UTM security profile groups on FortiAP-S
This guide provides instructions for simple configuration of security profile groups for FortiAP, including creating security profile groups and selecting profile groups for the SSID.
This feature only works for local bridge SSIDs. |
To configure UTM security profile groups on the FortiWiFi and FortiAP GUI:
- Create a security profile group:
- Go to WiFi & Switch Controller > Security Profile Groups, then click Create New.
- Enter the desired interface name. Configure logging as desired.
- Enable Antivirus, Web Filter, Application, IPS, or Botnet, then select the desired profile.
- Create a local bridge mode SSID and enable security profile groups:
- Go to WiFi & Switch Controller > SSID. Select SSID, then click Create New.
- Enter the desired interface name. For Traffic mode, select Bridge.
- In the SSID field, enter the desired SSID name. Configure security as desired.
- Enable Security Profile Group, then select the group created in step 1.
- Click OK.
- Select the SSID on a managed FortiAP by editing the FortiAP profile. The following configuration is based on a example using a managed FortiAP-320C and a "FAP320C-default" profile that is applied to the FortiAP-320C:
- Go to WiFi & Switch Controller > FortiAP Profile. Select the FAP320C-default profile, then click Edit.
- To broadcast the SSID from 2.4 G radio, scroll to Radio 1 > SSIDs. Select Manual, then click + to create the Fortinet-PSK SSID.
- To broadcast the SSID from 5 G radio, scroll to Radio 2 > SSIDs. Select Manual, then click + to create the Fortinet-PSK SSID.
- Click OK.
To configure UTM security profile groups using the FortiWiFi and FortiAP CLI:
- Create a security profile group:
config wireless-controller utm-profile
edit "wifi-UTM"
set ips-sensor "default"
set application-list "default"
set antivirus-profile "default"
set webfilter-profile "default"
set scan-botnet-connections block
next
end
- Create a local bridge mode SSID and enable security profile groups:
config wireless-controller vap
edit "wifi-vap"
set ssid "SSID-UTM"
set passphrase 12345678
set local-bridging enable
set schedule "always"
set utm-profile "wifi-UTM"
next
end
- Select the SSID on a managed FortiAP by editing the FortiAP profile. The following configuration is based on a example using a managed FortiAP-320C and a "FAP320C-default" profile that is applied to the FortiAP-320C:
config wireless-controller wtp
edit "FP320C3X14000640"
set admin enable
set wtp-profile "FAP320C-default"
next
end
config wireless-controller wtp-profile
edit "FAP320C-default"
config radio-1
set vap-all disable
set vaps "wifi-vap"
end
config radio-2
set vap-all disable
set vaps "wifi-vap"
end
next
end