Configuring FortiPresence
You can configure FortiPresence to process and analyze the results of your location tracking. For comprehensive instructions on configuring FortiPresence, see the FortiPresence Administration Guide.
Once you've set up FortiPresence, you can enable it on a FortiAP profile to apply your settings to your APs.
To apply FortiPresence settings to a FortiAP
- From the FortiGate GUI navigate to WiFi and Switch Controller > FortiAP Profiles.
- Select the FortiAP profile you want to configure FortiPresence for.
-
Locate the FortiPresence section and select which mode you want t use to enable the service.
- Foreign Channels Only: AP will only listen to clients on foreign channels when doing background scan. It will not listen to clients associated to other APs running on its home (or operating) channel to preserve associated clients traffic.
- Foreign and Home Channels: AP will also listen to connected clients associated to other APs on its home channel. This is useful for FortiPresence, but can negatively impact AP performance when AP is serving clients.
- Enter the Project name and Password from FortiPresence (Use the Project Name and Project Secret Key from the FortiPresence GUI Admin > Settings > Discovered APs).
- Enter the FortiPresence server IP and FortiPresence server port from FortiPresence (Location Server IP and Port are displayed in the FortiPresence GUI Admin > Settings > Discovered APs).
- When you are finished, click OK.
FortiPresence push REST API
To configure FortiGate to push information to the FortiPresence server, enter the following commands:
config wireless-controller wtp-profile
edit "FP223B-GuestWiFi"
config lbs
set fortipresence {disable | foreign | both}
set fortipresence-server-addr-type {ipv4 | fqdn}
set fortipresence-port <port>
set fortipresence-secret <password> Password to be obtained from FortiPresence UI
set fortipresence-project <name> Name to be obtained from FortiPresence UI
set fortipresence-frequency <5-65535> Default is 30.
set fortipresence-rogue {enable | disable} Enable/disable reporting of Rogue APs.
set fortipresence-unassoc {enable | disable} Enable/disable reporting of unassociated devices.
set station-locate enable
end
end
Configuring FortiPresence server IP
When defining the FortiPresence server for location based services, the server address can be configured as an IPV4 address or as a FQDN. Using FQDN means that the wireless controller configuration does not need to be changed when the FortiPresence server IP address changes, it can keep the same domain name.
To configure FortiPresence server as IPV4
config wireless-controller wtp-profile
edit "FAP431F-default"
config lbs
set fortipresence foreign
set fortipresence-server-addr-type ipv4
set fortipresence-server "34.245.252.61" (FortiPresence location server IP)
set fortipresence-port 4013
end
next
end
Debug configurations
From the FortiGate CLI:
diag sniffer packet <port> "host 34.245.252.61 and port 4013" 6 0 a
From the FortiAP CLI:
cw_diag -c fortipresence - show scanned fortipresence data from kernel
diag_sniffer br0 'host 34.245.252.61'
To configure FortiPresence server as FQDN
config wireless-controller wtp-profile
edit "FAP431F-default"
config lbs
set fortipresence foreign
set fortipresence-server-addr-type fqdn
set fortipresence-server-fqdn "test.fortipresence.com"
set fortipresence-port 10443
end
next
end
To verify that FortiAP receives the FortiPresence server domain name and resolves the IP address
FortiAP-431F # wcfg WTP Configuration name : FortiAP-431F ... fsm-state : RUN 75 wtp-ip-addr : 10.19.20.20:5246 - 10.19.20.20:53582 ac-ip-addr : 172.18.56.42:5246 - 172.18.56.42:5247 STATIC ... fortipresence : foreign, ble enabled, rogue disabled, unassoc_sta enabled, freq 30 server 0172.16.200.133(test.fortipresence.com):10443 secret csum [0xc6a7] project [fortipresence] LAN mode : WAN LAN, ESL ...