Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

Enforcing UTM policies on a local bridge SSID

Copy Link
Copy Doc ID c672b7cf-ea72-11eb-97f7-00505692583a:700107
Download PDF

Enforcing UTM policies on a local bridge SSID

If a bridge mode SSID is configured for a managed FortiAP-S or FortiAP-U, you can add security profiles to the wireless controller configuration that allows you to apply the following security profile features to the traffic over the bridge SSID:

  • AntiVirus
  • Scan Botnets
  • Intrusion Prevention
  • Application Control
  • Web Filter
Configure security profiles - CLI

You can configure security profiles on managed FortiAP-S and FortiAP-U under config wireless-controller vap, after local-bridging and utm-status are set to enable.

To view all available profiles that you can assign, type "?". For example, "set ips-sensor ?".

config wireless-controller vap

edit "utm_ssid1"

set ssid "utm_ssid1"

set local-bridging enable

set utm-status enable

set ips-sensor "wifi-default"

set application-list "wifi-default"

set antivirus-profile "wifi-default"

set webfilter-profile "wifi-default"

set scan-botnet-connections monitor

next

end

Debug configurations

To debug wireless-controller configurations related to security profiles, use the following diagnose command:

diagnose wireless-controller wlac_hlp

Enforcing UTM policies on a local bridge SSID

If a bridge mode SSID is configured for a managed FortiAP-S or FortiAP-U, you can add security profiles to the wireless controller configuration that allows you to apply the following security profile features to the traffic over the bridge SSID:

  • AntiVirus
  • Scan Botnets
  • Intrusion Prevention
  • Application Control
  • Web Filter
Configure security profiles - CLI

You can configure security profiles on managed FortiAP-S and FortiAP-U under config wireless-controller vap, after local-bridging and utm-status are set to enable.

To view all available profiles that you can assign, type "?". For example, "set ips-sensor ?".

config wireless-controller vap

edit "utm_ssid1"

set ssid "utm_ssid1"

set local-bridging enable

set utm-status enable

set ips-sensor "wifi-default"

set application-list "wifi-default"

set antivirus-profile "wifi-default"

set webfilter-profile "wifi-default"

set scan-botnet-connections monitor

next

end

Debug configurations

To debug wireless-controller configurations related to security profiles, use the following diagnose command:

diagnose wireless-controller wlac_hlp