Best Practices for deployment of remote APs

kaj73 · ‎09-16-2014

I' m looking for best practices for the deployment/configuration/infrastructure of remote APs, specifically the FAP-14C. The attached image schematically shows what we are trying to achieve with the deployment of the FortiAPs. Each homeoffice user should be connected to his/her nearest branch office but should also be able to reach ressources of the HQ. The admin at the HQ should be able to reach the clients in the homeoffices. (in reality there are more branch offices and each branch office has multiple homeoffice users) I' m now looking for the most efficient way to configure such an infrastructure. From what I saw from my tests and the documentation I' ll end up with a " ton" of SSIDs, subnets and policies, unique for each homeoffice. Is there a less " Layer 3 oriented" way to configure the setup? Any way to make the FortiAP a member of the LAN, to assign DHCP addresses from the LAN to the homeoffice client? Thanks in advance for your input.

jtfinley · ‎05-08-2015

I'll take a crack at this. If you've found a solution, please share.

I understand this is a few months old, but....one can set the AP's to use DNS or IP and register with HQ Fortigate per your drawing. Create an SSID and set to block INTRA-SSID Traffic to keep home offices separate?

Joe

emnoc · ‎05-08-2015

Causal observation

I' ll end up with a " ton" of SSIDs, subnets and policies, unique for each homeoffice.

No not really, you could used the same SSID and authentication methods for each localize fortigate. The local branch fortigate would be the AP controller. Just the layer3 details assigned for that SSID would be different at each branch offices and HQ.

PCNSE

NSE

StrongSwan