We left setting up our wireless networks for after we had the pre-existing wired networks duplicated and working when we made the switch from Cisco to Fortinet. It seems now that this may have been a mistake.
We want 2 networks. One for guests, and one for corporate users. The one for guests is no problem. It's up and running. The one for corporate users isn't.
We'd like the corporate wifi to be on the same network as the internal wired network. The problem is that this was already setup as it's own dedicated interface. From what I've read, the usual solution is to make the wired and wireless part of the same virtual switch. This isn't an option for us due to the current setup.
How can I make the wireless bridge that internal network? Or maybe make that wireless network separate, but have access to the internal network as if it was a member?
Solved! Go to Solution.
Picking up on the first idea, if you create a policy from 'SSID' to 'internal', check the static NAT box. This way, the WiFi clients will appear as internal hosts, no matter which (different) subnet you've assigned to the WiFi.
Of course, there's a difference to true bridging: routing will not carry over broadcasts from one subnet to the other. That depends on your environment whether that is a requirement or not. Usually it isn't but there are corner cases.
Picking up on the first idea, if you create a policy from 'SSID' to 'internal', check the static NAT box. This way, the WiFi clients will appear as internal hosts, no matter which (different) subnet you've assigned to the WiFi.
Of course, there's a difference to true bridging: routing will not carry over broadcasts from one subnet to the other. That depends on your environment whether that is a requirement or not. Usually it isn't but there are corner cases.
I've created a SSID with option "Local Bridge" and then I've just connected the AP to the same switch/vlan as the Internal network.
Then you don't have to create a software switch.
azh wrote:Hello
1) You can create policy from dedicated interface for wifi to Internal Lan Interface.
OR
2) Create hardware switch then u will use same subnet for Lan and Wifi.
ede_pfau wrote:1 is what I was thinking might work, thanks I'll give it a try. 2 Can this work even though the interfaces for Lan and Wifi are already configured as separate ports?Picking up on the first idea, if you create a policy from 'SSID' to 'internal', check the static NAT box. This way, the WiFi clients will appear as internal hosts, no matter which (different) subnet you've assigned to the WiFi.
Of course, there's a difference to true bridging: routing will not carry over broadcasts from one subnet to the other. That depends on your environment whether that is a requirement or not. Usually it isn't but there are corner cases.
Nilsan wrote:I tried this, but since my vlans are not specified in the firewall it doesn't work. My vlans are controlled at the switches.I've created a SSID with option "Local Bridge" and then I've just connected the AP to the same switch/vlan as the Internal network.
Then you don't have to create a software switch.
It's working. Not ideally, but it is working. I set the wireless as a wireless tunnel instead of a bridge, and then set policy rules to allow access where I wanted. Maybe once I get the second FortiWifi unit for HA hotspare, I'll copy everything to it and then modify the interfaces for a software switch to try and get them on the same network. That way I can switch between them as separate entities for testing before I complete the HA config.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.