I tried to set up a FortiAP 14C for the first time and have some questions.
One of our customers wants to connect a few branches with the HQ, using FortiAP 14C on the remote side and a FortiGate 40C in the HQ. Each FortiAP should connect devices via WLAN and LAN with the company's network as well as offer them access to the Internet.
I found several videos and documents describing the setup of 14C as an AP for WLAN and LAN and following them, I could establish connections as wanted. But this works only, when the FortiAP 14C is located in the same network as the FortiGate 40C. My expectation was, that - if this works fine - I could bring the AP to the branch and the same functionality would be available. But unfortunately, the AP does not establish a VPN connection to the 40C.
So, obviously, I misunderstood the setup.
Unfortunately, I don't find a document or video which describes the necessary configuration tasks for our environment. So my questions are:
1. Does anybody have a link to information, which will help me to correct the setup?
2. Is there a way to configure the AP without being near the 40C? Problem is, that our customer is located 300 km away from our office. If I have to go there to configure the AP, I have no possibility to check the functionality, because I don't have external Internet access there beside the one of the 40C. So if I think, the setup is correct, I have to drive back to our office or to one of the branches to test the device and if there is still something wrong, I've to drive back to the customer's HQ.
What kind of internet access equipment do you have at the remote location? A Remote AP won't be enough on it's own - you need at least a xDSL router to connect. The RAP will then connect to the FGT, provided it can reach the internet and you have configured the FGT's public IP address.
The RAP is just an accesspoint, plus router. There is no interface electronics for WAN access - DSL, cable, GSM/3G/4G. If this surprises you, look at the price (and the datasheet).
As to your visit to the remote office, you could get a Webstick to connect to the internet there. This would be independent of the access the remote AP would use.
I configured the public IP address of the 40C as "AC IP Address 1" in the 14Cs.
The WAN1 interface of the 40C is not enabled for CAPWAP in general yet. It's enabled for two VPN tunnels bound to WAN1, but not on the interface itself. Can I do that without implications to the VPN tunnels without CAPWAP (there are also those bound to that interface)?
Additional question: There is a radio button "Dedicated to FortiAP", which is not enabled. Is this obsolete for our situation?
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.