Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Secure Wireless Concept Guide

    Home FortiAP / FortiWiFi 7.0.0 Secure Wireless Concept Guide
    7.0.0
    7.0.0

    WLAN configurations

    WLAN configurations

    The previous topics have mostly covered the physical layer aspects of Wi-Fi, the wireless equivalent of the number of wires in an Ethernet cable, the correct voltages, etc., but more complex and with more variables. As a networking device, a FortiAP is fundamentally a Layer 2 device with wireless equivalents to switches such as 'virtual ports.' It provides access to the network, hence "Access Point", and usually translates Wi-Fi into Ethernet.

    SSID (Service Set Identifier) is the over-the-air name of the WLAN, so that users can find it and connect to it. Every AP that serves that WLAN will carry an SSID. The FortiOS WiFi Controller simplifies the creation and security integration of an SSID by making it part of configuring an interface on the FortiGate. The DHCP server, firewall address object, routing, and NGFW policies can easily be configured through the same single pane of glass interface.

    BSSID (Basic Service Set Identifier) is best thought of as the AP's Wi-Fi MAC address. The SSID is the same for the entire WLAN, but the BSSID is specific to an AP radio and WLAN. FortiAPs will generate these automatically.

    Traffic modes include the default 'Tunnel', where all traffic is tunneled to the FortiGate via FortiLink. This effectively VLANs all traffic without having to tag or define VLANs on the intervening switch network. Every tunneled WLAN goes to the FortiGate which can then inspect the traffic and route it according to the configured rules.

    Bridge Mode bridges WLAN traffic directly to the AP Ethernet port. Logically, this works like plugging into the switch the AP is plugged into, so that interface must have the necessary DHCP server, etc. configured. This is most commonly used for remote APs and or guest networks where there is reason NOT to send the traffic directly to the FortiGate.

    Mesh Mode enables FortiAPs to use a radio as a back-haul. The client traffic is bridged from one radio, with normal SSIDs available for client connection (usually the 2.4 GHz), to the other radio (usually the 5 GHz). This is useful when it is impractical to run an Ethernet cable but power is available, such as with portable classrooms or temporary structures, or a bridge is otherwise needed to another building.

    Previous
    Next

    WLAN configurations

    WLAN configurations

    The previous topics have mostly covered the physical layer aspects of Wi-Fi, the wireless equivalent of the number of wires in an Ethernet cable, the correct voltages, etc., but more complex and with more variables. As a networking device, a FortiAP is fundamentally a Layer 2 device with wireless equivalents to switches such as 'virtual ports.' It provides access to the network, hence "Access Point", and usually translates Wi-Fi into Ethernet.

    SSID (Service Set Identifier) is the over-the-air name of the WLAN, so that users can find it and connect to it. Every AP that serves that WLAN will carry an SSID. The FortiOS WiFi Controller simplifies the creation and security integration of an SSID by making it part of configuring an interface on the FortiGate. The DHCP server, firewall address object, routing, and NGFW policies can easily be configured through the same single pane of glass interface.

    BSSID (Basic Service Set Identifier) is best thought of as the AP's Wi-Fi MAC address. The SSID is the same for the entire WLAN, but the BSSID is specific to an AP radio and WLAN. FortiAPs will generate these automatically.

    Traffic modes include the default 'Tunnel', where all traffic is tunneled to the FortiGate via FortiLink. This effectively VLANs all traffic without having to tag or define VLANs on the intervening switch network. Every tunneled WLAN goes to the FortiGate which can then inspect the traffic and route it according to the configured rules.

    Bridge Mode bridges WLAN traffic directly to the AP Ethernet port. Logically, this works like plugging into the switch the AP is plugged into, so that interface must have the necessary DHCP server, etc. configured. This is most commonly used for remote APs and or guest networks where there is reason NOT to send the traffic directly to the FortiGate.

    Mesh Mode enables FortiAPs to use a radio as a back-haul. The client traffic is bridged from one radio, with normal SSIDs available for client connection (usually the 2.4 GHz), to the other radio (usually the 5 GHz). This is useful when it is impractical to run an Ethernet cable but power is available, such as with portable classrooms or temporary structures, or a bridge is otherwise needed to another building.

    Previous
    Next