Fortinet black logo

Campus WLAN Deployment Guide

Home FortiAP / FortiWiFi 7.0.0 Campus WLAN Deployment Guide
7.0.0
7.0.0

Introduction

Introduction

Executive Summary

This deployment guide is intended to cover the key configuration needs for Fortinet Wi-Fi deployments for large single sites supporting up to 10,000 or more end users with multiple devices per user. A site of that size would require a WLAN of up to several thousand FortiAPs. The site could be a multi-building campus, a large single building, or multiple floors in a single building, but is assumed to be connected with a unified switched LAN. Although Fortinet Switches are an excellent choice and there are advantages to an all Fortinet Network, this guide is written with a generic and already deployed switch LAN in mind.

One of the great strengths of Fortinet's Security Driven Networking architecture is that Fortinet Wi-Fi is easily added on top of an existing LAN, with the wireless traffic specifically secured in a targeted fashion. APs can be added anywhere with minimal configuration of the WLAN, and tunnel all traffic a high-availability pair of FortiGates in the role of Wi-Fi Controllers. From there, a full security stack inspection can be applied before the traffic is routed to the final destination.

See the Campus WLAN Architecture Guide for more details.

All FortiGates include a full WiFi & Switch Controller as part of FortiOS. There is no additional licensing required, either for the WiFi Controller itself, or for the number of FortiAPs it can manage. The number of FortiAPs manageable is only limited by the hardware capacity of the FortiGate model. Refer to the FortiGate Data Sheet(s) to confirm the AP capacity of each FortiGate model.

Two FortiGate WiFi Controllers should be deployed in active-passive mode to the switched LAN, typically at the services aggregation layer. The intent is for AP control traffic to route and terminate to the controllers, while data will be tunneled to the controller(s), inspected and then distributed.

Intended Audience

This guide is intended for an audience who is interested in deploying a Fortinet WLAN solution for a campus environment. Readers should have a basic understanding of networking, wireless and security concepts before they begin. Interested audience may include:

  • Network, Wireless and Security architects

  • Network, Wireless and Security engineers

About this guide

After reading the Campus WLAN Architecture Guide, readers should have an understanding of the components, features and design that is offered by Fortinet's Wireless solution. Readers should evaluate their environment to determine whether this architecture and design is suitable for them before proceeding.

This deployment guide presents one of possibly many ways to deploy the solution. It may also omit specific steps where readers must make design decisions to further configure their devices. We recommended that readers review supplementary material found in product administration guides, example guides, cookbooks, release notes, and other documents where appropriate.

Previous
Next

Introduction

Executive Summary

This deployment guide is intended to cover the key configuration needs for Fortinet Wi-Fi deployments for large single sites supporting up to 10,000 or more end users with multiple devices per user. A site of that size would require a WLAN of up to several thousand FortiAPs. The site could be a multi-building campus, a large single building, or multiple floors in a single building, but is assumed to be connected with a unified switched LAN. Although Fortinet Switches are an excellent choice and there are advantages to an all Fortinet Network, this guide is written with a generic and already deployed switch LAN in mind.

One of the great strengths of Fortinet's Security Driven Networking architecture is that Fortinet Wi-Fi is easily added on top of an existing LAN, with the wireless traffic specifically secured in a targeted fashion. APs can be added anywhere with minimal configuration of the WLAN, and tunnel all traffic a high-availability pair of FortiGates in the role of Wi-Fi Controllers. From there, a full security stack inspection can be applied before the traffic is routed to the final destination.

See the Campus WLAN Architecture Guide for more details.

All FortiGates include a full WiFi & Switch Controller as part of FortiOS. There is no additional licensing required, either for the WiFi Controller itself, or for the number of FortiAPs it can manage. The number of FortiAPs manageable is only limited by the hardware capacity of the FortiGate model. Refer to the FortiGate Data Sheet(s) to confirm the AP capacity of each FortiGate model.

Two FortiGate WiFi Controllers should be deployed in active-passive mode to the switched LAN, typically at the services aggregation layer. The intent is for AP control traffic to route and terminate to the controllers, while data will be tunneled to the controller(s), inspected and then distributed.

Intended Audience

This guide is intended for an audience who is interested in deploying a Fortinet WLAN solution for a campus environment. Readers should have a basic understanding of networking, wireless and security concepts before they begin. Interested audience may include:

  • Network, Wireless and Security architects

  • Network, Wireless and Security engineers

About this guide

After reading the Campus WLAN Architecture Guide, readers should have an understanding of the components, features and design that is offered by Fortinet's Wireless solution. Readers should evaluate their environment to determine whether this architecture and design is suitable for them before proceeding.

This deployment guide presents one of possibly many ways to deploy the solution. It may also omit specific steps where readers must make design decisions to further configure their devices. We recommended that readers review supplementary material found in product administration guides, example guides, cookbooks, release notes, and other documents where appropriate.

Previous
Next