Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

Wireless network configuration

Copy Link
Copy Doc ID e7542848-cfc4-11eb-97f7-00505692583a:621215
Download PDF

Wireless network configuration

When working with a FortiGate WiFi controller, you can configure your wireless network before you install any access points. If you are working with a standalone FortiWiFi unit, the access point hardware is already present but the configuration is quite similar. Both are covered in this section.

The FortiGate WiFi controller configuration is composed of three types of object: the SSID, the AP Profile and the physical Access Point.

  • An SSID (service set identifier) defines a virtual wireless network interface, including security settings. One SSID is sufficient for a wireless network, regardless how many physical access points are provided. However, you may want to create multiple SSIDs to provide different services or privileges to different groups of users. Each SSID has separate firewall policies and authentication. Each radio in an access point can support up to eight SSIDs.
  • A more common use of the term SSID is for the identifier that clients must use to connect to the wireless network. Each SSID (wireless interface) that you configure will have an SSID field for this identifier. In Managed Access Point configurations, you choose wireless networks by SSID values. In firewall policies, you choose wireless interfaces by their SSID name.

  • An AP Profile defines the radio settings, such as band (802.11n for example) and channel selection. The AP Profile identifies the SSIDs to which it applies. Managed APs can use automatic profile settings or the settings of the AP profiles that you create.
  • Managed Access Points represent local wireless APs on FortiWiFi units and FortiAP units that the FortiGate unit has discovered. There is one managed access point definition for each AP device. An access point definition can use automatic AP profile settings or select a FortiAP Profile. When automatic profile settings are used, the managed AP definition also selects the SSIDs to be carried on the AP.
Conceptual view of FortiGate WiFi controller configuration

SSIDs on FortiWiFi units

FortiWiFi units have a default SSID (wireless interface) named wlan. You can modify or delete this SSID as needed. As with external APs, the built-in wireless AP can be configured to carry any SSID.

The AP settings for the built-in wireless access point are located at WiFi Controller > Local WiFi Radio. The available operational settings are the same as those for external access points which are configured at WiFi Controller > Managed FortiAPs.

Reserved VLAN IDs

The following table lists the VLAN IDs reserved for internal use only. Do not use those VLAN IDs in FAP management VLAN, SSID static VLAN, and dynamically assigned VLAN.

FortiAP model

VLAN ID reserved for internal use

FAP-C24JE

898 and 899

FAP-S221E, FAP-S223E, FAP-221E, FAP-222E, FAP-223E, FAP-224E, and FAP-231E

97 and 98

Wireless network configuration

When working with a FortiGate WiFi controller, you can configure your wireless network before you install any access points. If you are working with a standalone FortiWiFi unit, the access point hardware is already present but the configuration is quite similar. Both are covered in this section.

The FortiGate WiFi controller configuration is composed of three types of object: the SSID, the AP Profile and the physical Access Point.

  • An SSID (service set identifier) defines a virtual wireless network interface, including security settings. One SSID is sufficient for a wireless network, regardless how many physical access points are provided. However, you may want to create multiple SSIDs to provide different services or privileges to different groups of users. Each SSID has separate firewall policies and authentication. Each radio in an access point can support up to eight SSIDs.
  • A more common use of the term SSID is for the identifier that clients must use to connect to the wireless network. Each SSID (wireless interface) that you configure will have an SSID field for this identifier. In Managed Access Point configurations, you choose wireless networks by SSID values. In firewall policies, you choose wireless interfaces by their SSID name.

  • An AP Profile defines the radio settings, such as band (802.11n for example) and channel selection. The AP Profile identifies the SSIDs to which it applies. Managed APs can use automatic profile settings or the settings of the AP profiles that you create.
  • Managed Access Points represent local wireless APs on FortiWiFi units and FortiAP units that the FortiGate unit has discovered. There is one managed access point definition for each AP device. An access point definition can use automatic AP profile settings or select a FortiAP Profile. When automatic profile settings are used, the managed AP definition also selects the SSIDs to be carried on the AP.
Conceptual view of FortiGate WiFi controller configuration

SSIDs on FortiWiFi units

FortiWiFi units have a default SSID (wireless interface) named wlan. You can modify or delete this SSID as needed. As with external APs, the built-in wireless AP can be configured to carry any SSID.

The AP settings for the built-in wireless access point are located at WiFi Controller > Local WiFi Radio. The available operational settings are the same as those for external access points which are configured at WiFi Controller > Managed FortiAPs.

Reserved VLAN IDs

The following table lists the VLAN IDs reserved for internal use only. Do not use those VLAN IDs in FAP management VLAN, SSID static VLAN, and dynamically assigned VLAN.

FortiAP model

VLAN ID reserved for internal use

FAP-C24JE

898 and 899

FAP-S221E, FAP-S223E, FAP-221E, FAP-222E, FAP-223E, FAP-224E, and FAP-231E

97 and 98