AP profiles define radio settings for FortiAP models. The profile specifies details such as the operating mode of the device, SSIDs, and transmit power. Custom AP profiles can be created as needed for new devices.
- Ensure you are in the correct ADOM.
- Go to AP manager.
- In the tree menu, go to Wifi Templates > AP Profile.
The following options are available in the toolbar and right-click menu:
Create a new AP profile.
Edit the selected AP profile.
Delete the selected AP profile.
Clone the selected AP profile.
Import AP profiles from a connected FortiGate (toolbar only).
- Ensure you are in the correct ADOM.
- Go to AP manager.
- In the tree menu, click Wifi Templates > AP Profile.
- In the toolbar Create New. The Create New AP Profile windows opens.
- Enter the following information:
Type a name for the profile.
Optionally, enter comments.
Select the platform that the profile will apply to from the dropdown list.
Select the country or region from the drop-down list.
AP Login Password
Set, leave unchanged (default), or empty the AP login password.
Allow management access to the managed AP via telnet, http, https, and/or ssh.
Client Load Balance
Select the client load balancing methods to use: Frequency Handoff and/or AP Handoff.
Select a profile from the list, or click Add to create a new Bluetooth profile.
Radio 1 & 2
Configure the radio settings. The Radio 2 settings will only appear if the selected platform has two radios.
Select the radio operation mode:
- Disabled: The radio is disabled. No further radio settings are available.
- Access Point: The device is an access point.
- Dedicated Monitor: The device is a dedicated monitor. Only the WIDS Profile setting is available.
Select a WIDS profile from the dropdown list. See WIDS profiles.
Radio Resource Provision
Select to enable radio resource provisioning.
This feature measures utilization and interference on the available channels and selects the clearest channel at each access point.
Select the wireless protocol from the dropdown list. The available bands depend on the selected platform.
In two radio devices, both radios cannot use the same band.
Select 20MHz or 40MHz channel width. This option is only available for 5GHz 802.11n bands.
Short Guard Interval
Select to enable the short guard interval.
Select the channel or channels to include. The available channels depend on the selected platform and band.
TX Power Control
Optionally, enable automatic adjustment of transmit power, then specify the minimum and maximum power levels, dBm.
If TX Power Control is Manual, enter the TX power in the form of the percentage of the total available power.
If TX Power Control is Auto, enter the TX power low and high values, in dBm.
Manually choose the SSIDs that APs using this profile will carry, or let them be selected automatically.
Monitor Channel Utilization
Enable/disable monitoring channel utilization.
Select the FortiPresence mode:
- Foreign channels only
- Foreign and home channels
The FortiPresence project name.
FortiPresence secret password.
FortiPresence server IP
FortiPresence server IP address.
FortiPresence server port
FortiPresence server UDP listening port (default = 3000).
Report rogue APs
Enable/disable FortiPresence reporting of Rogue APs.
Report unassociated clients
Enable/disable FortiPresence reporting of unassociated devices.
Report transmit frequency (in seconds)
FortiPresence report transmit frequency, in seconds (5 - 65535, default = 30).
Enable/disable Ekahau blink location based services.
RTLS controller server IP
Enter the realtime location services (RTLS) controller server IP address.
RTLS controller server port
The RTLS controller server port (default = 8569).
Ekahau tag MAC address
Enter the Ekahau tag MAC address.
Enable/disable AeroScout location based services.
AeroScout server IP
Enter the AeroScout server IP address.
AeroScout server port
Enter the AeroScout server port.
MU mode dilution factor
Enter the MU mode dilution factor (default = 20).
MU mode dilution timeout
Enter the MU mode dilution timeout (default = 5).
Locate WiFi clients when not connected
Enable/disable locating WiFi client when they are not connected.
Configure advanced options for the SSID:
- control-message-offload: Configure CAPWAP control message data channel offload: aeroscout-mu, aeroscout-tag, ap-list, ebp-frame, sta-list, sta-cap-list, stats.
- dtsl-in-kernal: Enable/disable data channel DTLS in kernel.
- dtls-policy: Select the WTP data channel DTLS policy: clear-text, dtls‑enabled, and/or ipsec-vpn.
- energy-efficient-ethernet: Enable/disable use of energy efficient Ethernet on WTP.
- ext-info-enable: Enable/disable station/VAP/radio extension information, providing more detailed statistics for troubleshooting purposes.
- handoff-roaming: Enable/disable handoff when a client is roaming.
- handoff-rssi: Enter the minimum RSSI handoff value.
- handoff-sta-thresh: Enter the threshold value for AP handoff.
- ip-fragment-preventing: Prevent IP fragmentation for CAPWAP tunneled control and data packets. Select tcp-mss-adjust and/or icmp-unreachable.
- led-schedules: Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid.
- led-state: Enable/disable use of LEDs on WTP.
- lldp: Enable/disable LLDP.
- max-clients: Enter the maximum number of STAs supported by the WTP.
- poe-mode: Set the WTP, FortiAP, or AP's PoE mode: auto, 8023af, 8023at, or power-adapter (use the power adapter to control the mode).
- split-tunneling-acl-local-ap-subnet: Enable/disable split tunneling ACL local AP subnet.
- tun-mtu-downlink: Enter the downlink tunnel MTU.
- tun-mtu-uplink: Enter the uplink tunnel MTU.
- wan-port-mode: Set the WAN port mode: wan-only or wan-lan.
- Click OK to create the new AP profile.
- Select the profile you want to edit.
- In the toolbar, click Edit, or right-click the profile and click Edit. You can also double-click a profile to open it. The Edit AP Profile pane opens.
- Edit the settings as required. The profile name cannot be edited.
- Click OK to apply your changes.
- Select the AP profile or profiles to be deleted. Default profiles cannot be deleted.
- In the toolbar, click Delete, or right-click the profile and select Delete.
- Click OK in the confirmation dialog box to delete the profile.
- Select the profile to be cloned.
- In the toolbar, click Clone, or right-click the profile and click Clone.
- Edit the name of the profile, then edit the remaining settings as required.
- Click OK to clone the profile.
- In the toolbar, click Import . The Import dialog box opens.
- From the FortiGate dropdown, select a FortiGate from the list. The list will include all of the devices in the current ADOM.
- From the Profiles dropdown, select the profile or profiles to be imported from the dropdown list.
- Click OK to import the profile or profiles.
AP profiles can also be imported through the Device Manager. See Importing AP profiles and FortiSwitch templates.