Using Remote WLAN FortiAPs
Using Remote WLAN FortiAPs
Remote WLAN FortiAP models enable you to provide a pre-configured WiFi access point to a remote or traveling employee. Once plugged in at home or in a hotel room, the FortiAP automatically discovers the enterprise FortiGate WiFi controller over the Internet and broadcasts the same wireless SSID used in the corporate office. Communication between the WiFi controller and the FortiAP is secure, eliminating the need for a VPN.
By default, all traffic from the remote FortiAP is sent to the FortiGate WiFi controller. If split tunneling is configured, only traffic destined for the corporate office networks is routed to the FortiGate unit. Other general Internet traffic is routed unencrypted through the local gateway. Split tunneling avoids loading the FortiGate unit with unnecessary traffic and allows direct access to local private networks at the FortiAP’s location even if the connection to the WiFi controller goes down.
Note: Split tunneling in WiFi networks differs in implementation from split tunneling in VPN configurations.
By default, split tunneling options are not visible in the FortiGate GUI. You can make these options visible using the following CLI command:
config system settings
set gui-fortiap-split-tunneling enable end
Split tunneling is configured in the FortiAP Profile and enabled in the SSID.
Configuring the FortiGate for remote FortiAPs
This section assumes that you have already defined SSIDs and now want to make them available to remote
- Create FortiAP profiles for the Remote LAN FortiAP models
- If split tunneling will be used
- enable Split Tunneling in the SSID
- configure the split tunnel networks in the FortiAP profile
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
How to set split tunneling to public Internet destinations. There is no unique subnet for that. I want all traffic to Internet to go locally.
Just to clarify, you are wanting all NON enterprise network (or organization etc) traffic to flow out the local internet connection instead of going over the tunnel back to HQ and out their pipe?
Yes, that is what I want.
Any ideas how to do this?
Not sure I am following the question.
Please, see our conversation above. I need to split tunnel all NON enterprise traffic to the local internet instead of going over the tunnel back to the HQ and out their pipe. It is possible with IPSec VPN, but I am not sure how to do this with RemoteAP. In my case it is FortiAP25D.
Do you have any idea?