Fortinet Document Library

Version:


Table of Contents

Cookbook

6.1.0
Download PDF
Copy Link

Creating the QoS rule on the FortiWLC

  1. On the FortiWLC, go to Configuration > Policies > QoS and select the QoS and Firewall Rules tab. Select ADD to create two profiles.
  2. For the first rule, allow the wireless client to access the FortiAuthenticator guest portal.

  • ID: Rule number (in the example, 20).
  • Destination IP: IP address of the FortiAuthenticator, and enable Match.
  • Destination Netmask: 255.255.255.255
  • Destination Port: 443, and enable Match.
  • Network Protocol: 6, and enable Match.
  • Firewall Filter ID: String from the security profile, and enable Match.
  • QoS Protocol: Other.

  • For the second rule, allow FortiAuthenticator to reach the clients.
    • ID: Rule number (in the example, 21).
    • Source IP: IP address of the FortiAuthenticator, and enable Match.
    • Source Netmask: 255.255.255.255
    • Source Port: 443, and enable Match.
    • Network Protocol: 6, and enable Match.
    • Firewall Filter ID: Use the Passthrough Firewall Filter ID string from the security profile, and enable Match.
    • QoS Protocol: Other.

    Creating the QoS rule on the FortiWLC

    1. On the FortiWLC, go to Configuration > Policies > QoS and select the QoS and Firewall Rules tab. Select ADD to create two profiles.
    2. For the first rule, allow the wireless client to access the FortiAuthenticator guest portal.

    • ID: Rule number (in the example, 20).
    • Destination IP: IP address of the FortiAuthenticator, and enable Match.
    • Destination Netmask: 255.255.255.255
    • Destination Port: 443, and enable Match.
    • Network Protocol: 6, and enable Match.
    • Firewall Filter ID: String from the security profile, and enable Match.
    • QoS Protocol: Other.

  • For the second rule, allow FortiAuthenticator to reach the clients.
    • ID: Rule number (in the example, 21).
    • Source IP: IP address of the FortiAuthenticator, and enable Match.
    • Source Netmask: 255.255.255.255
    • Source Port: 443, and enable Match.
    • Network Protocol: 6, and enable Match.
    • Firewall Filter ID: Use the Passthrough Firewall Filter ID string from the security profile, and enable Match.
    • QoS Protocol: Other.