Configuring the built-in access point on a FortiWiFi unit

Both FortiGate and FortiWiFi units have the WiFi controller feature. If you configure a WiFi network on a

FortiWiFi unit, you can also use the built-in wireless capabilities in your WiFi network as one of the access points.

If Virtual Domains are enabled, you must select the VDOM to which the built-in access point belongs. You do this in the CLI. For example:

config wireless-controller global set local-radio-vdom vdom1

end

To configure the FortiWiFi unit’s built-in WiFi access point

1. Go to WiFi Controller > Local WiFi Radio.
2. Make sure that Enable WiFi Radio is selected.
3. In SSID, if you do not want this AP to carry all SSIDs, select Select SSIDs and then select the required SSIDs.
4. Optionally, adjust the TX Power

If you have selected your location correctly (see Configuring the built-in access point on a FortiWiFi unit on page 53), the 100% setting corresponds to the maximum power allowed in your region.

5. If you do not want the built-in WiFi radio to be used for rogue scanning, select Do not participate in Rogue AP scanning.
6. Select OK.

If you want to connect external APs, such as FortiAP units, see the next chapter, Access point deployment.

Enforcing UTM policies on a local bridge SSID for managed smart APs

The config wireless-controller utm-profile command lets administrators configure UTM profiles in order to enforce UTM policies on a local bridge SSID when Smart AP’s are managed by FortiGate.

As a result, these UTM profiles can also be assigned under config wireless-controller vap.

Please note that this is only supported in Bridge-mode.

In addition, a new diagnose command has been introduced to determine the status of the cw_acd daemon, which handles the communication between FortiGate and APs.

 

Enforcing UTM policies on a local bridge SSID for managed smart APs

Note that the default utm-profile available (named wifi-default) has all applicable options within the command set to wifi-default.

Use “?” to view all available profiles to assign, for example, “set ips-sensor ?”.

Syntax:

config wireless-controller utm-profile edit <name> set comment <comment> set utm-log {enable | disable} set ips-sensor <name> set application-list <name> set antivirus-profile <name> set webfilter-profile <name> set firewall-policy <id>

set scan-botnet-connections {disable | block | monitor}

next

end

config wireless-controller vap edit <name> set utm-profile <name>

next

end

To debug the cw_acd_helper daemon, use the following diagnose command:

diagnose wireless-controller wlac_hlp

Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!