Fortinet Document Library

Version:

Version:


Table of Contents

FortiAP Cloud User Guide

Download PDF
Copy Link

Adding a Tunnel profile

When you add an SSID to a FortiAP network, you can assign a generic routing encapsulation (GRE) tunneling or a Layer 2 Tunneling Protocol (L2TP) profile to that SSID. The configured GRE tunnel profile encapsulates data traffic from wireless and wired clients between the FortiAP and a GRE concentrator, for example, a router.

The configured L2TP profile allows Internet Service Providers (ISP) to enable VPN services using an encryption protocol. Traffic is encrypted within the tunnel that is established between the FortiAP and an L2TP access concentrator.

Note: You cannot delete a tunnel profile if it is being used by an SSID.

 

Prerequisites

Complete the Adding a FortiAP network to FortiAP Cloud procedure.

Procedure steps

  1. On the FortiAP Cloud Home page, select the FortiAP network to which you want to add the tunnel profile.
  2. In the Menu bar, click Configure.
  3. In the Navigation pane, click tunnel Profile.
  4. Click Add Tunnel Profile.
  5. Complete the following fields:

    Name

    Enter a unique name for the tunnel. The name can be from 1 to 32 characters.

    Tunnel Type

    Select GRE or L2TP as the tunnel type.

    Tunnel IP address

    Enter the IP address of the Wireless Access Gateway (WAG), the tunnel remote end. Only IPv4 address format is supported.

    Tunnel Port

    Enter the tunnel port when using L2TP.

    Configure the following fields to monitor the tunnel.

    Ping interval

    Enter the frequency at which ping requests are sent to check the status of the tunnel. The valid range is 1 – 65535 seconds; default is 1 second.

    Ping number

    Enter the number of ping requests sent at the configured interval. The valid range is 1 – 65535; default is 5.

    Recv pkt timeout

    Enter the duration for which the devices wait for the ping response; after this the ping request times out. The valid range is 1 – 65535 seconds; default is 160 seconds.

    DHCP Server IP Address

    Optionally, enter the DHCP server IP address.

  6. To complete the addition of the tunnel profile, click Apply.

Adding a Tunnel profile

When you add an SSID to a FortiAP network, you can assign a generic routing encapsulation (GRE) tunneling or a Layer 2 Tunneling Protocol (L2TP) profile to that SSID. The configured GRE tunnel profile encapsulates data traffic from wireless and wired clients between the FortiAP and a GRE concentrator, for example, a router.

The configured L2TP profile allows Internet Service Providers (ISP) to enable VPN services using an encryption protocol. Traffic is encrypted within the tunnel that is established between the FortiAP and an L2TP access concentrator.

Note: You cannot delete a tunnel profile if it is being used by an SSID.

 

Prerequisites

Complete the Adding a FortiAP network to FortiAP Cloud procedure.

Procedure steps

  1. On the FortiAP Cloud Home page, select the FortiAP network to which you want to add the tunnel profile.
  2. In the Menu bar, click Configure.
  3. In the Navigation pane, click tunnel Profile.
  4. Click Add Tunnel Profile.
  5. Complete the following fields:

    Name

    Enter a unique name for the tunnel. The name can be from 1 to 32 characters.

    Tunnel Type

    Select GRE or L2TP as the tunnel type.

    Tunnel IP address

    Enter the IP address of the Wireless Access Gateway (WAG), the tunnel remote end. Only IPv4 address format is supported.

    Tunnel Port

    Enter the tunnel port when using L2TP.

    Configure the following fields to monitor the tunnel.

    Ping interval

    Enter the frequency at which ping requests are sent to check the status of the tunnel. The valid range is 1 – 65535 seconds; default is 1 second.

    Ping number

    Enter the number of ping requests sent at the configured interval. The valid range is 1 – 65535; default is 5.

    Recv pkt timeout

    Enter the duration for which the devices wait for the ping response; after this the ping request times out. The valid range is 1 – 65535 seconds; default is 160 seconds.

    DHCP Server IP Address

    Optionally, enter the DHCP server IP address.

  6. To complete the addition of the tunnel profile, click Apply.