This guide describes how to configure a wireless network and access points using FortiGate (or FortiWiFi) units and FortiAP units.
Wireless network equipment
This section includes an overview of Fortinet wireless network equipment:
FortiAP units are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4) as well as 802.11n, and the demand for plug and play deployment. FortiAP units come in various form factors (desktop, indoor, outdoor, or wall jack). Indoor and outdoor units can have internal or external antennas.
For large deployments, some FortiAP models support a mesh mode of operation in which control and data backhaul traffic between APs and the controller are carried on a dedicated wireless network. Users can roam seamlessly from one AP to another.
In dual-radio models, each radio can function as an AP or as a dedicated monitor. The monitoring function is also available during AP operation, subject to traffic levels.
FortiAP, FortiAP-C, FortiAP-S, FortiAP-W2, and FortiAP-U units are available in a variety of models to address specific use cases and management modes. For detailed information about the various models currently available, see the Fortinet website.
For assistance in choosing an AP, visit the AP product selector.
A FortiGate unit is an industry leading enterprise firewall. In addition to consolidating all the functions of a network firewall, IPS, anti-malware, VPN, WAN optimization, Web filtering, and application control in a single platform, FortiGate also has an integrated Wi-Fi controller. With this integrated Wi-Fi controller, a FortiGate unit can configure and manage access points such as FortiAP, FortiAP-C, FortiAP-S, FortiAP-W2, and FortiAP-U units.
For detailed information about FortiGate models currently available, see the Fortinet website.
A FortiWiFi unit is a FortiGate with a built-in Wi-Fi. A FortiWiFi unit can:
- Provide an access point for clients with wireless network cards. This default mode is called the Access Point mode.
- Connect to another wireless network. This is called Client mode. A FortiWiFi unit operating in client mode can only have one wireless interface.
- Monitor access points within radio range. This is called Monitoring mode. You can designate the detected access points as Accepted or Rogue for tracking purposes. No access point or client operation is possible in this mode. However, you can enable monitoring as a background activity while the unit is in Access Point mode.
For detailed information about FortiWiFi models currently available, see the Fortinet website.
Wireless management topologies
This section includes the following three topologies available for the management of access points:
For the integrated wireless management of access points, you can:
- Use a FortiWiFi unit which is a FortiGate with a built-in Wi-Fi module (also called local Wi-Fi radio) that works as an access point.
- Connect external access points (FortiAP) to a FortiWiFi.
- Connect external FortiAP units to a FortiGate.
The integrated wireless management topology leverages the Wireless LAN and Switch controller built into the operating system of the FortiGate (or FortiWiFi) to provide secure Wi-Fi and easily configure and manage your access points.
The integrated wireless management topology is a good choice for a small to medium enterprise deployment. The FortiWiFi is well suited for small sites of less than 40 users and an area no larger than 3,000 square feet. A deployment with a FortiGate managing external APs can range from small sites of less than 40 users to large sites with hundreds of users and with an area greater than 3,000 square feet.
With a FortiGate or FortiWiFi unit, you can configure and manage FortiAP, FortiAP-C, FortiAP-S, FortiAP-W2, and FortiAP-U units.
FortiAP Cloud offers management capabilities for standalone FortiAPs that scale from individual organizations managing a handful of APs, to large enterprises managing several thousand APs. FortiAP Cloud allows you to provision, monitor, troubleshoot, and optimize your FortiAP deployment through a simple, intuitive, and easy-to-use cloud interface that is accessible from anywhere. With zero-touch deployment options, FortiAP Cloud eliminates the need for costly on-site technical expertise. A FortiAP Cloud license key ships with each FortiAP, allowing an administrator to quickly add APs to the service.
With the FortiAP Cloud provisioning and management portal, you can manage and configure FortiAP, FortiAP-C, FortiAP-S, FortiAP-W2, and FortiAP-U units.
For more details about FortiAP Cloud, see the FortiAP Cloud documentation.
Some wireless deployments require high mobility with high performance and the Fortinet Wireless Controller can provide enterprise-class secure Wi-Fi to large and high-density environments. Dedicated WLAN controllers deliver seamless mobility, quick deployment, and easy capacity expansion with radio frequency virtualization for large numbers of access points.
The FortiWLC (wireless LAN controller) and FortiWLM (wireless LAN manager) platforms deliver seamless mobility and superior reliability with optimized client distribution and channel utilization. Both single- and multi-channel deployment options are supported, maximizing efficiency to make the most of available wireless spectrum.
The FortiWLC platform can manage FortiAP-U units.
For more details about the FortiWLC dedicated wireless LAN controller platform, see the FortiWLC and FortiWLM documentation.
Related products for wireless networks
This section discusses wireless network related products offered by Fortinet.
FortiPlanner provides a simple and intuitive user interface to help you with wireless LAN planning. FortiPlanner makes sure of a successful deployment with features such as the ability to import floor plans, select the type of AP and automatically calculate the required AP number and their placement. The built-in reporting automatically creates a complete plan along with the number of FortiAP units required and the exact stock keeping unit (SKU) codes for ordering.
FortiManager is the full-featured central management solution for Fortinet products. To centrally manage wireless networks, FortiManager includes the following features:
- Global wireless management and monitoring
- Centralized SSID and radio policy configuration
- Centralized AP firmware upgrades
- Centralized rogue AP suppression
FortiAnalyzer delivers critical insight into threats across the entire attack surface and provides instant visibility, situation awareness, real-time threat intelligence and actionable analytics, along with Network Operation Center and Security Operation Center (NOC-SOC) security analysis and operations perspective for the Fortinet Security Fabric.
FortiAnalyzer provides the following features:
- Centralized logs, searches, and reports
- Automated indicators of compromise (IOC)
- Real-time and historical views into network activity
- Advanced compliance reporting