Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • FortiWiFi and FortiAP Configuration Guide

    Home FortiAP / FortiWiFi 7.4.5 FortiWiFi and FortiAP Configuration Guide
    7.4.5
    7.6.0
    7.4.5
    7.4.4
    7.4.2
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.1
    7.2.0
    7.0.4
    7.0.2
    7.0.1
    7.0.0
    6.4.6
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.2
    6.2.0
    6.0.5
    6.0.4
    6.0.3
    5.6.4
    5.4.3

    Tunnel mode SSID IPv6 traffic

    Tunnel mode SSID IPv6 traffic

    In the following example, FortiAP S221E is managed by FortiGate 100D and broadcasts tunnel mode SSID:FOS_QA_100D-IPv6.

    To configure a WiFi client accessing IPv6 tunnel mode traffic:
    1. In FortiOS, create a tunnel mode VAP:
      config wireless-controller vap
    edit "wifi4"
        set ssid "FOS_QA_100D-IPv6"
        set passphrase ********
        set schedule "always"
    next
end
    2. Create an IPv6 address for the VAP with DHCP enabled:
      config system interface
    edit "wifi4"
        set vdom "vdom1"
        set ip 10.40.80.1 255.255.255.0
        set allowaccess ping https http
        set type vap-switch
        set alias "vdom1:"
        set device-identification enable
        set role lan
        set snmp-index 36
        config ipv6
            set ip6-address 2001:10:40:80::1/64
            set ip6-allowaccess ping https http
            set ip6-send-adv enable
            set ip6-manage-flag enable
            set ip6-other-flag enable
        end
    next
end
      config system dhcp6 server
    edit 1
        set subnet 2001:10:40:80::/64
        set interface "wifi4"
        config ip-range
            edit 1
                set start-ip 2001:10:40:80::1000
                set end-ip 2001:10:40:80::1100
            next
        end
    next
end
    3. Create an IPv6 policy from the VAP to WAN1:
      config firewall policy6
    edit 1
        set name "ipv6"
        set srcintf "wifi4"
        set dstintf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set logtraffic all
        set nat enable
    next
end
    4. Verify the IPv6 address in the station list:
      1. In the FortiGate CLI:
        # diagnose wireless-controller wlac -d sta online
   vf=4 wtp=3 rId=1 wlan=wifi4 vlan_id=0 ip=10.40.80.2 ip6=2001:10:40:80::1000 mac=b4:ae:2b:cb:d1:72 vci=MSFT 5.0 host=DESKTOP-DO33HQP user= group= signal=-29 noise=-93 idle=1 bw=48 use=5 chan=6 radio_type=11N security=wpa2_only_personal mpsk=default encrypt=aes cp_authed=no online=yes mimo=2
                ip6=fe80::c5c5:6c09:8021:d2d0,88, *2001:10:40:80::1000,8,
      2. In the FortiAP CLI:
        FortiAP-S221E # sta
wlan00 (FOS_QA_100D-IPv6) client count 1
    MAC:b4:ae:2b:cb:d1:72 ip:10.40.80.2 ip_proto:dhcp ip_age:84 host:DESKTOP-DO33HQP vci:MSFT 5.0
                          ip6:fe80::c5c5:6c09:8021:d2d0 ip6_proto:arp ip6_age:2 ip6_rx:101
                          ip6:2001:10:40:80::1000 ip6_proto:dhcp ip6_age:82 ip6_rx:20
        vlanid:0 Auth:Yes channel:6 rate:130Mbps rssi:65dB idle:0s
        Rx bytes:256951 Tx bytes:53947 Rx rate:130Mbps Tx rate:130Mbps Rx last:0s Tx last:0s
        AssocID:1 Mode:  Normal Flags:f PauseCnt:0
        KEY type=aes_ccm pad=0 keyix=65535 keylen=16 flags=3(xmit recv) RSC=0 TSC=0
            e7 6f 05 ce   06 e1 4a 9b   3a d4 4f 43   1f 57 bb 49
            00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
            00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
        KEY type=aes_ccm pad=0 keyix=1 keylen=16 flags=83(xmit recv dflt) RSC=0 TSC=0
            01 47 6f 21   9b ac 73 4b   7c ae 07 66   7e 5a c6 7e
            00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
            00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
FortiAP-S221E #

FortiAP-S221E # usta

WTP daemon STA info:

  1/1   b4:ae:2b:cb:d1:72 00:00:00:00:00:00 vId=0    type=wl----sta,  vap=wlan00,FOS_QA_100D-IPv6(0) mpsk=default  ip=10.40.80.2/1  host=DESKTOP-DO33HQP vci=MSFT 5.0 os=Windows
                          ip6=fe80::c5c5:6c09:8021:d2d0/2 rx=101
                          ip6=2001:10:40:80::1000/1 rx=21
                          replycount=0000000000000002

Total STAs: 1

      3. In the FortiOS GUI, go to WiFi and Switch Controller > WiFi Clients. The address is displayed in the IPv6 Global Unicast Address and IPv6 Unique Local Address columns.

    Previous
    Next

    Tunnel mode SSID IPv6 traffic

    Tunnel mode SSID IPv6 traffic

    In the following example, FortiAP S221E is managed by FortiGate 100D and broadcasts tunnel mode SSID:FOS_QA_100D-IPv6.

    To configure a WiFi client accessing IPv6 tunnel mode traffic:
    1. In FortiOS, create a tunnel mode VAP:
      config wireless-controller vap
    edit "wifi4"
        set ssid "FOS_QA_100D-IPv6"
        set passphrase ********
        set schedule "always"
    next
end
    2. Create an IPv6 address for the VAP with DHCP enabled:
      config system interface
    edit "wifi4"
        set vdom "vdom1"
        set ip 10.40.80.1 255.255.255.0
        set allowaccess ping https http
        set type vap-switch
        set alias "vdom1:"
        set device-identification enable
        set role lan
        set snmp-index 36
        config ipv6
            set ip6-address 2001:10:40:80::1/64
            set ip6-allowaccess ping https http
            set ip6-send-adv enable
            set ip6-manage-flag enable
            set ip6-other-flag enable
        end
    next
end
      config system dhcp6 server
    edit 1
        set subnet 2001:10:40:80::/64
        set interface "wifi4"
        config ip-range
            edit 1
                set start-ip 2001:10:40:80::1000
                set end-ip 2001:10:40:80::1100
            next
        end
    next
end
    3. Create an IPv6 policy from the VAP to WAN1:
      config firewall policy6
    edit 1
        set name "ipv6"
        set srcintf "wifi4"
        set dstintf "wan1"
        set srcaddr "all"
        set dstaddr "all"
        set action accept
        set schedule "always"
        set service "ALL"
        set logtraffic all
        set nat enable
    next
end
    4. Verify the IPv6 address in the station list:
      1. In the FortiGate CLI:
        # diagnose wireless-controller wlac -d sta online
   vf=4 wtp=3 rId=1 wlan=wifi4 vlan_id=0 ip=10.40.80.2 ip6=2001:10:40:80::1000 mac=b4:ae:2b:cb:d1:72 vci=MSFT 5.0 host=DESKTOP-DO33HQP user= group= signal=-29 noise=-93 idle=1 bw=48 use=5 chan=6 radio_type=11N security=wpa2_only_personal mpsk=default encrypt=aes cp_authed=no online=yes mimo=2
                ip6=fe80::c5c5:6c09:8021:d2d0,88, *2001:10:40:80::1000,8,
      2. In the FortiAP CLI:
        FortiAP-S221E # sta
wlan00 (FOS_QA_100D-IPv6) client count 1
    MAC:b4:ae:2b:cb:d1:72 ip:10.40.80.2 ip_proto:dhcp ip_age:84 host:DESKTOP-DO33HQP vci:MSFT 5.0
                          ip6:fe80::c5c5:6c09:8021:d2d0 ip6_proto:arp ip6_age:2 ip6_rx:101
                          ip6:2001:10:40:80::1000 ip6_proto:dhcp ip6_age:82 ip6_rx:20
        vlanid:0 Auth:Yes channel:6 rate:130Mbps rssi:65dB idle:0s
        Rx bytes:256951 Tx bytes:53947 Rx rate:130Mbps Tx rate:130Mbps Rx last:0s Tx last:0s
        AssocID:1 Mode:  Normal Flags:f PauseCnt:0
        KEY type=aes_ccm pad=0 keyix=65535 keylen=16 flags=3(xmit recv) RSC=0 TSC=0
            e7 6f 05 ce   06 e1 4a 9b   3a d4 4f 43   1f 57 bb 49
            00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
            00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
        KEY type=aes_ccm pad=0 keyix=1 keylen=16 flags=83(xmit recv dflt) RSC=0 TSC=0
            01 47 6f 21   9b ac 73 4b   7c ae 07 66   7e 5a c6 7e
            00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
            00 00 00 00   00 00 00 00   00 00 00 00   00 00 00 00
FortiAP-S221E #

FortiAP-S221E # usta

WTP daemon STA info:

  1/1   b4:ae:2b:cb:d1:72 00:00:00:00:00:00 vId=0    type=wl----sta,  vap=wlan00,FOS_QA_100D-IPv6(0) mpsk=default  ip=10.40.80.2/1  host=DESKTOP-DO33HQP vci=MSFT 5.0 os=Windows
                          ip6=fe80::c5c5:6c09:8021:d2d0/2 rx=101
                          ip6=2001:10:40:80::1000/1 rx=21
                          replycount=0000000000000002

Total STAs: 1

      3. In the FortiOS GUI, go to WiFi and Switch Controller > WiFi Clients. The address is displayed in the IPv6 Global Unicast Address and IPv6 Unique Local Address columns.

    Previous
    Next