Possible to bridge interface or vlan to ssid at fortigate and not fortiap

Forum|Forum|12 years ago
January 23, 2014
8 replies
16371 views

Just wondering if it is possible to bridge interface/vlan to ssid at the fortigate instead of at the fortiap?

Bromont_FTNT

Staff

Not sure exactly what you need but bridge mode bridges at the AP, tunnel mode goes to the VAP interface on the Fortigate.

brianmac64Author

New Member

ORIGINAL: Bromont Not sure exactly what you need but bridge mode bridges at the AP, tunnel mode goes to the VAP interface on the Fortigate.

Thanks for your reply. Yes, I am aware of fortiAP local bridging, but was curious if there was a way to bridge SSID with interfaces or vlans that terminate at the controlling FortiGate and not the FortiAP? In regards to the FortiAP local bridging, do you know how many local bridge SSIDs are supported per FortiAP? I seem to recall that only 1 was possible per fortiap but am having a hard time tracking that document down. Thanks EDIT: spelling

Bromont_FTNT

Staff

You mean bridge the SSID to the internal interface (or other ports) on the Fortigate? You' d need to create a software switch in the Interface menu after which you' d add the SSID and the other interfaces you' d like to add. Any interface you want to add to the software switch must be free of any configs such as DHCP or firewall policies. I believe when local FortiAP bridge was first introduced there was a limit of 1 bridge mode SSID but I believe you can add more now although I' d have to test again to be sure.

brianmac64Author

New Member

ORIGINAL: Bromont You mean bridge the SSID to the internal interface (or other ports) on the Fortigate? You' d need to create a software switch in the Interface menu after which you' d add the SSID and the other interfaces you' d like to add. Any interface you want to add to the software switch must be free of any configs such as DHCP or firewall policies. I believe when local FortiAP bridge was first introduced there was a limit of 1 bridge mode SSID but I believe you can add more now although I' d have to test again to be sure.

Yep, you got it, and it makes sense. Will give it a try and post what I find. Thanks for your help, Bromont!!

Sean_Toomey_FTNT

Staff

One thing you will want to know is that software bridges are not hardware accelerated. That doesn' t matter on smaller units that don' t have an NP ASIC, but on larger units (200 series and up) you will end up sending all that traffic to the CPU, so just be forewarned. You can accomplish most connectivity needs by creating rules between the SSID interface and wired interfaces as needed, and adding multicast rules so things like AirPlay and AirPrint will work. See http://docs-legacy.fortinet.com/cb/html/index.html#page/FOS_Cookbook/Firewall/cb_fw_airplay_airprint.html for an example. Thanks!

baitken

New Member

I believe the limit of one bridged SSID per AP is a technical limitation rather than a FortiGate limitation. Doesn' t make much sense to have multiple SSIDs bridged to the same physical network.

Bromont_FTNT

Staff

Actually it does make sense if you implement vlans....

baitken

New Member

But as it is currently implemented the bridge is between an SSID and the physical network interface of the FortiAP. The FortiAP does not support 802.1q as far as I am aware.

Bromont_FTNT

Staff

It does support 802.1q, you can set the FortiAP management vlan, you can select the vlan ID for each bridged mode SSID and you can also configure dynamic vlan where a user gets assigned the vlan ID based on the value returned from the Radius server.

baitken

New Member

Hmm... that must have changed since I originally looked into it (admittedly a few years ago).

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded