In this recipe, you will set up a WiFi network with by adding a FortiAP in Tunnel mode to your network.
This recipe is in the Basic FortiGate network collection. You can also use it as a standalone recipe.
You can configure a FortiAP in either Tunnel mode (default) or Bridge mode. When a FortiAP is in Tunnel mode, a wireless-only subnet is used for wireless traffic. When a FortiAP is in Bridge mode, the Ethernet and WiFi interfaces are connected (or bridged), allowing wired and wireless networks to be on the same subnet.
Find this recipe for other FortiOS versions
5.2 | 5.4 | 5.6 | 6.0
1. Connecting and authorizing the FortiAP |
|
|
To edit the interface that will connect to the FortiAP (in the example, port 22), go to Network > Interfaces. Set Role to LAN and Addressing Mode to Manual. Set IP/Network Mask to a private IP address (in the example 10.10.200.1/255.255.255.0). Under Administrative Access, enable CAPWAP. Enable DHCP Server. Under Networked Devices, enable Device Detection. |
 |
|
Connect the FortiAP unit to the interface. |
|
|
To view the list of managed FortiAPs, go to WiFi & Switch Controller > Managed FortiAPs. The newFortiAP appears in the list but it is greyed out because it is not authorized. Select the FortiAP, and select Authorize. |
 |
|
After a few minutes, select Refresh. The FortiGate shows the FortiAP as authorized. |
 |
2. Creating an SSID |
|
|
To create a new SSID to be broadcast for WiFi users, go to WiFi & Switch Controller > SSID. Set Traffic Mode to Tunnel and set IP/Network Mask to a private IP address (in the example 10.10.201.1/255.255.255.0). Enable DHCP Server and Device Detection. |
 |
|
Under WiFi Settings, name the SSID (in the example, Office-WiFi) and set a secure Pre-shared Key. Enable Broadcast SSID. |
 |
3. Creating a custom FortiAP profile |
|
|
To create a new FortiAP profile, go to WiFi & Switch Controller > FortiAP Profiles. Set Platform to the FortiAP model you are using (in the example, FAP221C) and Country/Region to the appropriate location. Set an AP Login Password to secure the FortiAP. Under Radio 1, set Mode to Access Point and SSIDs to Manual. Add your new SSID. |
 |
|
To assign the new profile, go to WiFi & Switch Controller > Managed FortiAPs and right-click the FortiAP. Select Assign Profile and set the FortiAP to use the new profile. |
 |
4. Allowing wireless access to the Internet |
|
|
To create a new policy for wireless Internet access, go to Policy & Objects > IPv4 Policy. Set Incoming Interface to the SSID and Outgoing Interface to your Internet-facing interface. Enable NAT. |
 |
5. Results |
|
|
Connect to the SSID with a wireless device. After a connection is established, browse the Internet to generate traffic. |
|
| To view the traffic using the wireless Internet access policy, go to FortiView > All Segments > Polices. |  |
| To view more information about this traffic, right-click the policy and select Drill Down to Details. |  |
For further reading, check out Configuring a WiFi LAN in the FortiOS 6.0 Online Help.
The post Setting up WiFi with a FortiAP appeared first on Fortinet Cookbook.