In this recipe, you will set up a WiFi network with a FortiGate managing a FortiAP in Tunnel mode.
You can configure a FortiAP unit in either Tunnel mode or Bridge mode. Tunnel mode is the default mode for a FortiAP. A FortiAP in Tunnel mode uses a wireless-only subnet for wireless traffic. When a FortiAP is in Bridge mode, the Ethernet and WiFi interfaces are connected (or bridged), allowing wired and wireless networks to be on the same subnet.
For information about using a FortiAP in Bridge mode, see Setting up a WiFi bridge with a FortiAP.
Find this recipe for other FortiOS versions
5.2 | 5.4 | 5.6
1. Connecting and authorizing the FortiAP unit |
|
|
Go to Network > Interfaces and edit the interface that will connect to the FortiAP (in this example, port 16). Set Addressing Mode to Manual and set an IP/Network Mask. Under Administrative Access, enable CAPWAP and optionally enable PING to test your connection. Under Networked Devices, enable both Device Detection and Active Scanning. |
 |
|
Connect the FortiAP unit to the interface. |
 |
|
Go to WiFi & Switch Controller > Managed FortiAPs. The FortiAP is listed. The device is not yet authorized, as indicated by the By default, FortiGate adds newly discovered FortiAPs to the Managed FortiAPs list but does not authorize them. |
 |
 |
|
|
The device interface will be down initially, but after a few minutes, hit the Refresh button and a |
 |
|
Make sure that your FortiAP is on the latest firmware. If the OS Version shows the message “A new firmware version is available,” then check the release notes for your product on the Fortinet Support Site. |
 |
|
You can download the firmware images from the Support Site to your Local Hard Disk, or you can select A new firmware version is available and download the latest version directly from FortiGuard. |
|
2. Creating an SSID |
|
|
Go to WiFi & Switch Controller > SSID and create a new SSID. Set Traffic Mode to Tunnel. Select an IP/Network Mask for the wireless interface and enable DHCP Server. Enable Device Detection and Active Scanning. Name the SSID (in the example, MyNewWiFi). Set the Security Mode as required and enter a secure Pre-shared Key. Enable Broadcast SSID. |
 |
3. Creating a custom FortiAP profile |
|
|
Go to WiFi & Switch Controller > FortiAP Profiles and create a new profile. Set Platform to the FortiAP model you are using (FAP221C in this recipe). Set the Country/Region and you have the option to set your AP Login Password. Make sure the Radio 1 is set to Access Point, and leave the SSID set to Auto.
|
 |
|
Go to WiFi & Switch Controller > Managed FortiAPs and right-click on the FortiAP you added earlier. Select Assign Profile and set the FortiAP to use the new SSID profile (in the example, MyProfile). By default, the FortiGate assigns all SSIDs to this profile. |
 |
4. Allowing wireless access to the Internet |
|
|
Go to Policy & Objects > IPv4 Policy and create a new policy. Set Incoming Interface to the SSID and Outgoing Interface to your Internet-facing interface. Confirm that NAT is enabled. |
 |
5. Results |
|
|
Connect to the SSID with a wireless device. After a connection is established, browse the Internet to generate traffic. |
 |
| From the policy list page, right-click on your wireless policy and select Show in FortiView or go directly to FortiView > All Sessions. |  |
| You can view more details by selecting various tabs (Sources, Destinations, Applications, Countries, Sessions). |  |
For further reading, check out Configuring a WiFi LAN in the FortiOS 5.6 Handbook.
The post Setting up WiFi with a FortiAP appeared first on Fortinet Cookbook.