FortiAP profiles
FortiAP profiles define radio settings for FortiAP models. The profile specifies details such as the operating mode of the device, SSIDs, and transmit power. Custom FortiAP profiles can be created as needed for new devices.
When you create FortiAP profiles, you can select a Bluetooth profile and/or a WIDS profile.
To view AP profiles:
- If using ADOMs, ensure that you are in the correct ADOM.
- Go to AP Manager > WiFi Profiles > Operation Profiles > FortiAP Profiles.
The following options are available in the toolbar and right-click menu:
Create New
Create a new AP profile.
Edit
Edit the selected AP profile.
Delete
Delete the selected AP profile.
Clone
Clone the selected AP profile.
Where Used
View where the selected AP profile is used.
Import
Import AP profiles from a connected FortiGate (toolbar only).
To create custom AP profiles:
- If using ADOMs, ensure that you are in the correct ADOM.
- Go to AP Manager > WiFi Profiles > Operation Profiles > FortiAP Profiles.
- In the toolbar, click Create New.
The Create New AP Profile pane opens.
- Enter the following information, and click OK to create the AP profile:
Name
Type a name for the profile.
Comment
Optionally, enter comments.
Platform
Select the platform that the profile will apply to from the dropdown list.
Indoor / Outdoor
Select Default (Indoor), Indoor, or Outdoor. The selection can affect the available channels due to regulatory rules.
Country / Region Select the country or region from the drop-down list.
AP Login Password
Set, leave unchanged (default), or empty the AP login password.
Administrative Access Allow management access to the managed AP via telnet, http, https, and/or ssh.
Client Load Balancing
Select the client load balancing methods to use: Frequency Handoff and/or AP Handoff.
Bluetooth Profile
If available for the platform, select a profile from the list or click the plus (+) to create a new Bluetooth profile.
Radio 1 & 2
Configure the radio settings. The Radio 2 settings will only appear if the selected platform has two radios.
Mode
Select the radio operation mode:
- Disabled: The radio is disabled. No further radio settings are available.
- Access Point: The device is an access point. See options below.
- Dedicated Monitor: The device is a dedicated monitor. See options below.
- SAM: The device is a station that can connect to a neighboring AP for connectivity and health check. See options below.
Mode = Access Point
WIDS Profile
Select a WIDS profile from the dropdown list. See WIDS profiles.
Radio Resource Provision
Select to enable radio resource provisioning.
This feature measures utilization and interference on the available channels and selects the clearest channel at each access point.
ARRP Profile
Select an Automatic Radio Resource Provisioning (ARRP) profile. See ARRP profiles.
This option is only available if Radio Resource Provision is enabled.
Band
Select the wireless protocol from the dropdown list. The available bands depend on the selected platform.
In two radio devices, both radios cannot use the same band.
Channel Width
Select 20MHz or 40MHz channel width.
This option is only available for 802.11n bands.
Channel Plan
Select Three Channels or Four Channels to select predefined channels. Select Custom to specify custom channels.
Channels
Available when Channel Plan is set to Custom. Select the channel or channels to include. The available channels depend on the selected platform and band.
Short Guard Interval
Select to enable the short guard interval.
This option is only available for 802.11n bands.
Transmit Power Mode
Select Percent or dBm to specify the minimum and maximum power levels by percent or dBm.
Select Auto to specify a range of dBm and allow the level to be automatically set within the range.
Transmit Power
If Transmit Power Mode is Percent or dBm, specify the percentage or dBm of the total available power.
If Transmit Power Mode is Auto, enter the power low and high values in dBm.
SSIDs
Manually choose the SSIDs that APs using this profile will carry, or let them be selected automatically.
Monitor Channel Utilization
Enable/disable monitoring channel utilization.
Mode = Dedicated Monitor
WIDS Profile
Select a WIDS profile from the dropdown list. See WIDS profiles.
Mode = SAM
SSID
Enter the SSID for the WiFi network.
BSSID
Enter the BSSID for the WiFi network.
Security Type
Select Open, WPA/WPA2 Personal, or WPA/WPA2 Enterprise for the WiFi network.
WiFi Username
Enter the WiFi username.
This option is only available if Security Type = WPA/WPA2 Enterprise.
WiFi Password
Enter the WiFi password.
This option is not available if Security Type = Open.
Captive Portal Authentication
Enable/disable captive portal authentication.
This option is not available if Security Type = WPA/WPA2 Enterprise.
Test Type
Select ping or Iperf for the SAM test type.
Test Server Type
Select ip or fqdn for the SAM server type.
Test Server
Enter the SAM IP address or the FQDN according to the Test Server Type.
Iperf Server Port
Enter the Iperf service port number.
Iperf Protocol
Select UDP or TCP for the Iperf test protocol.
Report Interval (seconds)
Enter the SAM report interval in seconds (60-864000, default = 0). Enter
0
for a one-time report.System Log
Syslog Profile
Click the add icon to create a new syslog profile.
LAN Configuration
Port ESL Mode
Select Offline, NAT to WAN, Bridge to WAN, or Bridge to SSID.
Port ESL SSID
Available when Port ESL Mode is set to Bridge to SSID. Select the SSID.
Handoff Station Threshold
The access point handoff threshold. If the access point has more clients than this threshold, it is considered busy and clients are referred to another access point (range 5-60 with a default of 55).
WAN Port Mode
Enable/disable using a WAN port as a LAN port. Select wan-lan or wan-only (default = wan-only).
ESL SES Dongle Configuration
APC FQDN
Enter the FQDN of the ESL SES-imagotag Access Point Controller (APC).
Location Based Services
FortiPresence
Mode
Select the FortiPresence mode:
- Disable
- Foreign channels only
- Foreign and home channels
Project name
The FortiPresence project name.
Password
FortiPresence secret password.
FortiPresence Server Type
Select IP or FQDN.
FortiPresence server IP/FQDN
FortiPresence server IP address or FQDN.
FortiPresence server port
FortiPresence server UDP listening port (default = 3000).
Report rogue APs
Enable/disable FortiPresence reporting of Rogue APs.
Report unassociated clients
Enable/disable FortiPresence reporting of unassociated devices.
Report transmit frequency (in seconds)
FortiPresence report transmit frequency, in seconds (5 - 65535, default = 30).
Ekahau blink
Enable/disable Ekahau blink location based services.
RTLS controller server IP
Enter the realtime location services (RTLS) controller server IP address.
RTLS controller server port
The RTLS controller server port (default = 8569).
Ekahau tag MAC address
Enter the Ekahau tag MAC address.
AeroScout
Enable/disable AeroScout location based services.
AeroScout server IP
Enter the AeroScout server IP address.
AeroScout server port
Enter the AeroScout server port.
MU mode dilution factor
Enter the MU mode dilution factor (default = 20).
MU mode dilution timeout
Enter the MU mode dilution timeout (default = 5).
Locate WiFi clients when not connected
Enable/disable locating WiFi client when they are not connected.
Advanced Options
Expand to display and set the advanced options. Hover the mouse over the i icon to view a tooltip of each advanced option.
For more information, refer to the FortiOS CLI Reference.
To edit a custom AP profile:
- Select the profile.
- In the toolbar, click Edit.
Alternatively, you can right-click the profile and select Edit, or you can double-click the profile.
The Edit AP Profile pane opens.
- Edit the settings as required. The profile name cannot be edited.
- Click OK to apply your changes.
To delete custom AP profiles:
- Select the AP profile or profiles to be deleted. Default profiles cannot be deleted.
- In the toolbar, click Delete.
Alternatively, you can right-click the profile and select Delete.
- Click OK in the confirmation dialog to delete the profile.
To clone a custom AP profile:
- Select the profile to be cloned.
- In the toolbar, click Clone.
Alternatively, you can right-click the profile and select Clone.
- Edit the name of the profile, then edit the remaining settings as required.
- Click OK to clone the profile.
To view where an AP profile is used:
- Select the profile.
- In the toolbar, click More > Where Used.
Alternatively, you can right-click the profile and select Where Used.
The Where <profile name> is used pane opens.
- Click Close.
To import a AP profile:
- In the toolbar, click Import.
The Import dialog opens.
- From the FortiGate dropdown, select a device. The list will include all of the devices in the current ADOM.
- From the Profiles dropdown, select the profile(s).
- Click OK to import the profile or profiles.
AP profiles can also be imported through the Device Manager. See Importing AP profiles and FortiSwitch templates.