I have started to set up FortiAP 23JF devices on our network using Fortigate 3200D as the Controller. They are working fine but what I am trying to do is make the POE port LAN3 on the FortiAP to only accept the Avaya Phones on that port so Guests cant unplug the phone and plug their laptop in and get on the Voice network. I have created a Firewall Object Address called "Avaya" with a list of all the MAC addresses of the Phones in each room. Then under SSID's created a SSID called "AvayaVOIP" with the Address Group Policy set to "allow" and chosen the object created above. Then I created a FortiAP Profile called "AvayaFAP23JF" and assigned it to one of the FortiAP's which all worked fine but when testing and plugging in my laptop to Port3 I still get assigned an IP on that port. The Cisco AP's that I am replacing with the FortiAP's were VLAN aware so I could untag the Guest VLAN (2201) and Tag the VOIP network (2065) so if a client unplugged the phone and plugged in they would be put on the Guest network. The FortiAP's do not let me do this. Since the VOIP Interface is not on the Fortigate I cant set Policy's. Any suggestions would help.