Dear Leads,
Need your help and advice for the below configuration on Fortigate 60D.
I have one 60D and 5 FortiAP (FAP-221C-E Indoor wireless AP) the connectivity is as below.
Internet link is coming on the Fortigate 60D and the Fortgate Internal Port (LAN) is connected to a Edge Switch and all the 5 FortiAP are connected to the Edge Switches.
I need to configure 2 SSID one for LAN and one for Guest, both the SSID's should get IP in different range (192.x.x.x. for LAN and 10.x.x.x. for Guest ) and the Fortigate will be the DHCP Server.
Early reply will be really helpful.
Regards,
Awnish.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Awnish,
This is a simple configuration; I'd recommend you go through the FortiAP Cookbook available here: http://cookbook.fortinet.com/setting-up-wifi-with-fortiap-54/
Key thing is that you'd configure two SSID's, each with their own subnets, then assign both SSIDs to the AP profile.
Create policies for both SSIDs depending on what you want each to be able to access.
Dear Sir,
Thanks for your reply, apologies for the delay in reply from my side.
But just need to know if the Forti AP is connected to LAN switch than it was automatically get detected to the FortiGate or additional configuration is needed, also the settings will be same if there are more than 2 vlans.
Do need to configure the AP in bridge mode?
Regards,
Awnish.
The best thing to do is have a dedicated interface on your fortigate that is used for managing and communicating with your fortiap's. Depending on the version of fortios you are on, it may have an option to set an interface as "Dedicated to fortiAP" (in later versions of fortios, this is removed and you will need to set the interface on the fortigate as manual, enable the CAPWAP under administrative access and configure dhcp settings for the dedicated fortiap backbone network). This network will only be used by FortiAPs to communicate between the fortigate.
On the switch side, I would configure a dedicated vlan for the fortiaps and have the ports that connect to the fortiaps be on that specific vlan (also make sure that the port that is going to connect to the fortigate on the interface you just set up is also on that vlan).
Once that is done, you can start plugging in fortiaps and the fortigate will automatically detect them. From here you can authorize them and apply AP profiles. When creating the SSID's, leave them in tunnel to wireless controller" mode. Hope that helps!
Dear Leads,
I have a somewhat similar configuration but with some key differences that I want to bounce off this audience for some configuration advise.
I have a Fortigate 90D with WiFi SSID in Bridge Mode. Works great. DHCP is off and DNS is run by a separate server on the same subnet. So, IP addressing is handled externally for the primary SSID.
Now, I'm trying to add a second WiFi SSID in Tunnel mode. So, the expectation is that it'll run off DHCP being pushed by the Fortigate. I need captive portal on this tunneled SSID and for both SSID's to be run off the 2 FortiAP's that I have.
The steps I've taken so far is:
1. to create the second FortiAP profile
2. the second SSID
3. the user group for this 2nd SSID
4. and the user that will authenticate to the captive portal
The SSID is published and I can't connect to the open wifi network - but no captive portal page and no internet. Any thoughts on what I missed?
awnishkumar643 wrote:Dear Leads,
Need your help and advice for the below configuration on Fortigate 60D.
I have one 60D and 5 FortiAP (FAP-221C-E Indoor wireless AP) the connectivity is as below.
Internet link is coming on the Fortigate 60D and the Fortgate Internal Port (LAN) is connected to a Edge Switch and all the 5 FortiAP are connected to the Edge Switches.
I need to configure 2 SSID one for LAN and one for Guest, both the SSID's should get IP in different range (192.x.x.x. for LAN and 10.x.x.x. for Guest ) and the Fortigate will be the DHCP Server.
Early reply will be really helpful.
Regards,
Awnish.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1647 | |
1070 | |
751 | |
443 | |
214 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.