Using a FortiWiFi unit as a client

Using a FortiWiFi unit as a client

A FortiWiFi operates by default as a wireless access point. But a FortiWiFi can also operate as a wireless client, connecting the FortiGate to another wireless network.

Use of client mode

In client mode, the FortiWiFi unit connects to a remote WiFi access point to access other networks or the Internet. This is most useful when the FortiWiFi unit is in a location that does not have a wired infrastructure.

For example, in a warehouse where shipping and receiving are on opposite sides of the building, running cables might not be an option due to the warehouse environment. The FortiWiFi unit can support wired users using its Ethernet ports and can connect to another access point wirelessly as a client. This connects the wired users to the network using the 802.11 WiFi standard as a backbone.

Note that in client mode the FortiWiFi unit cannot operate as an AP. WiFi clients cannot see or connect to the FortiWifi unit in Client mode.

Configuring client mode

To set up the FortiAP unit as a WiFi client, you must use the CLI. Before you do this, be sure to remove any AP WiFi configurations such as SSIDs, DHCP servers, policies, and so on.

To configure wireless client mode

  1. Change the WiFi mode to client.

In the CLI, enter the following commands:

config system global set wireless-mode client


Incoming Interface (srcintf) wifi
Source Address (srcaddr) all
Outgoing Interface (dstintf) port1
Destination Address (dstaddr) all
Schedule always
Service ALL
Enable NAT Selected

Respond “y” when asked if you want to continue. The FortiWiFi unit will reboot.

  1. Configure the WiFi interface settings.

For example, to configure the client for WPA-Personal authentication on the our_wifi SSID with passphrase justforus, enter the following in the CLI:

config system interface edit wifi set mode dhcp config wifi-networks edit 0 set wifi-ssid our_wifi set wifi-security wpa-personal set wifi-passphrase “justforus”



The WiFi interface client_wifi will receive an IP address using DHCP.

  1. Configure a wifi to port1 policy.

You can use either CLI or web-based manager to do this. The important settings are:

Controlled AP selection support in FWF client mode

Use the following CLI commands to provide a more controlled AP selection method (supported in FortiWiFi client mode).


config system interface edit {name} set wifi-ap-band {any | 5g-preferred | 5g-only}

next end


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos

Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos