Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

FortiWiFi and FortiAP Configuration Guide

Configuring FortiPresence

You can configure FortiPresence to process and analyze the results of your location tracking. For comprehensive instructions on configuring FortiPresence, see the FortiPresence Administration Guide.

Once you've set up FortiPresence, you can enable it on a FortiAP profile to apply your settings to your APs.

To apply FortiPresence settings to a FortiAP
  1. From the FortiGate GUI navigate to WiFi and Switch Controller > FortiAP Profiles.
  2. Select the FortiAP profile you want to configure FortiPresence for.
  3. Locate the FortiPresence section and select which mode you want t use to enable the service.

    • Foreign Channels Only: AP will only listen to clients on foreign channels when doing background scan. It will not listen to clients associated to other APs running on its home (or operating) channel to preserve associated clients traffic.
    • Foreign and Home Channels: AP will also listen to connected clients associated to other APs on its home channel. This is useful for FortiPresence, but can negatively impact AP performance when AP is serving clients.
  4. Enter the Project name and Password from FortiPresence (Use the Project Name and Project Secret Key from the FortiPresence GUI Admin > Settings > Discovered APs).
  5. Enter the FortiPresence server IP and FortiPresence server port from FortiPresence (Location Server IP and Port are displayed in the FortiPresence GUI Admin > Settings > Discovered APs).
  6. When you are finished, click OK.

FortiPresence push REST API

To configure FortiGate to push information to the FortiPresence server, enter the following commands:

config wireless-controller wtp-profile

edit "FP223B-GuestWiFi"

config lbs

set fortipresence {disable | foreign | both}

set fortipresence-server-addr-type {ipv4 | fqdn}

set fortipresence-port <port>

set fortipresence-secret <password> Password to be obtained from FortiPresence UI

set fortipresence-project <name> Name to be obtained from FortiPresence UI

set fortipresence-frequency <5-65535> Default is 30.

set fortipresence-rogue {enable | disable} Enable/disable reporting of Rogue APs.

set fortipresence-unassoc {enable | disable} Enable/disable reporting of unassociated devices.

set station-locate enable

end

end

Configuring FortiPresence server IP

When defining the FortiPresence server for location based services, the server address can be configured as an IPV4 address or as a FQDN. Using FQDN means that the wireless controller configuration does not need to be changed when the FortiPresence server IP address changes, it can keep the same domain name.

To configure FortiPresence server as IPV4

config wireless-controller wtp-profile

edit "FAP431F-default"

config lbs

set fortipresence foreign

set fortipresence-server-addr-type ipv4

set fortipresence-server "34.245.252.61" (FortiPresence location server IP)

set fortipresence-port 4013

end

next

end

Debug configurations

From the FortiGate CLI:

diag sniffer packet <port> "host 34.245.252.61 and port 4013" 6 0 a

From the FortiAP CLI:

cw_diag -c fortipresence - show scanned fortipresence data from kernel

diag_sniffer br0 'host 34.245.252.61'

To configure FortiPresence server as FQDN

config wireless-controller wtp-profile

edit "FAP431F-default"

config lbs

set fortipresence foreign

set fortipresence-server-addr-type fqdn

set fortipresence-server-fqdn "test.fortipresence.com"

set fortipresence-port 10443

end

next

end

To verify that FortiAP receives the FortiPresence server domain name and resolves the IP address
FortiAP-431F # wcfg
WTP Configuration
	name                : FortiAP-431F
	...
	fsm-state           : RUN 75
	wtp-ip-addr         : 10.19.20.20:5246 - 10.19.20.20:53582
	ac-ip-addr          : 172.18.56.42:5246 - 172.18.56.42:5247        STATIC
	...
	fortipresence       : foreign, ble enabled, rogue disabled, unassoc_sta enabled, freq 30
		  	      server 0172.16.200.133(test.fortipresence.com):10443 secret csum [0xc6a7] project [fortipresence]
	LAN mode            : WAN LAN, ESL
	...

Configuring FortiPresence

You can configure FortiPresence to process and analyze the results of your location tracking. For comprehensive instructions on configuring FortiPresence, see the FortiPresence Administration Guide.

Once you've set up FortiPresence, you can enable it on a FortiAP profile to apply your settings to your APs.

To apply FortiPresence settings to a FortiAP
  1. From the FortiGate GUI navigate to WiFi and Switch Controller > FortiAP Profiles.
  2. Select the FortiAP profile you want to configure FortiPresence for.
  3. Locate the FortiPresence section and select which mode you want t use to enable the service.

    • Foreign Channels Only: AP will only listen to clients on foreign channels when doing background scan. It will not listen to clients associated to other APs running on its home (or operating) channel to preserve associated clients traffic.
    • Foreign and Home Channels: AP will also listen to connected clients associated to other APs on its home channel. This is useful for FortiPresence, but can negatively impact AP performance when AP is serving clients.
  4. Enter the Project name and Password from FortiPresence (Use the Project Name and Project Secret Key from the FortiPresence GUI Admin > Settings > Discovered APs).
  5. Enter the FortiPresence server IP and FortiPresence server port from FortiPresence (Location Server IP and Port are displayed in the FortiPresence GUI Admin > Settings > Discovered APs).
  6. When you are finished, click OK.

FortiPresence push REST API

To configure FortiGate to push information to the FortiPresence server, enter the following commands:

config wireless-controller wtp-profile

edit "FP223B-GuestWiFi"

config lbs

set fortipresence {disable | foreign | both}

set fortipresence-server-addr-type {ipv4 | fqdn}

set fortipresence-port <port>

set fortipresence-secret <password> Password to be obtained from FortiPresence UI

set fortipresence-project <name> Name to be obtained from FortiPresence UI

set fortipresence-frequency <5-65535> Default is 30.

set fortipresence-rogue {enable | disable} Enable/disable reporting of Rogue APs.

set fortipresence-unassoc {enable | disable} Enable/disable reporting of unassociated devices.

set station-locate enable

end

end

Configuring FortiPresence server IP

When defining the FortiPresence server for location based services, the server address can be configured as an IPV4 address or as a FQDN. Using FQDN means that the wireless controller configuration does not need to be changed when the FortiPresence server IP address changes, it can keep the same domain name.

To configure FortiPresence server as IPV4

config wireless-controller wtp-profile

edit "FAP431F-default"

config lbs

set fortipresence foreign

set fortipresence-server-addr-type ipv4

set fortipresence-server "34.245.252.61" (FortiPresence location server IP)

set fortipresence-port 4013

end

next

end

Debug configurations

From the FortiGate CLI:

diag sniffer packet <port> "host 34.245.252.61 and port 4013" 6 0 a

From the FortiAP CLI:

cw_diag -c fortipresence - show scanned fortipresence data from kernel

diag_sniffer br0 'host 34.245.252.61'

To configure FortiPresence server as FQDN

config wireless-controller wtp-profile

edit "FAP431F-default"

config lbs

set fortipresence foreign

set fortipresence-server-addr-type fqdn

set fortipresence-server-fqdn "test.fortipresence.com"

set fortipresence-port 10443

end

next

end

To verify that FortiAP receives the FortiPresence server domain name and resolves the IP address
FortiAP-431F # wcfg
WTP Configuration
	name                : FortiAP-431F
	...
	fsm-state           : RUN 75
	wtp-ip-addr         : 10.19.20.20:5246 - 10.19.20.20:53582
	ac-ip-addr          : 172.18.56.42:5246 - 172.18.56.42:5247        STATIC
	...
	fortipresence       : foreign, ble enabled, rogue disabled, unassoc_sta enabled, freq 30
		  	      server 0172.16.200.133(test.fortipresence.com):10443 secret csum [0xc6a7] project [fortipresence]
	LAN mode            : WAN LAN, ESL
	...