Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

M_Hage
New Contributor

Created on ‎04-30-2016 01:20 AM

How to setup a 60D fortigate to multiple fortiap's

I've bought a fortigate 60D, two fortiap 28C's and one 321C. I like to use multiple wireless and wired devices in one LAN.

Wired on the Fortigate, but also wired on the 28C's.

I've tryed several setup's (hardware switch, software switch), (tunnel to wireless, local bridge). I've upgrade all the forti's to the latest firmeware 5.4.0.

I can access now the internet with all the devices connected to the fortigate and with the wireless devices.

I can not access the internet or the LAN with the wired devices connected to the fortiAP 28C.

Is there any simple setup guide to do this? Or is there anyone who can show me the right direction?

Labels:
3311
0 Kudos
1 Solution
John_Jacobs_FTNT
Staff
Staff

Created on ‎05-02-2016 06:13 AM

If you want the devices on the same network, you will want to use the AP in bridge mode (to extend that single network). Connect physically to the switch ports, which should be the default of all numbered ports (we have changed that behavior a few times, admittedly, so you may need to create the switch and add interfaces).

If using tunnels, it implies separate/distinct networks that can be routed together easily, my personal recommendation as it helps determine device location and a simple policy between them allows controlled segmentation and logging of traffic.

There are good outlines in the "Cookbooks": http://cookbook.fortinet.com/wifi/

More detailed information is always on docs.fortinet.com (the complete admin is large, but very useful).

Regards.

John Jacobs

jjacobs@fortinet.com

View solution in original post

3308
0 Kudos
8 REPLIES 8
John_Jacobs_FTNT
Staff
Staff

Created on ‎05-02-2016 06:13 AM

If you want the devices on the same network, you will want to use the AP in bridge mode (to extend that single network). Connect physically to the switch ports, which should be the default of all numbered ports (we have changed that behavior a few times, admittedly, so you may need to create the switch and add interfaces).

If using tunnels, it implies separate/distinct networks that can be routed together easily, my personal recommendation as it helps determine device location and a simple policy between them allows controlled segmentation and logging of traffic.

There are good outlines in the "Cookbooks": http://cookbook.fortinet.com/wifi/

More detailed information is always on docs.fortinet.com (the complete admin is large, but very useful).

Regards.

John Jacobs

jjacobs@fortinet.com

3309
0 Kudos
M_Hage
New Contributor
In response to John_Jacobs_FTNT

Created on ‎05-03-2016 06:12 AM

Thank you very much for your anwser, John.

If i'm using tunnels, also my favorit and i've configured it now, how can i use the wired ports on the FAP28C's? I've already set the port in the foritAp profile to 'tunnel to SSID' but i can't connect to any device on the network of any webadress

Sorry, a lot of questions but i can't find my situation in the manual.

3308
0 Kudos
josevillarreal_FTNT
Staff
Staff
In response to M_Hage

Created on ‎05-03-2016 06:18 AM

You can put the wired ports in the FAP-28C in any of tunneled SSID the FAP is using. Basically both wireless and wireless are in the same network even before they get to the FGT controller.

You can reach out ro Eric Mouque in EMEA for details on how to configure that.

Jose

3308
0 Kudos
M_Hage
New Contributor
In response to josevillarreal_FTNT

Created on ‎05-03-2016 07:33 AM

Thank you Jose.

Do you have an emailadress of Eric or any other way to contact him?

3308
0 Kudos
mouque_FTNT
Staff
Staff
In response to M_Hage

Created on ‎05-03-2016 08:02 PM

The LAN port options are described in FortiOS handbook for FOS 5.4 (page 867).

Thanks. Eric

3308
0 Kudos
M_Hage
New Contributor
In response to mouque_FTNT

Created on ‎05-08-2016 06:00 AM

Thank you Eric for sharing this information. Basic there are three options for the lanports. I've tryed them all, but my NIC do not receive any IP-number.

Please let me share my configuration with you to see if there is any wrong setting. All the wireless devices are working well!

First i've create an interface for the foritap's 'Internal1' and 'internal2'with the setting: 'dedicated to ext. device' and the other lan ports as a LAN-inface 'hardware-switch' with a fixed IP and a DHCP-server.

Then i've created a SSID (in tunnel mode), a new AP-profile. In the AP-profile i've selected my new created SSID and set the lanports to 'bridge to SSID' (as i told before i've also tryed the other two settings).

At the end i've autorized the AP to the fortigate. See the attached images for the detailed settings.

What am i doing wrong? i really appriciate your contribution

 

Preview file
136 KB
Preview file
74 KB
Preview file
70 KB
Preview file
62 KB
Preview file
76 KB
3308
0 Kudos
mouque_FTNT
Staff
Staff
In response to M_Hage

Created on ‎05-08-2016 07:15 AM

It looks like you're running a very old FAP firmware version (build 48). Can you please upgrade your FAP firmware to latest build 5.0.10?

Regards,

Eric

3308
0 Kudos
M_Hage
New Contributor
In response to mouque_FTNT

Created on ‎05-10-2016 12:41 AM

Thank you Eric. This was therefor the problem. I've upgraded the Firmware to 5.0.10 and now the ethernet ports are working.

Not very stable, the connection is loose sometimes whil eth ewireless is doing well, but it's a lot more then before.

3308
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.