FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 199280
Description This article explains how to increase the scalability of FortiAP using bridge mode.
Scope Fortios all.

The FortiGate wireless controller can support more FortiAPs in local bridge mode than in the normal mode.

But this is only true if some of the FortiAPs are configured to operate in remote mode, which supports only local bridge mode SSIDs.


The Managed FortiAP page (WiFi & Switch Controller > Managed FortiAPs) shows at the top right the current number of Managed FortiAPs and the maximum number that can be managed, '5/64' for example.


The maximum number, however, is true only if all FortiAPs operate in remote mode.

For more detailed information, consult the Maximum Values Table (in the Reference Manuals section).

For each FortiGates, there are two maximum values for managed FortiAPs: the total number of FortiAPs and the number of FortiAPs that can operate in normal mode.


To configure FortiAP units for remote mode operation.


1) Create at least one SSID with Traffic Mode set to Local bridge with FortiAP's Interface.


2) Create a custom FortiAP profile that includes only local bridge SSIDs.


3) Configure each managed FortiAP unit to use the custom FortiAP profile.


It is also necessary to set the FortiAP unit’s wtp-mode to remote, which is possible only in the CLI.

The following example uses the CLI both to set wtp-mode and select the custom FortiAP profile:


# config wireless-controller wtp

    edit FAP22B3U11-----4

        set wtp-mode remote

        set wtp-profile 220B_bridge



Related document.