Using Remote WLAN FortiAPs
Remote WLAN FortiAP models enable you to provide a pre-configured WiFi access point to a remote or traveling employee. Once plugged in at home or in a hotel room, the FortiAP automatically discovers the enterprise FortiGate WiFi controller over the Internet and broadcasts the same wireless SSID used in the corporate office. Communication between the WiFi controller and the FortiAP is secure, eliminating the need for a VPN.
By default, all traffic from the remote FortiAP is sent to the FortiGate WiFi controller. If split tunneling is configured, only traffic destined for the corporate office networks is routed to the FortiGate unit. Other general Internet traffic is routed unencrypted through the local gateway. Split tunneling avoids loading the FortiGate unit with unnecessary traffic and allows direct access to local private networks at the FortiAP’s location even if the connection to the WiFi controller goes down.
Note: Split tunneling in WiFi networks differs in implementation from split tunneling in VPN configurations.
By default, split tunneling options are not visible in the FortiGate GUI. You can make these options visible using the following CLI command:
config system settings
set gui-fortiap-split-tunneling enable end
Split tunneling is configured in the FortiAP Profile and enabled in the SSID.
Configuring the FortiGate for remote FortiAPs
This section assumes that you have already defined SSIDs and now want to make them available to remote
- Create FortiAP profiles for the Remote LAN FortiAP models
- If split tunneling will be used
- enable Split Tunneling in the SSID
- configure the split tunnel networks in the FortiAP profile
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!