Use frequency band load-balancing
In a high-density environment is important to make the best use of the two WiFi bands, 2.4GHz and 5GHz. The 5GHz band has more non-overlapping channels and receives less interference from non-WiFi devices, but not all devices support it. Clients that are capable of 5GHz operation should be encouraged to use 5GHz rather than the 2.4GHz band.
To load-balance the WiFi bands, you enable Frequency Handoff in the FortiAP profile. In the FortiGate web- based manager, go to WiFi & Switch Controller > FortiAP Profiles and edit the relevant profile. Or, you can use the CLI:
config wireless-controller wtp-profile edit FAP221C-default
config radio-1
set frequency-handoff enable end
The FortiGate wireless controller continuously performs a scan of all clients in the area and records their signal strength (RSSI) on each band. When Frequency Handoff is enabled, the AP does not reply to clients on the 2.4GHz band that have sufficient signal strength on the 5GHz band. These clients can associate only on the 5GHz band. Devices that support only 2.4GHz receive replies and associate with the AP on the 2.4GHz band.
Setting the handoff RSSI threshold
The FortiAP applies load balancing to a client only if the client has a sufficient signal level on 5GHz. The minimum signal strength threshold is set in the FortiAP profile, but is accessible only through the CLI:
config wireless-controller wtp-profile edit FAP221C-default
set handoff-rssi 25
end
handoff-rssi has a range of 20 to 30. RSSI is a relative measure. The higher the number, the stronger the signal.
AP load balancing
The performance of an AP is degraded if it attempts to serve too many clients. In high-density environments, multiple access points are deployed with some overlap in their coverage areas. The WiFi controller can manage the association of new clients with APs to prevent overloading.
To load-balance between APs, enable AP Handoff in the FortiAP profile. In the FortiGate web-based manager, go to WiFi & Switch Controller > FortiAP Profiles and edit the relevant profile. Or, you can use the CLI:
config wireless-controller wtp-profile edit FAP221C-default
config radio-1
set ap-handoff enable end
When an AP exceeds the threshold (the default is 30 clients), the overloaded AP does not reply to a new client that has a sufficient signal at another AP.
How to set split tunneling to public Internet destinations. There is no unique subnet for that. I want all traffic to Internet to go locally.
Just to clarify, you are wanting all NON enterprise network (or organization etc) traffic to flow out the local internet connection instead of going over the tunnel back to HQ and out their pipe?
Yes, that is what I want.
Any ideas how to do this?
Not sure I am following the question.
Please, see our conversation above. I need to split tunnel all NON enterprise traffic to the local internet instead of going over the tunnel back to the HQ and out their pipe. It is possible with IPSec VPN, but I am not sure how to do this with RemoteAP. In my case it is FortiAP25D.
Do you have any idea?