Mode             Tunnel to Wireless Controller — Data for WLAN passes through WiFi Controller.

This is the default.

 

Local bridge with FortiAP’s Interface — FortiAP unit Ethernet and WiFi interfaces are bridged.

 

Mesh Downlink — Radio receives data for WLAN from mesh backhaul SSID.

 

IP/Network Mask     Enter the IP address and netmask for the SSID.

 

IPv6 Address           Enter the IPv6 address. This is available only when IPv6 has been enabled on the unit.

 

Administrative

Access

Select which types of administrative access are permitted on this SSID.

 

IPv6 Admin- istrative Access

If you have IPv6 addresses, select the permitted IPv6 administrative access types for this SSID.

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!