FortiAP Management – Discovering, authorizing, and deauthorizing FortiAP units

Discovering, authorizing, and deauthorizing FortiAP units

AC actions when a FortiAP attempts to get discovered

Enable the ap-discover setting on the AC for the interface designed to manage FortiAPs:

config system interface edit “lan” set ap-discover enable

next

end

The set ap-discover enable setting allows the AC to create an entry in the Managed FortiAPs table when it receives the FortiAP’s discovery request. The ap-discover setting is enabled by the factory default settings. When the FAP entry is created automatically, it is marked as discovered status, and is pending for administrator’s authorization, unless the following setting is present.

config system interface edit “lan” set auto-auth-extension-device enable

next

end

The above set auto-auth-extension-device enable setting will allow AC authorize an new discovered FAP automatically without administrator’s manual authorization operation. The auto-auth-extension-device setting is disabled by factory default.

Authorize a discovered FAP

Once the FAP discovery request is received by AC, an FAP entry will be added to Managed FAP table, and shown on GUI > Managed FortiAP list page.

To authorize the specific AP, click to select the FAP entry, then click Authorize button on the top of the table or Authorize entry in the pop-out menu.

Through GUI, authorization can also be done in FAP detail panel, under Action menu.

The authorization can also be done through CLI with follow commands.

config wireless-controller wtp edit “FP423E3X16000320” set admin enable

next

end

De-authorize a managed FAP

To de-authorize a managed FAP, click to select the FAP entry, then click Deauthorize button on the top of the table or Deauthorize entry in the pop-out menu.

Through GUI, de-authorization can also be done in FAP detail panel, under Action menu.

The de-authorization can also be done through CLI with follow commands.

config wireless-controller wtp edit “FP423E3X16000320” set admin discovered

next

end

This entry was posted in Administration Guides, FortiAP, FortiGate, FortiOS 6.2 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.