Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bwayne
New Contributor

Bridge mode - differences between the two settings

Hello everyone, For 2 years I've been working with FGT and few days ago I bought my first FortiAP 21D. From the cookbook and other documentation, I know that FAP can work in Bridge mode in two ways: 1. Setting the 'Local brigde with Forti APs interface' in Traffic Mode in the SSID settings - then connect FortiAP unit to LAN interface in a remote location (a location other than the FortiGate interface). Result: WiFi and wired clients are on the same LAN subnet. eg: http://cookbook.fortinet....ridge-with-fortiap-54/ http://cookbook.fortinet....a-wifi-bridge-fortiap/ 2. Setting 'Tunnel to the WiFi controller' in Traffic Mode in the SSID settings - then connect FortiAP to the dedicated internal interface in FGT unit and combine the WiFi and wired interfaces with software switch. Result: WiFi and wired clients are on the same LAN subnet. eg: http://cookbook.fortinet....ith-a-software-switch/ http://www.fortinetguru.c...ith-a-software-switch/ http://www.fortinetguru.c...ith-a-software-switch/ What are the main differences between this settings? Which are the best? Thank you for the reply

3 REPLIES 3
wanglei_FTNT
Staff
Staff

The major difference between mode 1 and mode 2 is that how end user traffic is forwarded. 

Mode 1)

All traffic is forwarded to local network by AP

 

2) all traffic is tunneled to controller 1st 

 

Depending on your needs, you can have mixed deployment as well. For example, some SSIDs are put into mode 1 and some SSIDs are working at mode 2

MikePruett

One thing to take into consideration as well, Tunnel mode adds some overhead so if you have custom MTU sizes etc you can end up with fragmented packets that cause strange behavior at times.

Mike Pruett Fortinet GURU | Fortinet Training Videos
Nils

If you tunnel the traffic to the controller and create a software switch, all traffic handled by the switch is running in the CPU.

I would say that's a drawback.

Labels
Top Kudoed Authors