Creating a FortiAP Profile

Creating a FortiAP Profile

A FortiAP Profile defines radio settings for a particular platform (FortiAP model). The profile also selects which SSIDs (virtual APs) the APs will carry. FortiAP units contain two radio transceivers, making it possible, for example, to provide both 2.4GHz 802.11b/g/n and 5GHz 802.11a/n service from the same access point. The radios can also be used for monitoring, used for the Rogue AP detection feature.

You can modify existing FortiAP profiles or create new ones of your own.

To configure a FortiAP Profile – web-based manager

  1. Go to WiFi & Switch Controller > FortiAP Profiles and select Create New.
  2. Enter a Name for the FortiAP Profile.
  3. In Platform, select the FortiWiFi or FortiAP model to which this profile applies.
  4. If split tunneling is used, in Split Tunneling Subnets, enter a comma-separated list all of the destination IP address ranges that should not be routed through the the FortiGate WiFi controller.
  5. For each radio, enter:

Creating a FortiAP Profile

Mode Select the type of mode.

Disable – radio disabled

Access Point – the platform is an access point

Dedicated Monitor – the platform is a dedicated monitor. See Wireless network monitoring on page 111.

WIDS Profile Optionally, select a Wireless Intrusion Detection (WIDS) profile. See Protecting the WiFi Network on page 108.
Radio Resource Provision Select to enable the radio resource provision feature. This feature measures utilization and interference on the available channels and selects the clearest channel at each access point. The measurement can be repeated periodically to respond to changing conditions.
Client Load Balancing Select Frequency Handoff or AP Handoff as needed. See Access point deployment on page 64.
Band Select the wireless protocols that you want to support. The available choices depend on the radio’s capabilities. Where multiple protocols are supported, the letter suffixes are combined: “802.11g/b” means 802.11g and 802.11b.

Note that on two-radio units such as the FortiAP-221C it is not possible to put both radios on the same band.

Channel Width Select channel width for 802.11ac or 802.11n on 5GHz.
Short Guard

Interval

Select to enable the short guard interval for 802.11ac or 802.11n on 5GHz.
Channels Select the channel or channels to include. The available channels depend on which IEEE wireless protocol you selected in Band. By default, all available channels are enabled.
TX Power

Control

Enable automatic or manual adjustment of transmit power, specifying either minimum and maximum power levelsin dBm or as a percentage.
TX Power When TX Power Control is set to Auto, the TX Power is set by default to a range of 10-17 dBm. Set the range between 1-20 for both the lower and upper limits.

When TX Power Control is set to Manual, the TX Power is set by default to 100% of the maximum power permitted in your region. To change the level, drag the slider.

SSIDs Select between Auto or Manual. Selecting Auto eliminates the need to re-edit the profile when new SSIDs are created. However, you can still select SSIDs individually using Manual.

Note that automatic assignment of SSIDs (Auto) is not available for FortiAPs in Local Bridge mode. The option is hidden on both the

Managed FortiAP settings and the FortiAP Profile assigned to that AP.

Radio 1 settings are the same as Radio 2 settings except for the options for Channel.

Radio 2 settings are available only for FortiAP models with dual radios.

  1. Select OK.

To configure a FortiAP Profile – CLI

This example configures a FortiAP-220B to carry all SSIDs on Radio 1 but only SSID example_wlan on Radio 2.

config wireless-controller wtp-profile edit guest_prof config platform set type 220B

end config radio-1 set mode ap set band 802.11g set vap-all enable

end config radio-2 set mode ap set band 802.11g set vaps example_wlan

end

end

This entry was posted in Administration Guides, FortiAP on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

One thought on “Creating a FortiAP Profile

  1. Alaa Adnan

    Hello Sir,
    I’ve been following you o YouTube for a long time and I thank you for all the advices you give. The info I get from you are very reliable and on point.
    I have a question
    I’m installing FortiAP (C24JE) and managing them thru fortigate but I can’t find the platform in Forti AP profile in fortigate.
    Need your advice.
    Thank you in advance

    Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.