How to setup a 60D fortigate to multiple fortiap's

M_Hage · ‎04-30-2016

I've bought a fortigate 60D, two fortiap 28C's and one 321C. I like to use multiple wireless and wired devices in one LAN.

Wired on the Fortigate, but also wired on the 28C's.

I've tryed several setup's (hardware switch, software switch), (tunnel to wireless, local bridge). I've upgrade all the forti's to the latest firmeware 5.4.0.

I can access now the internet with all the devices connected to the fortigate and with the wireless devices.

I can not access the internet or the LAN with the wired devices connected to the fortiAP 28C.

Is there any simple setup guide to do this? Or is there anyone who can show me the right direction?

John_Jacobs_FTNT · ‎05-02-2016

If you want the devices on the same network, you will want to use the AP in bridge mode (to extend that single network). Connect physically to the switch ports, which should be the default of all numbered ports (we have changed that behavior a few times, admittedly, so you may need to create the switch and add interfaces).

If using tunnels, it implies separate/distinct networks that can be routed together easily, my personal recommendation as it helps determine device location and a simple policy between them allows controlled segmentation and logging of traffic.

There are good outlines in the "Cookbooks": http://cookbook.fortinet.com/wifi/

More detailed information is always on docs.fortinet.com (the complete admin is large, but very useful).

Regards.

John Jacobs

jjacobs@fortinet.com

View solution in original post

John_Jacobs_FTNT · ‎05-02-2016

If you want the devices on the same network, you will want to use the AP in bridge mode (to extend that single network). Connect physically to the switch ports, which should be the default of all numbered ports (we have changed that behavior a few times, admittedly, so you may need to create the switch and add interfaces).

If using tunnels, it implies separate/distinct networks that can be routed together easily, my personal recommendation as it helps determine device location and a simple policy between them allows controlled segmentation and logging of traffic.

There are good outlines in the "Cookbooks": http://cookbook.fortinet.com/wifi/

More detailed information is always on docs.fortinet.com (the complete admin is large, but very useful).

Regards.

John Jacobs

jjacobs@fortinet.com

M_Hage · ‎05-03-2016

Thank you very much for your anwser, John.

If i'm using tunnels, also my favorit and i've configured it now, how can i use the wired ports on the FAP28C's? I've already set the port in the foritAp profile to 'tunnel to SSID' but i can't connect to any device on the network of any webadress

Sorry, a lot of questions but i can't find my situation in the manual.

josevillarreal_FTNT · ‎05-03-2016

You can put the wired ports in the FAP-28C in any of tunneled SSID the FAP is using. Basically both wireless and wireless are in the same network even before they get to the FGT controller.

You can reach out ro Eric Mouque in EMEA for details on how to configure that.

Jose

M_Hage · ‎05-03-2016

Thank you Jose.

Do you have an emailadress of Eric or any other way to contact him?

mouque_FTNT · ‎05-03-2016

The LAN port options are described in FortiOS handbook for FOS 5.4 (page 867).

Thanks. Eric

M_Hage · ‎05-08-2016

Thank you Eric for sharing this information. Basic there are three options for the lanports. I've tryed them all, but my NIC do not receive any IP-number.

Please let me share my configuration with you to see if there is any wrong setting. All the wireless devices are working well!

First i've create an interface for the foritap's 'Internal1' and 'internal2'with the setting: 'dedicated to ext. device' and the other lan ports as a LAN-inface 'hardware-switch' with a fixed IP and a DHCP-server.

Then i've created a SSID (in tunnel mode), a new AP-profile. In the AP-profile i've selected my new created SSID and set the lanports to 'bridge to SSID' (as i told before i've also tryed the other two settings).

At the end i've autorized the AP to the fortigate. See the attached images for the detailed settings.

What am i doing wrong? i really appriciate your contribution

mouque_FTNT · ‎05-08-2016

It looks like you're running a very old FAP firmware version (build 48). Can you please upgrade your FAP firmware to latest build 5.0.10?

Regards,

Eric

M_Hage · ‎05-10-2016

Thank you Eric. This was therefor the problem. I've upgraded the Firmware to 5.0.10 and now the ethernet ports are working.

Not very stable, the connection is loose sometimes whil eth ewireless is doing well, but it's a lot more then before.