Chapter 8 – Deploying Wireless Networks

GUI support for WiFi SSID schedules (276425 269695 269668 )


WiFi SSIDs include a schedule that determines when the WiFi network is available. The default schedule is Always. You can choose any schedule (but not schedule group) that is defined in Policy & Objects > Objects > Schedules.


CLI Syntax

config wireless-controller vap edit vap-name

set schedule always end


The WiFi SSID list includes a Schedule column.


SSID Groups

An SSID Group has SSIDs as members and can be specified in any field that accepts an SSID.

To create an SSID Group in the GUI, go to WiFi Controller > SSID and select Create New > SSID Group. Give the group a Name and choose Members (SSIDs, but not SSID Groups).

To create an SSID Group in the CLI:


config wireless-controller vap-group edit vap-group-name

set vaps “ssid1” “ssid2” end


RADIUS Change of Authorization (CoA) support

The CoA feature enables the FortiGate to receive a client disconnect message from the RADIUS server. This is used to disconnect clients when their time, credit or bandwidth had been used up. Enable this on the RADIUS server using the CLI:


config user radius edit <server_name>

set radius-coa enable end


CAPWAP offloading to NPU

On FortiGates with the NP6 processor, offloading of CAPWAP traffic to the NP6 is enabled by default.


Administrative access to managed FortiAPs

By default, telnet access to a FortiAP unit’s internal configuration is disabled when the FortiAP is managed (has been authorized) by a FortiGate. You can enable administrative access in the FortiAP profile, like this:


config wireless-controller wtp-profile edit FAP321C-default

set allowaccess telnet end

The allowaccess field also accepts http to allow HTTP administatrative access. The FortiAP Profile allowaccess settings can be overridden at the individual FortiAP:

config wireless-controller wtp edit FP321CX14004706

set override-allowaccess enable set allowaccess telnet http



Improved monitoring

The WiFi Client Monitor under Monitor displays top wireless user network usage and information that includes Device, Source IP, Source SSID, and Access Point. Disk logging must be enabled.


Wifi Clients and Failed Authentication views under FortiView are historical views.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU