With old Mei Firewall-(fortinet) wireless AP Chapter (1)

　FORTIAP Introduction

FORTIAP Wireless access points provide enterprise-level wireless network extensions for FortiGate integrated security features for controller-managed devices. Each FORTIAP wireless controller integrates the traffic through the FortiGate platform, providing a separate console to manage wired and wireless network traffic.

The FORTIAP wireless access point provides more network visibility and policy execution while simplifying the overall network environment. With the latest 802.11n-based wireless chip technology, it provides high performance integrated wireless monitoring and supports wireless access for each wireless transmission of multiple virtual APS. The FORTIAP is connected to the controller (director) of the FortiGate device and provides the wireless deployment space for a robust and complete content protection feature. FortiGate Device controller controllers can centrally manage wireless send point operations, channel allocations, and transmit power, further simplifying deployment and management.

　FORTIAP Appearance and connection

Here we use FORTIAP 210B as an example, Fortiap 210B is a business-grade 802.11n solution for sustainable use, providing a total throughput of up to 300Mbps for applications where demanding requirements can be met. The FORTIAP 210B uses a single-radio dual-band (2.4GHz and 5GHz) 2x2 MIMO technology. The Fortiap 210B is an enterprise-class access point that provides fast client access and intelligent application detection and traffic shaping with two internal antennas that support IEEE 802.11a, B, G, and n wireless standards.

This is the look of the FORTIAP 210B front.

The FORTIAP 210B connection is very simple, as long as one end of a network cable connected to the ETH interface, the other end connected to the switch or flight Tower firewall, the device with a separate 12V, 1.5A power supply, if the firewall or switch support Poe interface (with 48V power supply), can also directly through the network cable power, There is no need to connect a separate power supply, so it is much more convenient to install the wiring.

　FORTIAP Access

As with ordinary switches, routers, FORTIAP can also be accessed through the browser, the default address of the ETH interface is 192.168.1.2, the user name is Admin, the password is Empty。 The laptop IP is set to 192.168.1.8 of the same network segment, open Firefox browser, enter http://192.168.1.2 to access.

Enter the user name admin, password is not filled, directly click login;

You can see the basic information of Fortiap 210B, where you can upgrade the firmware, modify the administrator password (recommended for security purposes), when there are multiple APs in order not to cause conflict, but also access to each IP, we recommend modifying the default 192.168.1.2 IP address.

You can also see the wireless information. Because most of the setup is done on the control side of the Fortinet firewall, this is not a specific operation.

　Activating the AP on the firewall

Because the FortiGate integrates the controller management of the security functions, all operations can be done on the fire wall.

① Login Firewall, choose the menu "WiFi and switch Controller"-"manageable devices"-"FORTIAP management", a few more refreshes, you can find that two FORTIAP 210B devices have been found.

② just found the device status is a question mark, option an AP, click "Permit", allow the use;

When ③ is granted, their status is green; The connection can be seen by the AP from the firewall to the DHCP assigned to the address, by accessing this address, you can also log in to the Web interface of the AP.

　Establish SSID

After activating the FORTIAP on the firewall, you can set the SSID, use the wireless to know that the notebook or mobile phone will search for a wireless signal, the name is SSID.

① Select the menu "WiFi and switch Controller"-"Wireless Network"-"SSID", click New;

② we create a new SSID for Office insiders, enable DHCP, set the IP range so that the IP address of this range will be obtained by logging on through this SSID;

③SSID Chinese name easy to distinguish, but some of the computer to see the wireless information when it is garbled, mobile phones generally do not. Safe Mode Here we choose the Enterprise mode, mainly the difference between the common password input authentication, the default local authentication, that is, through the firewall set up the account for authentication, select customer group, of course, the workgroup can also be customized in the firewall;

④ another SSID,IP address for temporary Internet access to customers is distinguished from the SSID used by internal staff;

⑤ Guest SSID security mode just choose Personal mode, just enter the password to pass;

⑥ can see two different ssids are built, of course, you can add or subtract the SSID according to the actual situation.

　Add Authentication User

The Office WiFi you just established will be verified by the account on the firewall, then we need to build the user on the fire wall and join the customer group.

① Select Menu "Users & Devices"-"users"-"Set Up Users", click New;

② default is to set up local users, click "Next";

③ Enter user name and password, click "Next";

④ email address is ignored here, click "Next" directly;

⑤ default is enabled, click "Done";

⑥ can see that a user has been established, and other users like this can be established;

⑦ newly established users also need to join the customer group, select the menu "Users and Devices"-"users"-"user group", click Guset-group Group, click Edit;

⑧ members to the right click on the No. Tenth icon, select the new user, click "OK";

⑨ can see that the Guest-group group member has increased.

　Modifying a configuration file

The system will generate a profile by default, and the activated device will use this profile by default, and what needs to be done is to add the established SSID to the configuration file and let the AP run based on the profile.

① Select the menu "WiFi and switch Controller"-"Wireless Network"-"FORTIAP profile", select the default profile, click Edit;

The ② band chooses the more commonly used 2.4Ghz 802.11n/g/b, joins the newly created good two SSID;

③ configuration file modification completed, you can see in fact, you can also add a frequency band, the following we will detail this aspect.

④ Select the menu "WiFi and switch Controller"-"manageable devices"-"FORTIAP Management", select an AP, click Edit;

⑤ can see that the radio configuration is displayed using the default configuration file and the corresponding configuration file. Of course, you can also create a new profile to meet your actual needs, as described later in this section.

　Develop the policy for APs to allow access to the extranet

After these steps are completed, the phone, notebook can be connected to the AP, but not the Internet, it is necessary to develop a policy to allow access to the AP.

① Select Menu "Policies and Objects"-"strategy"-"IPV4", click New;

② first build Office WiFi internet strategy, inflow interface Select Lw-office, outflow select Wan1 broadband port;

③ then build a guest WiFi internet strategy, inflow interface Select Lw-customer, outflow select Wan1 Broadband port, of course, if there are multiple broadband, can also point to not affect the work of the broadband;

④ in order to not let the guest WiFi affect the normal work, here also can limit the traffic of guest WiFi;

⑤ two policies to allow access to the extranet are built.

　Verify Internet access via AP

Now you can turn on the wireless function of your phone or laptop to search for internet signals.

① connection to guest WiFi is easy, enter the password on it;

② Connect Office WiFi, you need to enter a user name and password, and this user name and password is just set on the firewall;

③ through the firewall authentication;

④ mobile phone can surf the internet, AP installation configuration is successful!

With old Mei Firewall-(fortinet) wireless AP Chapter (1)