Using Remote WLAN FortiAPs

Remote WLAN FortiAP models enable you to provide a pre-configured WiFi access point to a remote or traveling employee. Once plugged in at home or in a hotel room, the FortiAP automatically discovers the enterprise FortiGate WiFi controller over the Internet and broadcasts the same wireless SSID used in the corporate office. Communication between the WiFi controller and the FortiAP is secure, eliminating the need for a VPN.

Split tunneling

By default, all traffic from the remote FortiAP is sent to the FortiGate WiFi controller. If split tunneling is configured, only traffic destined for the corporate office networks is routed to the FortiGate unit. Other general Internet traffic is routed unencrypted through the local gateway. Split tunneling avoids loading the FortiGate unit with unnecessary traffic and allows direct access to local private networks at the FortiAP’s location even if the connection to the WiFi controller goes down.

Note: Split tunneling in WiFi networks differs in implementation from split tunneling in VPN configurations.

By default, split tunneling options are not visible in the FortiGate GUI. You can make these options visible using the following CLI command:

config system settings

set gui-fortiap-split-tunneling enable end

Split tunneling is configured in the FortiAP Profile and enabled in the SSID.

Configuring the FortiGate for remote FortiAPs

This section assumes that you have already defined SSIDs and now want to make them available to remote

FortiAPs.

Create FortiAP profiles for the Remote LAN FortiAP models
If split tunneling will be used
enable Split Tunneling in the SSID
configure the split tunnel networks in the FortiAP profile

Pages: 1 2 3 4 5 6

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos

Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos

July 20, 2016 FortiOS 5.4 Handbook 6 Comments
amazon fortiwifi 60d, buy fortiwifi, buy fortiwifi 30d, buy fortiwifi 40c, buy fortiwifi 60d, change channel on fortiwifi, compare fortigate models, configure fortiwifi, configure fortiwifi 60c, configure fortiwifi 60d, configure wifi fortiwifi, connected utm - fortigate/fortiwifi-30 series, datasheet fortiwifi, datasheet fortiwifi 60d, difference between fortigate and fortiwifi, download fortiwifi firmware

How to set split tunneling to public Internet destinations. There is no unique subnet for that. I want all traffic to Internet to go locally.

Mike says:

February 24, 2017 at 5:30 PM

Just to clarify, you are wanting all NON enterprise network (or organization etc) traffic to flow out the local internet connection instead of going over the tunnel back to HQ and out their pipe?

- Milutin says:
  
  February 25, 2017 at 1:36 AM
  
  Yes, that is what I want.

Any ideas how to do this?

Mike says:

March 9, 2017 at 9:02 PM

Not sure I am following the question.

- Milutin says:
  
  March 10, 2017 at 1:17 AM
  
  Please, see our conversation above. I need to split tunnel all NON enterprise traffic to the local internet instead of going over the tunnel back to the HQ and out their pipe. It is possible with IPSec VPN, but I am not sure how to do this with RemoteAP. In my case it is FortiAP25D.
  Do you have any idea?

Using Remote WLAN FortiAPs

6 responses to “Using Remote WLAN FortiAPs”

Leave a Reply Cancel reply

Share this:

6 responses to “Using Remote WLAN FortiAPs”

Leave a Reply Cancel reply