FortiOS 6.0 WiFi Issue: Setting up WiFi with a FortiAP

You can configure a FortiAP in either Tunnel mode (default) or Bridge mode. When a FortiAP is in Tunnel mode, a wireless-only subnet is used for wireless traffic. When a FortiAP is in Bridge mode, the Ethernet and WiFi interfaces are connected (or bridged), allowing wired and wireless networks to be on the same subnet.

1. Connecting and authorizing the FortiAP

To edit the interface that will connect to the FortiAP (in the example, port 22), go to Network > Interfaces.

Set Role to LAN and Addressing Mode to Manual. Set IP/Network Mask to a private IP address (in the example 10.10.200.1/255.255.255.0).

Under Administrative Access, enable CAPWAP.

Enable DHCP Server.

Under Networked Devices, enable Device Detection.

Connect the FortiAP unit to the interface.

To view the list of managed FortiAPs, go to WiFi & Switch Controller > Managed FortiAPs. The newFortiAP appears in the list* but it is greyed out because it is not authorized.

Select the FortiAP, and select Authorize.

After a few minutes, select Refresh. The FortiGate shows the FortiAP as authorized.

2. Creating an SSID

To create a new SSID to be broadcast for WiFi users, go to WiFi & Switch Controller > SSID.

Set Traffic Mode to Tunnel and set IP/Network Mask to a private IP address (in the example 10.10.201.1/255.255.255.0).

Enable DHCP Server and Device Detection.

Under WiFi Settings, name the SSID (in the example, Office-WiFi) and set a secure Pre-shared Key.

Enable Broadcast SSID.

3. Creating a custom FortiAP profile

To create a new FortiAP profile, go to WiFi & Switch Controller > FortiAP Profiles.

Set Platform to the FortiAP model you are using (in the example, FAP221C) and Country/Region to the appropriate location.

Set an AP Login Password to secure the FortiAP.

Under Radio 1, set Mode to Access Point and SSIDs to Manual. Add your new SSID.

To assign the new profile, go to WiFi & Switch Controller > Managed FortiAPs and right-click the FortiAP. Select Assign Profile and set the FortiAP to use the new profile.

4. Allowing wireless access to the Internet

To create a new policy for wireless Internet access, go to Policy & Objects > IPv4 Policy.

Set Incoming Interface to the SSID and Outgoing Interface to your Internet-facing interface.

Enable NAT.

5. Results

Connect to the SSID with a wireless device. After a connection is established, browse the Internet to generate traffic.

To view the traffic using the wireless Internet access policy, go to FortiView > All Segments > Polices.

To view more information about this traffic, right-click the policy and select Drill Down to Details.