Provisioning Templates – FortiManager 5.2

Leave a reply

To create a new SSID (Tunnel to wireless controller):

  1. From the SSIDs page, select Create New in the toolbar. The New SSID window opens.
New SSID

Enter the following information:

Name   Type a name for the SSID.
Traffic Mode   Select Tunnel to Wireless Controller from the drop-down list.

 

Common Interface Settings Select to enable common interface settings.
IP/Netmask Type the IP address and network mask.
IPv6 Address Type the IPv6 address.
Administrative Access Select the allowed administrative service protocols from: HTTPS, HTTP, PING, FMG-Access, SSH, SNMP, TELNET, Auto IPsec Request, and FCT-Access.
IPv6 Administrative Access Select the allowed administrative service protocols from: HTTPS, HTTP, PING, FMG-Access, SSH, SNMP, TELNET, CAPWAP.
Enable DHCP Select to enable and configure DHCP.

This settings is only available when Traffic Mode is set to Tunnel to Wireless Controller.
Address Range Type the DHCP address range.
Netmask Type the netmask.
Default Gateway Select Same As Interface IP if the default gateway is the same as the interface IP, or select Specify and type a new gateway IP address.
DNS Server Select Same As System DNS if the DNS server is the same as the system DNS, or select Specify and type a DNS server address.
MAC Address Access Control

List

 The MAC address control list allows you to view the MAC addresses and their actions. It includes a default entry for unknown MAC addresses.

l  Select Create New to create a new IP MAC binding.

l  Select an address and then select Edit to edit the default action for unknown MAC addresses or your IP MAC bindings.

l  Select an address or addresses and then select Delete to delete the selected items. The unknown MAC address cannot be deleted.
WiFi Settings  
SSID Type the wireless service set identifier (SSID) or network name for this wireless interface. Users who want to use the wireless network must configure their computers with this network name.
Security Mode Select a security mode. The options are: WEP64, WEP128,

WPA/WPA2-PERSONAL, WPA/WPA2-ENTERPRISE, Captive

Portal, OPEN, WPA-ONLY-PERSONAL, WAP-ONLYENTERPRISE, WPA2-ONLY-PERSONAL, orWPA2-ONLYENTERPRISE.

 

Key Index Select 1, 2, 3, or 4 from the drop-down menu.

Many wireless clients can configure up to four WEP keys. Select which key clients must use.with this access point. This is available when security is a WEP type.
Key Type 10 Hex digits for the key value.
Data Encryption Select the data encryption method. The options are: AES, TKIP, and TKIP-AES.

This option is only available when the security mode is set to WPA.
Pre-shared Key Type the pre-shared key for the SSID.

This option is only available when the security mode is set to WPA-Personal.
Detect and Identify Devices Select to enable or disable detect and identify devices. When this setting is configured as enable, you can select to Add New Devices to Vulnerability Scan List.
Authentication Select the authentication method for the SSID, either a RADIUS server or a user group, then select the requisite server or group from the respective drop-down list.

This option is only available when the security mode is set to WPAEnterprise.
Customize Portal Messages Select to allow for customized portal messages.

This option is only available when the security mode is set to Captive Portal.
User Groups Select the user groups to add from the Available user group box. Use the arrow buttons to move the desired user groups to the Selected user groups box.

This option is only available when the security mode is set to Captive Portal.
Block Intra-SSID Traffic Select to block intra-SSID traffic.
Split Tunneling Select to enable split tunneling.
Maximum Clients Select to limit the concurrent WiFi clients that can connect to the SSID. If selected, type the desired maximum number of clients. Type 0 for no limit.
Optional VLAN ID Select the VLAN ID in the text field using the arrow keys. Select 0 if VLANs are not used.
Detect and Identify Devices Select to detect and identify devices connecting to the SSID.
Add New Devices to Vulnerability Scan List Select to add new devices to the vulnerability scan list.

This options is only available when Detect and Identify Devices is enabled.
  1. Select OK to create the SSID.
Pages: 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16
This entry was posted in Administration Guides, FortiManager and tagged , , on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.