Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

Home FortiAP / FortiWiFi 6.2.0 FortiWiFi and FortiAP Configuration Guide

Creating a FortiAP profile

6.2.0
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.1
7.2.0
7.0.4
7.0.2
7.0.1
7.0.0
6.4.6
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.2
6.2.0
6.0.5
6.0.4
6.0.3
5.6.4
5.4.3
Copy Link
Copy Doc ID 723e20ad-5098-11e9-94bf-00505692583a:140799
Download PDF

Creating a FortiAP profile

A FortiAP profile defines radio settings for a particular platform (FortiAP model). The profile also selects which SSIDs (virtual APs) the APs will carry. FortiAP units contain two radio transceivers, making it possible, for example, to provide both 2.4 GHz 802.11b/g/n and 5 GHz 802.11a/n service from the same access point. The radios can also be used for monitoring, used for the Rogue AP detection feature.

You can modify existing FortiAP profiles or create new ones of your own.

Note

On FortiGate model 30D, GUI configuration of FortiAP Profiles is disabled by default. To enable AP profiles, enter the following CLI commands:

config system settings
set gui-ap-profile enable
end
To configure a FortiAP profile - GUI
  1. Go to WiFi & Switch Controller > FortiAP Profiles and select Create New.
  2. Enter a Name for the FortiAP Profile.
  3. In Platform, select the FortiWiFi or FortiAP model to which this profile applies.
  4. If split tunneling is used, in Split Tunneling Subnets, enter a comma-separated list all of the destination IP address ranges that should not be routed through the FortiGate WiFi controller.
  5. For each radio, enter:

    6. Mode

    Select the type of mode.

    Disabled – the radio is disabled.
    Access Point – the platform is an access point.
    Dedicated Monitor – the platform is a dedicated monitor. See Wireless network monitoring.

    WIDS Profile

    Optionally, select a Wireless Intrusion Detection (WIDS) profile. See Wireless network protection.

    Radio Resource
    Provision

    Select to enable the distributed radio resource provisioning (DARRP) feature. This feature measures utilization and interference on the available channels and selects the clearest channel at each access point. The measurement can be repeated periodically to respond to changing conditions.

    Client Load
    Balancing

    Select Frequency Handoff or AP Handoff as needed. See Access point configuration.

    Band

    Select the wireless protocols that you want to support. The available choices depend on the radio’s capabilities. Where multiple protocols are supported, the letter suffixes are combined: “802.11g/b” means 802.11g and 802.11b.

    Note that on two-radio units such as the FortiAP-221C it is not possible to put both radios on the same band.

    Channel Width

    Select channel width for 802.11ac or 802.11n on 5 GHz.

    Short Guard
    Interval

    Select to enable the short guard interval for 802.11ac or 802.11n on 5 GHz.

    Channels

    Select the channel or channels to include. The available channels depend on which IEEE wireless protocol you selected in Band. By default, all available channels are enabled.

    TX Power
    Control

    Enable automatic or manual adjustment of transmit power, specifying either minimum and maximum power levels in dBm or as a percentage.

    TX Power

    When TX Power Control is set to Auto, the TX Power is set by default to a range of 10-17 dBm. Set the range between 1 and 20 for both the lower and upper limits.

    When TX Power Control is set to Manual, the TX Power is set by default to 100% of the maximum power permitted in your region. To change the level, drag the slider.

    SSIDs

    Select Auto or Manual. Selecting Auto eliminates the need to re-edit the profile when new SSIDs are created. However, you can still select SSIDs individually using Manual. Note that bridge mode SSIDs cannot be manually selected for FortiWiFi local radio platforms.

    Automatic assignment of SSIDs (Auto) is not available for FortiAPs in Local Bridge mode. The option is hidden on both the Managed FortiAP settings and the FortiAP Profile assigned to that AP.

    Radio 1 settings are the same as Radio 2 settings except for the options for Channel.

    Radio 2 settings are available only for FortiAP models with dual radios.

  6. Select OK.
To configure a FortiAP profile - CLI

This example configures a FortiAP-220B to carry all SSIDs on Radio 1 but only SSID example_wlan on Radio 2.

config wireless-controller wtp-profile

edit guest_prof

config platform

set type 220B

end

config radio-1

set mode ap

set band 802.11g

set vap-all enable

end

config radio-2

set mode ap

set band 802.11g

set vaps example_wlan

end

end

To enable DARRP - CLI

To prevent interference between APs, the FortiOS WiFi Controller includes the Distributed Automatic Radio Resource Provisioning (DARRP) feature. Through DARRP, each FortiAP unit autonomously and periodically determines the channel that is best suited for wireless communications. FortiAP units to select their channel so that they do not interfere with each other in large-scale deployments where multiple access points have overlapping radio ranges.

In this example, DARRP is enabled for both radios in the FAP321C-default profile:

config wireless-controller wtp-profile

edit FAP321C-default

config radio-1

set darrp enable

end

config radio-2

set darrp enable

end

end

To set DARRP timing - CLI

By default, DARRP optimization occurs at a fixed interval of 1800 seconds (30 minutes). You can change this interval in the CLI. For example, to change the interval to 3600 seconds enter:

config wireless-controller timers

set darrp-optimize 3600

end

Optionally, you can schedule optimization for fixed times. This enables you to confine DARRP activity to a low-traffic period. Setting darrp-optimize to 0, makes darrp-day and darrp-time available. For example, here's how to set DARRP optimization for 3:00 am every day:

config wireless-controller timers

set darrp-optimize 0

set darrp-day sunday monday tuesday wednesday thursday friday saturday

set darrp-time 03:00

end

Both darrp-day and darrp-time can accept multiple entries.

Previous
Next

Creating a FortiAP profile

A FortiAP profile defines radio settings for a particular platform (FortiAP model). The profile also selects which SSIDs (virtual APs) the APs will carry. FortiAP units contain two radio transceivers, making it possible, for example, to provide both 2.4 GHz 802.11b/g/n and 5 GHz 802.11a/n service from the same access point. The radios can also be used for monitoring, used for the Rogue AP detection feature.

You can modify existing FortiAP profiles or create new ones of your own.

Note

On FortiGate model 30D, GUI configuration of FortiAP Profiles is disabled by default. To enable AP profiles, enter the following CLI commands:

config system settings
set gui-ap-profile enable
end
To configure a FortiAP profile - GUI
  1. Go to WiFi & Switch Controller > FortiAP Profiles and select Create New.
  2. Enter a Name for the FortiAP Profile.
  3. In Platform, select the FortiWiFi or FortiAP model to which this profile applies.
  4. If split tunneling is used, in Split Tunneling Subnets, enter a comma-separated list all of the destination IP address ranges that should not be routed through the FortiGate WiFi controller.
  5. For each radio, enter:

    6. Mode

    Select the type of mode.

    Disabled – the radio is disabled.
    Access Point – the platform is an access point.
    Dedicated Monitor – the platform is a dedicated monitor. See Wireless network monitoring.

    WIDS Profile

    Optionally, select a Wireless Intrusion Detection (WIDS) profile. See Wireless network protection.

    Radio Resource
    Provision

    Select to enable the distributed radio resource provisioning (DARRP) feature. This feature measures utilization and interference on the available channels and selects the clearest channel at each access point. The measurement can be repeated periodically to respond to changing conditions.

    Client Load
    Balancing

    Select Frequency Handoff or AP Handoff as needed. See Access point configuration.

    Band

    Select the wireless protocols that you want to support. The available choices depend on the radio’s capabilities. Where multiple protocols are supported, the letter suffixes are combined: “802.11g/b” means 802.11g and 802.11b.

    Note that on two-radio units such as the FortiAP-221C it is not possible to put both radios on the same band.

    Channel Width

    Select channel width for 802.11ac or 802.11n on 5 GHz.

    Short Guard
    Interval

    Select to enable the short guard interval for 802.11ac or 802.11n on 5 GHz.

    Channels

    Select the channel or channels to include. The available channels depend on which IEEE wireless protocol you selected in Band. By default, all available channels are enabled.

    TX Power
    Control

    Enable automatic or manual adjustment of transmit power, specifying either minimum and maximum power levels in dBm or as a percentage.

    TX Power

    When TX Power Control is set to Auto, the TX Power is set by default to a range of 10-17 dBm. Set the range between 1 and 20 for both the lower and upper limits.

    When TX Power Control is set to Manual, the TX Power is set by default to 100% of the maximum power permitted in your region. To change the level, drag the slider.

    SSIDs

    Select Auto or Manual. Selecting Auto eliminates the need to re-edit the profile when new SSIDs are created. However, you can still select SSIDs individually using Manual. Note that bridge mode SSIDs cannot be manually selected for FortiWiFi local radio platforms.

    Automatic assignment of SSIDs (Auto) is not available for FortiAPs in Local Bridge mode. The option is hidden on both the Managed FortiAP settings and the FortiAP Profile assigned to that AP.

    Radio 1 settings are the same as Radio 2 settings except for the options for Channel.

    Radio 2 settings are available only for FortiAP models with dual radios.

  6. Select OK.
To configure a FortiAP profile - CLI

This example configures a FortiAP-220B to carry all SSIDs on Radio 1 but only SSID example_wlan on Radio 2.

config wireless-controller wtp-profile

edit guest_prof

config platform

set type 220B

end

config radio-1

set mode ap

set band 802.11g

set vap-all enable

end

config radio-2

set mode ap

set band 802.11g

set vaps example_wlan

end

end

To enable DARRP - CLI

To prevent interference between APs, the FortiOS WiFi Controller includes the Distributed Automatic Radio Resource Provisioning (DARRP) feature. Through DARRP, each FortiAP unit autonomously and periodically determines the channel that is best suited for wireless communications. FortiAP units to select their channel so that they do not interfere with each other in large-scale deployments where multiple access points have overlapping radio ranges.

In this example, DARRP is enabled for both radios in the FAP321C-default profile:

config wireless-controller wtp-profile

edit FAP321C-default

config radio-1

set darrp enable

end

config radio-2

set darrp enable

end

end

To set DARRP timing - CLI

By default, DARRP optimization occurs at a fixed interval of 1800 seconds (30 minutes). You can change this interval in the CLI. For example, to change the interval to 3600 seconds enter:

config wireless-controller timers

set darrp-optimize 3600

end

Optionally, you can schedule optimization for fixed times. This enables you to confine DARRP activity to a low-traffic period. Setting darrp-optimize to 0, makes darrp-day and darrp-time available. For example, here's how to set DARRP optimization for 3:00 am every day:

config wireless-controller timers

set darrp-optimize 0

set darrp-day sunday monday tuesday wednesday thursday friday saturday

set darrp-time 03:00

end

Both darrp-day and darrp-time can accept multiple entries.

Previous
Next