Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

Home FortiAP / FortiWiFi 7.4.2 FortiWiFi and FortiAP Configuration Guide
7.4.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.1
7.2.0
7.0.4
7.0.2
7.0.1
7.0.0
6.4.6
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.2
6.2.0
6.0.5
6.0.4
6.0.3
5.6.4
5.4.3

Protection Profiles Entry

Protection Profiles Entry

When you enable Advanced Wireless Features, WIDS Profiles is renamed to Protection Profiles and contains additional tabs that enable you to manage L3 Firewall Profiles.

WIDS Profiles

After you click Protection Profiles, the WIDS Profiles tab loads by default. From there you can create or edit WIDS profiles to configure the type of security threats you want to monitor.

L3 Firewall Profile

In the L3 Firewall Profiles tab, you can create or edit L3 Firewall Profiles to configure the WiFi bridge access control list.

Click Create new to create a L3 Firewall profile.

From there, you can create IPv4 or IPv6 rule lists to allow or deny traffic that matches the configured policy.

These fields correspond to the following CLI settings:

L3 Firewall Profiles > New/Edit L3 Firewall Profile

 
config wireless-controller access-control-list

Name

 
  edit <name>

Comment

 
    set comment {string}

IPv4 rule list > New/Edit IPv4 Rule

 
    config layer3-ipv4-rules

ID

 
      edit <rule-id>

Comment

 
        set comment {string}

Source address

 
        set srcaddr {user}

Source port

 
        set srcport {integer}

Destination address

 
        set dstaddr {user}

Destination port

 
        set dstport {integer}

IANA protocol number

 
        set protocol {integer}

Action

 
        set action [allow|deny]

IPv6 rule list > New/Edit IPv6 Rule

 
    config layer3-ipv6-rules

ID

 
      edit <rule-id>

Comment

 
        set comment {string}

Source address

 
        set srcaddr {user}

Source port

 
        set srcport {integer}

Destination address

 
        set dstaddr {user}

Destination port

 
        set dstport {integer}

IANA protocol number

 
        set protocol {integer}

Action

 
        set action [allow|deny]
Previous
Next

Protection Profiles Entry

When you enable Advanced Wireless Features, WIDS Profiles is renamed to Protection Profiles and contains additional tabs that enable you to manage L3 Firewall Profiles.

WIDS Profiles

After you click Protection Profiles, the WIDS Profiles tab loads by default. From there you can create or edit WIDS profiles to configure the type of security threats you want to monitor.

L3 Firewall Profile

In the L3 Firewall Profiles tab, you can create or edit L3 Firewall Profiles to configure the WiFi bridge access control list.

Click Create new to create a L3 Firewall profile.

From there, you can create IPv4 or IPv6 rule lists to allow or deny traffic that matches the configured policy.

These fields correspond to the following CLI settings:

L3 Firewall Profiles > New/Edit L3 Firewall Profile

 
config wireless-controller access-control-list

Name

 
  edit <name>

Comment

 
    set comment {string}

IPv4 rule list > New/Edit IPv4 Rule

 
    config layer3-ipv4-rules

ID

 
      edit <rule-id>

Comment

 
        set comment {string}

Source address

 
        set srcaddr {user}

Source port

 
        set srcport {integer}

Destination address

 
        set dstaddr {user}

Destination port

 
        set dstport {integer}

IANA protocol number

 
        set protocol {integer}

Action

 
        set action [allow|deny]

IPv6 rule list > New/Edit IPv6 Rule

 
    config layer3-ipv6-rules

ID

 
      edit <rule-id>

Comment

 
        set comment {string}

Source address

 
        set srcaddr {user}

Source port

 
        set srcport {integer}

Destination address

 
        set dstaddr {user}

Destination port

 
        set dstport {integer}

IANA protocol number

 
        set protocol {integer}

Action

 
        set action [allow|deny]
Previous
Next