Setting the AP load balance threshold
The thresholds for AP handoff are set in the FortiAP profile, but is accessible only through the CLI:
config wireless-controller wtp-profile edit FAP221C-default
set handoff-sta-thresh 30 set handoff-rssi 25
end
handoff-sta-thresh sets the number of clients at which AP load balancing begins. It has a range of 5 to 35.
handoff-rssi Sets the minimum signal strength that a new client must have at an alternate AP for the overloaded AP to ignore the client. It has a range of 20 to 30. RSSI is a relative measure. The higher the number, the stronger the signal.
Application rate-limiting
To prevent particular application types from consuming too much bandwidth, you can use the FortiOS Application
Control feature.
1. Go to Security Profiles > Application Control.
You can use the default profile or create a new one.
2. Click the category, select Traffic Shaping and then select the priority for the category.
Repeat for each category to be controlled.
3. Select Apply.
4. Go to Policy & Objects > IPv4 Policy and edit your WiFi security policy.
5. In Security Profiles, set Application Control ON and select the security profile that you edited.
6. Select OK.
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
How to set split tunneling to public Internet destinations. There is no unique subnet for that. I want all traffic to Internet to go locally.
Just to clarify, you are wanting all NON enterprise network (or organization etc) traffic to flow out the local internet connection instead of going over the tunnel back to HQ and out their pipe?
Yes, that is what I want.
Any ideas how to do this?
Not sure I am following the question.
Please, see our conversation above. I need to split tunnel all NON enterprise traffic to the local internet instead of going over the tunnel back to the HQ and out their pipe. It is possible with IPSec VPN, but I am not sure how to do this with RemoteAP. In my case it is FortiAP25D.
Do you have any idea?