WiFi (5.6.1)

WiFi (5.6.1)

New WiFi features added to FortiOS 5.6.1.

Support for various FortiAP models (416177) (435638)

FortiAP units FAP-U321EV, FAP-U323EV, FAP-S221E, FAP-S223E, and FAP-222E are supported by FortiOS

5.6.1.

As part of this support, new CLI attributes have been added under config wireless-controller wtpprofile to manage their profiles.

CLI syntax

config wireless-controller wtp-profile edit <model> config platform set type <model>

end set ap-country <code> config radio-1 set band 802.11n

end config radio-2 set band 802.11ac

end

next

end

New Managed AP Groups and Dynamic VLAN Assignment (436267)

The FortiGate can create FortiAP Groups, under WiFi & Switch Controller > Managed Devices > Managed FortiAPs by selecting Create New > Managed AP Group, where multiple APs can be managed. AP grouping allows specific profile settings to be applied to many APs all at once that belong to a certain AP group, simplifying the administrative workload.

Note that each AP can only belong to one group.

In addition, VLANs can be assigned dynamically based on the group which an AP belongs. When defining an SSID, under WiFi & Switch Controlller > SSID, a setting called VLAN Pooling can be enabled where you can either assign the VLAN ID of the AP group the device is connected to, to each device as it is detected, or to always assign the same VLAN ID to a specific device. Dynamic VLAN assignment allows the same SSID to be deployed to many APs, avoiding the need to produce multiple SSIDs.

GUI support for configuring multiple pre-shared keys for SSID interfaces (406321)

Multiple pre-shared keys can be created per SSID. When creating a new SSID, enable Multiple Pre-shared Keys under WiFi Settings.

(5.6.1)

FortiAP Bluetooth Low Energy (BLE) Scan (438274)

The FortiGate can configure FortiAP Bluetooth Low Energy (BLE) scan, incorporating Google’s BLE beacon profile known as Eddystone, used to identify groups of devices and individual devices.

As part of this support, new CLI attributes have been added under config wireless-controller timers and config wireless-controller wtp-profile, including a new CLI command, config wireless-controller ble-profile.

CLI syntax – Configure BLE report intervals

config wireless-controller timers set ble-scan-report-intv – (default = 30 sec)

end

CLI syntax – Assign BLE profiles to WTP profiles

config wireless-controller wtp-profile edit <name> set ble-profile <name>

next

end

CLI syntax – Configure BLE profiles

config wireless-controller ble-profile edit <name> set comment <comment>

set advertising {ibeacon | eddystone-uid | eddystone-url} set ibeacon-uuid <uuid> set major-id <0 – 65535> – (default = 1000) set minor-id <0 – 65535> – (default = 1000) set eddystone-namespace <10-byte namespace> set eddystone-instance <device id> set eddystone-url <url> set txpower <0 – 12> – (default = 0) set beacon-interval <40 – 3500> – (default = 100) set ble-scanning {enable | disable} – (default = disable)

next

end

Note that txpower determines the transmit power level on a scale of 0-12:

  • 0: -21 dBm l 1: -18 dBm l 2: -15 dBm l 3: -12 dBm l 4: -9 dBm
  • 5: -6 dBm l 6: -3 dBm l 7: 0 dBm l 8: 1 dBm l 9: 2 dBm l 10: 3 dBm l 11: 4 dBm l 12: 5 dBm

WiFi client monitor page search enhanced (440709)

WiFi Cient Monitor page (Monitor > WiFi Client Monitor) now supports search function.

This entry was posted in FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.