Chapter 8 – Deploying Wireless Networks

GUI support for WiFi SSID schedules (276425 269695 269668 )

 

WiFi SSIDs include a schedule that determines when the WiFi network is available. The default schedule is Always. You can choose any schedule (but not schedule group) that is defined in Policy & Objects > Objects > Schedules.

 

CLI Syntax

config wireless-controller vap edit vap-name

set schedule always end

 

The WiFi SSID list includes a Schedule column.

 

SSID Groups

An SSID Group has SSIDs as members and can be specified in any field that accepts an SSID.

To create an SSID Group in the GUI, go to WiFi Controller > SSID and select Create New > SSID Group. Give the group a Name and choose Members (SSIDs, but not SSID Groups).

To create an SSID Group in the CLI:

 

config wireless-controller vap-group edit vap-group-name

set vaps “ssid1” “ssid2” end

 

RADIUS Change of Authorization (CoA) support

The CoA feature enables the FortiGate to receive a client disconnect message from the RADIUS server. This is used to disconnect clients when their time, credit or bandwidth had been used up. Enable this on the RADIUS server using the CLI:

 

config user radius edit <server_name>

set radius-coa enable end

 

CAPWAP offloading to NPU

On FortiGates with the NP6 processor, offloading of CAPWAP traffic to the NP6 is enabled by default.

 

Administrative access to managed FortiAPs

By default, telnet access to a FortiAP unit’s internal configuration is disabled when the FortiAP is managed (has been authorized) by a FortiGate. You can enable administrative access in the FortiAP profile, like this:

 

config wireless-controller wtp-profile edit FAP321C-default

set allowaccess telnet end

The allowaccess field also accepts http to allow HTTP administatrative access. The FortiAP Profile allowaccess settings can be overridden at the individual FortiAP:

config wireless-controller wtp edit FP321CX14004706

set override-allowaccess enable set allowaccess telnet http

end

 

Improved monitoring

The WiFi Client Monitor under Monitor displays top wireless user network usage and information that includes Device, Source IP, Source SSID, and Access Point. Disk logging must be enabled.

 

Wifi Clients and Failed Authentication views under FortiView are historical views.

 

This entry was posted in FortiOS 5.4 Handbook on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.