Fortinet white logo
Fortinet white logo

Administration Guide

FortiAP profiles

FortiAP profiles

FortiAP profiles define radio settings for FortiAP models. The profile specifies details such as the operating mode of the device, SSIDs, and transmit power. Custom FortiAP profiles can be created as needed for new devices.

When you create FortiAP profiles, you can select a Bluetooth profile and/or a WIDS profile.

To view AP profiles:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to AP Manager > WiFi Profiles > Operation Profiles > FortiAP Profiles.

    The following options are available in the toolbar and right-click menu:

    Create New

    Create a new AP profile.

    Edit

    Edit the selected AP profile.

    Delete

    Delete the selected AP profile.

    Clone

    Clone the selected AP profile.

    Where Used

    View where the selected AP profile is used.

    Import

    Import AP profiles from a connected FortiGate (toolbar only).

To create custom AP profiles:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to AP Manager > WiFi Profiles > Operation Profiles > FortiAP Profiles.
  3. In the toolbar, click Create New.

    The Create New AP Profile pane opens.

  4. Enter the following information, and click OK to create the AP profile:

    Name

    Type a name for the profile.

    Comment

    Optionally, enter comments.

    Platform

    Select the platform that the profile will apply to from the dropdown list.

    Indoor / Outdoor

    Select Default (Indoor), Indoor, or Outdoor. The selection can affect the available channels due to regulatory rules.

    Country / Region

    Select the country or region from the drop-down list.

    AP Login Password

    Set, leave unchanged (default), or empty the AP login password.

    Administrative Access

    Allow management access to the managed AP via telnet, http, https, and/or ssh.

    Client Load Balancing

    Select the client load balancing methods to use: Frequency Handoff and/or AP Handoff.

    Bluetooth Profile

    If available for the platform, select a profile from the list or click the plus (+) to create a new Bluetooth profile.

    Radio 1 & 2

    Configure the radio settings. The Radio 2 settings will only appear if the selected platform has two radios.

    Mode

    Select the radio operation mode:

    • Disabled: The radio is disabled. No further radio settings are available.
    • Access Point: The device is an access point. See options below.
    • Dedicated Monitor: The device is a dedicated monitor. See options below.
    • SAM: The device is a station that can connect to a neighboring AP for connectivity and health check. See options below.

    Mode = Access Point

    WIDS Profile

    Select a WIDS profile from the dropdown list. See WIDS profiles.

    Radio Resource Provision

    Select to enable radio resource provisioning.

    This feature measures utilization and interference on the available channels and selects the clearest channel at each access point.

    ARRP Profile

    Select an Automatic Radio Resource Provisioning (ARRP) profile. See ARRP profiles.

    This option is only available if Radio Resource Provision is enabled.

    Band

    Select the wireless protocol from the dropdown list. The available bands depend on the selected platform.

    In two radio devices, both radios cannot use the same band.

    Channel Width

    Select 20MHz or 40MHz channel width.

    This option is only available for 802.11n bands.

    Channel Plan

    Select Three Channels or Four Channels to select predefined channels. Select Custom to specify custom channels.

    Channels

    Available when Channel Plan is set to Custom. Select the channel or channels to include. The available channels depend on the selected platform and band.

    Short Guard Interval

    Select to enable the short guard interval.

    This option is only available for 802.11n bands.

    Transmit Power Mode

    Select Percent or dBm to specify the minimum and maximum power levels by percent or dBm.

    Select Auto to specify a range of dBm and allow the level to be automatically set within the range.

    Transmit Power

    If Transmit Power Mode is Percent or dBm, specify the percentage or dBm of the total available power.

    If Transmit Power Mode is Auto, enter the power low and high values in dBm.

    SSIDs

    Manually choose the SSIDs that APs using this profile will carry, or let them be selected automatically.

    Monitor Channel Utilization

    Enable/disable monitoring channel utilization.

    Mode = Dedicated Monitor

    WIDS Profile

    Select a WIDS profile from the dropdown list. See WIDS profiles.

    Mode = SAM

    SSID

    Enter the SSID for the WiFi network.

    BSSID

    Enter the BSSID for the WiFi network.

    Security Type

    Select Open, WPA/WPA2 Personal, or WPA/WPA2 Enterprise for the WiFi network.

    WiFi Username

    Enter the WiFi username.

    This option is only available if Security Type = WPA/WPA2 Enterprise.

    WiFi Password

    Enter the WiFi password.

    This option is not available if Security Type = Open.

    Captive Portal Authentication

    Enable/disable captive portal authentication.

    This option is not available if Security Type = WPA/WPA2 Enterprise.

    Test Type

    Select ping or Iperf for the SAM test type.

    Test Server Type

    Select ip or fqdn for the SAM server type.

    Test Server

    Enter the SAM IP address or the FQDN according to the Test Server Type.

    Iperf Server Port

    Enter the Iperf service port number.

    Iperf Protocol

    Select UDP or TCP for the Iperf test protocol.

    Report Interval (seconds)

    Enter the SAM report interval in seconds (60-864000, default = 0). Enter 0 for a one-time report.

    System Log

    Syslog Profile

    Click the add icon to create a new syslog profile.

    LAN Configuration

    Port ESL Mode

    Select Offline, NAT to WAN, Bridge to WAN, or Bridge to SSID.

    Port ESL SSID

    Available when Port ESL Mode is set to Bridge to SSID. Select the SSID.

    Handoff Station Threshold

    The access point handoff threshold. If the access point has more clients than this threshold, it is considered busy and clients are referred to another access point (range 5-60 with a default of 55).

    WAN Port Mode

    Enable/disable using a WAN port as a LAN port. Select wan-lan or wan-only (default = wan-only).

    ESL SES Dongle Configuration

    APC FQDN

    Enter the FQDN of the ESL SES-imagotag Access Point Controller (APC).

    Location Based Services

    FortiPresence

    Mode

    Select the FortiPresence mode:

    • Disable
    • Foreign channels only
    • Foreign and home channels

    Project name

    The FortiPresence project name.

    Password

    FortiPresence secret password.

    FortiPresence Server Type

    Select IP or FQDN.

    FortiPresence server IP/FQDN

    FortiPresence server IP address or FQDN.

    FortiPresence server port

    FortiPresence server UDP listening port (default = 3000).

    Report rogue APs

    Enable/disable FortiPresence reporting of Rogue APs.

    Report unassociated clients

    Enable/disable FortiPresence reporting of unassociated devices.

    Report transmit frequency (in seconds)

    FortiPresence report transmit frequency, in seconds (5 - 65535, default = 30).

    Ekahau blink

    Enable/disable Ekahau blink location based services.

    RTLS controller server IP

    Enter the realtime location services (RTLS) controller server IP address.

    RTLS controller server port

    The RTLS controller server port (default = 8569).

    Ekahau tag MAC address

    Enter the Ekahau tag MAC address.

    AeroScout

    Enable/disable AeroScout location based services.

    AeroScout server IP

    Enter the AeroScout server IP address.

    AeroScout server port

    Enter the AeroScout server port.

    MU mode dilution factor

    Enter the MU mode dilution factor (default = 20).

    MU mode dilution timeout

    Enter the MU mode dilution timeout (default = 5).

    Locate WiFi clients when not connected

    Enable/disable locating WiFi client when they are not connected.

    Advanced Options

    Expand to display and set the advanced options. Hover the mouse over the i icon to view a tooltip of each advanced option.

    For more information, refer to the FortiOS CLI Reference.

To edit a custom AP profile:
  1. Select the profile.
  2. In the toolbar, click Edit.

    Alternatively, you can right-click the profile and select Edit, or you can double-click the profile.

    The Edit AP Profile pane opens.

  3. Edit the settings as required. The profile name cannot be edited.
  4. Click OK to apply your changes.
To delete custom AP profiles:
  1. Select the AP profile or profiles to be deleted. Default profiles cannot be deleted.
  2. In the toolbar, click Delete.

    Alternatively, you can right-click the profile and select Delete.

  3. Click OK in the confirmation dialog to delete the profile.
To clone a custom AP profile:
  1. Select the profile to be cloned.
  2. In the toolbar, click Clone.

    Alternatively, you can right-click the profile and select Clone.

  3. Edit the name of the profile, then edit the remaining settings as required.
  4. Click OK to clone the profile.
To view where an AP profile is used:
  1. Select the profile.
  2. In the toolbar, click More > Where Used.

    Alternatively, you can right-click the profile and select Where Used.

    The Where <profile name> is used pane opens.

  3. Click Close.
To import a AP profile:
  1. In the toolbar, click Import.

    The Import dialog opens.

  2. From the FortiGate dropdown, select a device. The list will include all of the devices in the current ADOM.
  3. From the Profiles dropdown, select the profile(s).
  4. Click OK to import the profile or profiles.
    Note

    AP profiles can also be imported through the Device Manager. See Importing AP profiles and FortiSwitch templates.

FortiAP profiles

FortiAP profiles

FortiAP profiles define radio settings for FortiAP models. The profile specifies details such as the operating mode of the device, SSIDs, and transmit power. Custom FortiAP profiles can be created as needed for new devices.

When you create FortiAP profiles, you can select a Bluetooth profile and/or a WIDS profile.

To view AP profiles:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to AP Manager > WiFi Profiles > Operation Profiles > FortiAP Profiles.

    The following options are available in the toolbar and right-click menu:

    Create New

    Create a new AP profile.

    Edit

    Edit the selected AP profile.

    Delete

    Delete the selected AP profile.

    Clone

    Clone the selected AP profile.

    Where Used

    View where the selected AP profile is used.

    Import

    Import AP profiles from a connected FortiGate (toolbar only).

To create custom AP profiles:
  1. If using ADOMs, ensure that you are in the correct ADOM.
  2. Go to AP Manager > WiFi Profiles > Operation Profiles > FortiAP Profiles.
  3. In the toolbar, click Create New.

    The Create New AP Profile pane opens.

  4. Enter the following information, and click OK to create the AP profile:

    Name

    Type a name for the profile.

    Comment

    Optionally, enter comments.

    Platform

    Select the platform that the profile will apply to from the dropdown list.

    Indoor / Outdoor

    Select Default (Indoor), Indoor, or Outdoor. The selection can affect the available channels due to regulatory rules.

    Country / Region

    Select the country or region from the drop-down list.

    AP Login Password

    Set, leave unchanged (default), or empty the AP login password.

    Administrative Access

    Allow management access to the managed AP via telnet, http, https, and/or ssh.

    Client Load Balancing

    Select the client load balancing methods to use: Frequency Handoff and/or AP Handoff.

    Bluetooth Profile

    If available for the platform, select a profile from the list or click the plus (+) to create a new Bluetooth profile.

    Radio 1 & 2

    Configure the radio settings. The Radio 2 settings will only appear if the selected platform has two radios.

    Mode

    Select the radio operation mode:

    • Disabled: The radio is disabled. No further radio settings are available.
    • Access Point: The device is an access point. See options below.
    • Dedicated Monitor: The device is a dedicated monitor. See options below.
    • SAM: The device is a station that can connect to a neighboring AP for connectivity and health check. See options below.

    Mode = Access Point

    WIDS Profile

    Select a WIDS profile from the dropdown list. See WIDS profiles.

    Radio Resource Provision

    Select to enable radio resource provisioning.

    This feature measures utilization and interference on the available channels and selects the clearest channel at each access point.

    ARRP Profile

    Select an Automatic Radio Resource Provisioning (ARRP) profile. See ARRP profiles.

    This option is only available if Radio Resource Provision is enabled.

    Band

    Select the wireless protocol from the dropdown list. The available bands depend on the selected platform.

    In two radio devices, both radios cannot use the same band.

    Channel Width

    Select 20MHz or 40MHz channel width.

    This option is only available for 802.11n bands.

    Channel Plan

    Select Three Channels or Four Channels to select predefined channels. Select Custom to specify custom channels.

    Channels

    Available when Channel Plan is set to Custom. Select the channel or channels to include. The available channels depend on the selected platform and band.

    Short Guard Interval

    Select to enable the short guard interval.

    This option is only available for 802.11n bands.

    Transmit Power Mode

    Select Percent or dBm to specify the minimum and maximum power levels by percent or dBm.

    Select Auto to specify a range of dBm and allow the level to be automatically set within the range.

    Transmit Power

    If Transmit Power Mode is Percent or dBm, specify the percentage or dBm of the total available power.

    If Transmit Power Mode is Auto, enter the power low and high values in dBm.

    SSIDs

    Manually choose the SSIDs that APs using this profile will carry, or let them be selected automatically.

    Monitor Channel Utilization

    Enable/disable monitoring channel utilization.

    Mode = Dedicated Monitor

    WIDS Profile

    Select a WIDS profile from the dropdown list. See WIDS profiles.

    Mode = SAM

    SSID

    Enter the SSID for the WiFi network.

    BSSID

    Enter the BSSID for the WiFi network.

    Security Type

    Select Open, WPA/WPA2 Personal, or WPA/WPA2 Enterprise for the WiFi network.

    WiFi Username

    Enter the WiFi username.

    This option is only available if Security Type = WPA/WPA2 Enterprise.

    WiFi Password

    Enter the WiFi password.

    This option is not available if Security Type = Open.

    Captive Portal Authentication

    Enable/disable captive portal authentication.

    This option is not available if Security Type = WPA/WPA2 Enterprise.

    Test Type

    Select ping or Iperf for the SAM test type.

    Test Server Type

    Select ip or fqdn for the SAM server type.

    Test Server

    Enter the SAM IP address or the FQDN according to the Test Server Type.

    Iperf Server Port

    Enter the Iperf service port number.

    Iperf Protocol

    Select UDP or TCP for the Iperf test protocol.

    Report Interval (seconds)

    Enter the SAM report interval in seconds (60-864000, default = 0). Enter 0 for a one-time report.

    System Log

    Syslog Profile

    Click the add icon to create a new syslog profile.

    LAN Configuration

    Port ESL Mode

    Select Offline, NAT to WAN, Bridge to WAN, or Bridge to SSID.

    Port ESL SSID

    Available when Port ESL Mode is set to Bridge to SSID. Select the SSID.

    Handoff Station Threshold

    The access point handoff threshold. If the access point has more clients than this threshold, it is considered busy and clients are referred to another access point (range 5-60 with a default of 55).

    WAN Port Mode

    Enable/disable using a WAN port as a LAN port. Select wan-lan or wan-only (default = wan-only).

    ESL SES Dongle Configuration

    APC FQDN

    Enter the FQDN of the ESL SES-imagotag Access Point Controller (APC).

    Location Based Services

    FortiPresence

    Mode

    Select the FortiPresence mode:

    • Disable
    • Foreign channels only
    • Foreign and home channels

    Project name

    The FortiPresence project name.

    Password

    FortiPresence secret password.

    FortiPresence Server Type

    Select IP or FQDN.

    FortiPresence server IP/FQDN

    FortiPresence server IP address or FQDN.

    FortiPresence server port

    FortiPresence server UDP listening port (default = 3000).

    Report rogue APs

    Enable/disable FortiPresence reporting of Rogue APs.

    Report unassociated clients

    Enable/disable FortiPresence reporting of unassociated devices.

    Report transmit frequency (in seconds)

    FortiPresence report transmit frequency, in seconds (5 - 65535, default = 30).

    Ekahau blink

    Enable/disable Ekahau blink location based services.

    RTLS controller server IP

    Enter the realtime location services (RTLS) controller server IP address.

    RTLS controller server port

    The RTLS controller server port (default = 8569).

    Ekahau tag MAC address

    Enter the Ekahau tag MAC address.

    AeroScout

    Enable/disable AeroScout location based services.

    AeroScout server IP

    Enter the AeroScout server IP address.

    AeroScout server port

    Enter the AeroScout server port.

    MU mode dilution factor

    Enter the MU mode dilution factor (default = 20).

    MU mode dilution timeout

    Enter the MU mode dilution timeout (default = 5).

    Locate WiFi clients when not connected

    Enable/disable locating WiFi client when they are not connected.

    Advanced Options

    Expand to display and set the advanced options. Hover the mouse over the i icon to view a tooltip of each advanced option.

    For more information, refer to the FortiOS CLI Reference.

To edit a custom AP profile:
  1. Select the profile.
  2. In the toolbar, click Edit.

    Alternatively, you can right-click the profile and select Edit, or you can double-click the profile.

    The Edit AP Profile pane opens.

  3. Edit the settings as required. The profile name cannot be edited.
  4. Click OK to apply your changes.
To delete custom AP profiles:
  1. Select the AP profile or profiles to be deleted. Default profiles cannot be deleted.
  2. In the toolbar, click Delete.

    Alternatively, you can right-click the profile and select Delete.

  3. Click OK in the confirmation dialog to delete the profile.
To clone a custom AP profile:
  1. Select the profile to be cloned.
  2. In the toolbar, click Clone.

    Alternatively, you can right-click the profile and select Clone.

  3. Edit the name of the profile, then edit the remaining settings as required.
  4. Click OK to clone the profile.
To view where an AP profile is used:
  1. Select the profile.
  2. In the toolbar, click More > Where Used.

    Alternatively, you can right-click the profile and select Where Used.

    The Where <profile name> is used pane opens.

  3. Click Close.
To import a AP profile:
  1. In the toolbar, click Import.

    The Import dialog opens.

  2. From the FortiGate dropdown, select a device. The list will include all of the devices in the current ADOM.
  3. From the Profiles dropdown, select the profile(s).
  4. Click OK to import the profile or profiles.
    Note

    AP profiles can also be imported through the Device Manager. See Importing AP profiles and FortiSwitch templates.