Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi Jared,
FWF wireless traffic is already handled locally from FGT point of view even it's called tunnel mode.
Lei
Hi Sidewaysguy.
Sorry, I Misunderstand your answer before.
I try to add a bridge wifi, add the vlan 123 in the option, but I can not search the wifi on mobile, also I can not see enable broadcase like tunnel mode, do the bridge mode only use to enable the wifi?
Yes, It can use if it is used as independent subnet, but the other branch need to limited the subnet in VPN. the vlan 123 is a one of internal network with wifi and phycal cable lan port. Sorry need to use in vlan.
I confirmed the other branch is using the tunnel mode but can use the vlan IP, but they do not provided the config to me. What other prossible setting can make a tunnel mode ssid in vlan?
Hello there,
Okay first things first, did you add the SSID you created in bridge mode to the wireless profile that you have associated with the local wifi? The default profile will automatically add tunnel ssids but not Bridged. You will need to manually add the SSID.
Secondly, if this is an issue for needing traffic coming from a remote subnet through the vpn to the wireless network, then you will need to have the subnet defined in Phase 2 on both sides (unless you are using 0.0.0.0/0.0.0.0). As well, you will need to have the appropriate policies on both sides, referencing the appropriate subnets and interfaces. Whether you use the SSID or VLAN it doesn't matter as each are an interface that would need to be referenced on your side in the policy.
Thirdly, the vlan you are trying to utilize is only on your side of the vpn correct?
I'm not sure what firmware you are using but http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-wireless-54/define-ssid.htm maybe something to read.
Dear Sidewaysguy
Good Afternoon.
I add a bridge SSID again. Where can I assigned it in the local wifi? Thanks.
Hi there,
In the FortiAP profile you have assigned to the local wifi.
Dear Sidewaysguy
Good Morning.
Thanks for your reply.
I see the default FortiAP profile is assigned to Local Wifi Radio Platform. If I create a new profile, I can not see bridge mode in Platform. Don't the FortiAP profile is used to map to other Fortigate's AP?
Hi All,
To clarify a little bit
1) you can't bind bridge mode VAP to WTP profile assigned to local radio
2) if you really need to use VLAN interface for tunnel mode VAP. There are a couple of ways to do it
a) make tunnel mode VAP an independent interface(not part of software/hardware switch) and create vlan interface under VAP itself
b) make tunnel mode VAP part of software/hardware switch, create VLAN interface under the switch. In order to include tunnel mode VAP part of switch, you can't enable DHCP server on VAP itself.
Hope this will help
Lei
wanglei@fortinet.com wrote:Hi All,
To clarify a little bit
1) you can't bind bridge mode VAP to WTP profile assigned to local radio
2) if you really need to use VLAN interface for tunnel mode VAP. There are a couple of ways to do it
a) make tunnel mode VAP an independent interface(not part of software/hardware switch) and create vlan interface under VAP itself
b) make tunnel mode VAP part of software/hardware switch, create VLAN interface under the switch. In order to include tunnel mode VAP part of switch, you can't enable DHCP server on VAP itself.
Hope this will help
Lei
Thanks Lei! I didn't know/realize that you couldn't bind bridge mode to the local radio. Is there a reason for this?
Cheers,
Jared
Hi Jared,
FWF wireless traffic is already handled locally from FGT point of view even it's called tunnel mode.
Lei
wanglei@fortinet.com wrote:Thanks Lei! That's interesting as I was thinking that the local radio was treated like external AP's in regards to the profiles/interfaces.Hi Jared,
FWF wireless traffic is already handled locally from FGT point of view even it's called tunnel mode.
Lei
Thanks Lei & Sidewaysguy
Good Afternoon.
Finally I stay the wifi in tunnel mode and input below in command line. After REBOOT the 60D (must reboot after setting "set vlanid 123"), it return the correct IP (192.168.123.X). I wonder it can not setting in the GUI mode and not display in manual or guide clearly.
edit "Wifi_TE_IP" set vlanid 123
end
One more thanks for Sidewaysguy and Lei.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
227 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.