WAN interfaces with ap-discover and arpforward

Hi All,

FortiGate 300D and 100D, v5.4.1.

I noticed that setting an interface role to WAN doesn't change some of the settings for that interface as I would expect.

What I'm seeing is that an interface set to have a wan role still leaves the following two fields enabled:

  - ap-discover - allowing automatic registration of FortiAP devices

  - arpforward - for DHCP relay and MS Windows Client Browsing

It seems like these should be disabled for WAN interfaces.

Anybody have a good reason to leave these enabled for wan interfaces on an edge (not internal segmentation) firewall?

Thanks.