YES YES YES, we are almost on the same page.
Sorry, I failed to indicate that my previous response was ONLY for the matter of joining domains - not FAP connection.
Now, your response kind of answer almost all except one configuration discrepancy. My initial questions referred to 2 VLANS:
- VLAN 10 resides on FG and, let's say, for SALES office network
- VLAN 20 resides on SW and for ACCOUNTING network
- Wireless clients should be accessible by wired clients of their respective VLANS: like, a desktop PC on VLAN 10 should be able to print to wireless printer on the same VLAN
(see, we are talking about 2 separate wired networks)
With this, wouldn't the last paragraph in your last reply not apply? I would still need to free up one of FG ports to make it untagged for linking FG and FS domains, right? Will the FS port also need to be untagged?
If FortiAP connected to the Switch, as you recommended, will wifi clients tagged as VLAN 10 (SALES) reach their network on FG?
As far as FortiAP - can I remove port b on FG from FortiLink making it physical (untagged) interface and connect FortiAP to it?