Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Timh
New Contributor

Created on ‎04-05-2024 01:24 AM

Wifi-Bridge with FortiWifi as controller in combination with different SSIDs and VLANs

Hello,

 

What I have:

  • FortiWifi 40F as Wifi-Controller with
    • different VLANs (internal ID40, voip ID70, mgm ID50, IoT ID100 , guest ID200)
    • different SSIDs (internal, guests, IoT)
    • "internal" SSID is bridged to LAN internal
    • "voip" is only LAN
    • SSIDs "guest" and "IoT" are tunneled with separate Subnets/VLANIDs

What I want: 

Connect small work container to LAN

Idea: FortiAP as LAN-Bridge and Wifi-MESH-AP

  • On FortiAP-site managed Switch (not Forti)
    • with VLAN 40, 50 and 70
    • Switch connected via LAN to ForitAP
  • ForitAP extends SSIDs "guests" and "IoT" (Mesh)
  • Bridged Wifi-connection between FortiWifi and FortiAP (Trunk)
    • tunneling VLANs 40, 50 and 70 for LAN
    • tunneling VLANs 100 and 200 for Wifi
  • Routing and Ffirewall on FortiWifi

 

Technical consulted says it doesn't work with FW+AP and I need a Layer2-WifiBridge or a second FW.

Both solution have disadvantages:

  • Wifi-Bridge: no extending of existing Wifi
  • second FW: no mesh and more configuration

I cannot/ don't want believe the consultant that Forti cannot do this. I would be very happy and thankful if someone has an idea how to get this working.

 

PS: It is really a smal office. So I don't have any issues with bandwidth.

 

Best regards

Tim

 

314
0 Kudos
6 REPLIES 6
jhussain_FTNT
Staff
Staff

Created on ‎04-07-2024 01:09 AM

Hi,

 

According to your update, I understand you want to build up a mesh connection between two FortiAPs; please confirm.

If so, please refer to the document below.

 

https://docs.fortinet.com/document/fortiap/6.4.0/fortiwifi-and-fortiap-cookbook/638238/setting-up-a-...

 

Regards

Jamal Hussain

253
0 Kudos
Timh
New Contributor
In response to jhussain_FTNT

Created on ‎04-08-2024 12:38 AM Edited on ‎04-09-2024 02:09 AM

Hi, 

thank you for your reply. 


It should be a mesh connection between FortiWifi and FortiAP. And a network bridge for some LAN-Subnets tagged by VLAN.

 

WifiBridgeExample.png

 

I know this document, but there is nothing written if it is possible to bridge different Subnets with different VLANs to the NIC of the Leaf-AP. 

 

Best regards

Tim

 

edit: changed picture and add guest-wifi

217
0 Kudos
Bjay_Prakash_Ghising
Contributor
In response to Timh

Created on ‎04-08-2024 08:51 AM

Hi @Timh 

 

I couldn't understand your requirements fully. Could you please provide more details or clarification?

 

In the meantime, if you're looking to establish a point-to-point wireless mesh network, you can follow the guidance provided in the attached link. This should help you proceed with your networking objectives effectively.

 

https://docs.fortinet.com/document/fortiap/7.4.2/fortiwifi-and-fortiap-configuration-guide/196651/wi...

 

1.png

 

https://docs.fortinet.com/document/fortiap/7.4.2/fortiwifi-and-fortiap-configuration-guide/937763/co...

 

let us know if you need further assistance. 

 

Kind Regards, 

Bijay Prakash Ghising

 

 

 

 

Ghising
Ghising
189
0 Kudos
Timh
New Contributor
In response to Bjay_Prakash_Ghising

Created on ‎04-09-2024 02:23 AM

Hi Bijay,

 

that is what I whant. But can you confirm that:

  • wifi access to "guest" and "internal" on both devices (fortiwifi and fortiap)
  • tagged vlan (4,70) on the fortiap lan interface

ist possible then.

 

best regards,

Tim

165
0 Kudos
jiahoong112
Staff
Staff

Created on ‎04-08-2024 06:41 AM

you can make fortiwifi the wifi client and connect to the fortiap using a bridge ssid: https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/756937/setting-up-a-wifi-bridge-with-a-f... 

fortiwifi as a wifi client: https://docs.fortinet.com/document/fortiap/7.4.2/fortiwifi-and-fortiap-configuration-guide/404373/co... 

 

from my understanding, you seem to be building a wireless bridge between fortiap and fortiwifi to bridge vlans together. Mesh would not be necessary in this case as there is already a wireless bridge. 

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
200
0 Kudos
Timh
New Contributor
In response to jiahoong112

Created on ‎04-09-2024 02:20 AM

from your post I understand:

  • FortiAP as Controller
  • FortiWifi as Client
  • Connect them via bridge-wifi
  • Add the SSIDs internal and guest to both wifi-profiles

 

Can you confirm, that it is possible then:

  • wifi access to "guest" and "internal" on both devices (fortiwifi and fortiap)
  • tagged vlan (4,70) on the fortiap lan interface
167
0 Kudos
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.