Fortinet black logo

Introduction

7.0.0
Copy Link
Copy Doc ID 9ed9e505-8872-11ec-9fd1-fa163e15d75b:820663
Download PDF

Introduction

Executive Summary

This document is intended to provide an architectural overview for campus WLANs using Fortinet Wi-Fi gear. Specifically, FortiAPs that are centrally managed on-site by a pair of FortiGate Integrated WLAN Controllers in High Availability (HA) with most, if not all, Wi-Fi traffic tunneled into the FortiGate HA pair. As one would expect from Fortinet, this architecture lends itself to maximize security of the WLAN, but is nevertheless simple and highly adaptable.

"Campus" covers a wide range of networks and locations, from multiple floors in an office tower to a university campus of a couple hundred acres. However, our recommended architecture remains the same for this wide range. In general, a single location that needs anything from dozens to about 4000 APs, with 100 to 100,000 devices will fit this campus model.

The Fortinet Campus WLAN architecture

  • Main Internet NGFW Gateway

  • FortiGate Integrated WLAN Controllers in HA mode

  • Campus switch network

    • Campus Access/AP switches with PoE

  • FortiAP controller discovery and authorization

  • Possible Mesh AP backhaul

  • Security isolation oriented SSIDs for

    • Corp users

    • Guest users

    • IoT devices

    • FortiLink NAC/onboarding

  • Inspection policies at the controller(s)

Intended Audience

This guide is intended for an audience who is interested in learning about Fortinet's Campus Wireless LAN Architectures. Readers should have a basic understanding of networking, wireless and security concepts before they begin. Interested audience may include:

  • Network, Wireless and Security architects

  • Network, Wireless and Security engineers

About this guide

After reading the Fortinet Secure Wireless LANs Concept Guide, readers should have a basic understanding of the concepts and terminologies behind the Fortinet Wireless infrastructure. This guide explores further the design of a Wireless LAN within the scope of a Campus network. Learn about the role of the FortiGate integrated Wi-Fi controller, and the logical and physical placement of the controller. Furthermore, learn about AP placement and channel planning to achieve optimal performance. Also take a deeper dive into the details of the control plane, and how to launch and secure your SSIDs with proper user management and security.

Note

You should use this guide to gather ideas for designing your wireless solution. After completing this Architecture guide, you may move on to the Fortinet Campus WLAN Deployment Guide for actual steps in deploying a specific design scenario.

Introduction

Executive Summary

This document is intended to provide an architectural overview for campus WLANs using Fortinet Wi-Fi gear. Specifically, FortiAPs that are centrally managed on-site by a pair of FortiGate Integrated WLAN Controllers in High Availability (HA) with most, if not all, Wi-Fi traffic tunneled into the FortiGate HA pair. As one would expect from Fortinet, this architecture lends itself to maximize security of the WLAN, but is nevertheless simple and highly adaptable.

"Campus" covers a wide range of networks and locations, from multiple floors in an office tower to a university campus of a couple hundred acres. However, our recommended architecture remains the same for this wide range. In general, a single location that needs anything from dozens to about 4000 APs, with 100 to 100,000 devices will fit this campus model.

The Fortinet Campus WLAN architecture

  • Main Internet NGFW Gateway

  • FortiGate Integrated WLAN Controllers in HA mode

  • Campus switch network

    • Campus Access/AP switches with PoE

  • FortiAP controller discovery and authorization

  • Possible Mesh AP backhaul

  • Security isolation oriented SSIDs for

    • Corp users

    • Guest users

    • IoT devices

    • FortiLink NAC/onboarding

  • Inspection policies at the controller(s)

Intended Audience

This guide is intended for an audience who is interested in learning about Fortinet's Campus Wireless LAN Architectures. Readers should have a basic understanding of networking, wireless and security concepts before they begin. Interested audience may include:

  • Network, Wireless and Security architects

  • Network, Wireless and Security engineers

About this guide

After reading the Fortinet Secure Wireless LANs Concept Guide, readers should have a basic understanding of the concepts and terminologies behind the Fortinet Wireless infrastructure. This guide explores further the design of a Wireless LAN within the scope of a Campus network. Learn about the role of the FortiGate integrated Wi-Fi controller, and the logical and physical placement of the controller. Furthermore, learn about AP placement and channel planning to achieve optimal performance. Also take a deeper dive into the details of the control plane, and how to launch and secure your SSIDs with proper user management and security.

Note

You should use this guide to gather ideas for designing your wireless solution. After completing this Architecture guide, you may move on to the Fortinet Campus WLAN Deployment Guide for actual steps in deploying a specific design scenario.