Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

Network topology of managed APs

Copy Link
Copy Doc ID 5b27930f-f55a-11eb-97f7-00505692583a:638260
Download PDF

Network topology of managed APs

The FortiAP unit can be connected to the FortiGate unit in any of the following ways:

  • Direct connection: The FortiAP unit is directly connected to the FortiGate unit with no switches between them. This configuration is common for locations where the number of FortiAPs matches the number of internal ports available on the FortiGate. In this configuration, the FortiAP unit requests an IP address from the FortiGate unit, enters discovery mode and quickly finds the FortiGate WiFi controller. This configuration is also known as a wirecloset deployment.
Direct connection deployment

  • Switched connection: The FortiAP unit is connected to the FortiGate WiFi controller by an Ethernet switch operating in L2 switching mode or L3 routing mode. There must be a routable path between the FortiAP unit and the FortiGate unit and ports 5246 and 5247 must be open. This configuration is also known as a gateway deployment.
Switched connection deployment

  • Connection over WAN: The FortiGate WiFi controller is off-premises and connected by a VPN tunnel to a local FortiGate. In this method of connectivity, it's best to configure each FortiAP with the static IP address of the WiFi controller. Each FortiAP can be configured with three WiFi controller IP addresses for redundant failover. This configuration is also known as a data center remote management deployment.
Connection-over-WAN deployment

Network topology of managed APs

The FortiAP unit can be connected to the FortiGate unit in any of the following ways:

  • Direct connection: The FortiAP unit is directly connected to the FortiGate unit with no switches between them. This configuration is common for locations where the number of FortiAPs matches the number of internal ports available on the FortiGate. In this configuration, the FortiAP unit requests an IP address from the FortiGate unit, enters discovery mode and quickly finds the FortiGate WiFi controller. This configuration is also known as a wirecloset deployment.
Direct connection deployment

  • Switched connection: The FortiAP unit is connected to the FortiGate WiFi controller by an Ethernet switch operating in L2 switching mode or L3 routing mode. There must be a routable path between the FortiAP unit and the FortiGate unit and ports 5246 and 5247 must be open. This configuration is also known as a gateway deployment.
Switched connection deployment

  • Connection over WAN: The FortiGate WiFi controller is off-premises and connected by a VPN tunnel to a local FortiGate. In this method of connectivity, it's best to configure each FortiAP with the static IP address of the WiFi controller. Each FortiAP can be configured with three WiFi controller IP addresses for redundant failover. This configuration is also known as a data center remote management deployment.
Connection-over-WAN deployment