Fortinet Document Library

Version:


Table of Contents

New Features

7.0.0
Download PDF
Copy Link

Disable console access on managed FortiAP devices 7.0.1

Serial console access on managed FortiAP devices can be disabled in FortiOS by disabling console login in the WTP profile that is applied to the FortiAP. By default, console login in enabled in WTP profiles.

config wireless-controller wtp-profile
    edit <profile>
        set console-login {enable | disable}
    next
end

When the console access is changed, the managed FortiAPs are rebooted.

Example

In this example, a FortiWiFi 60F is managing a FortiAP 433F. A WTP profile with console login disabled is applied to the FortiAP.

To configure the WTP profile and apply it to the FortiAP:
  1. Configure a WTP profile:

    config wireless-controller wtp-profile
        edit "FAP433F-default"
            config platform
                set type 433F
                set ddscan enable
            end
            set handoff-sta-thresh 55
            set allowaccess https ssh snmp
            config radio-1
                set band 802.11ax,n,g-only
            end
            config radio-2
                set band 802.11ax-5G
            end
            config radio-3
                set mode monitor
            end
        next
    end
    
  2. Configure the FortiAP to use the profile:

    config wireless-controller wtp
        edit "FP433FTF21000000"
            set admin enable
            set wtp-profile "FAP433F-default"
            config radio-1
            end
            config radio-2
            end
        next
    end
  3. On the FortiAP, confirm that console login is enabled:

    FortiAP-433F # wcfg | grep console-login
        console-login        : enabled
  4. Disable console login in the WTP profile:

    config wireless-controller wtp-profile 
        edit FAP433F-default 
            set console-login disable 
    WARNING: changing console-login will reboot managed APs.
        next
    end

    The managed FortiAPs are rebooted.

  5. Log in to the FortiAP with the SSH connection and confirm that console login is disabled:

    FortiAP-433F # wcfg | grep console-login
        console-login        : disabled

Disable console access on managed FortiAP devices 7.0.1

Serial console access on managed FortiAP devices can be disabled in FortiOS by disabling console login in the WTP profile that is applied to the FortiAP. By default, console login in enabled in WTP profiles.

config wireless-controller wtp-profile
    edit <profile>
        set console-login {enable | disable}
    next
end

When the console access is changed, the managed FortiAPs are rebooted.

Example

In this example, a FortiWiFi 60F is managing a FortiAP 433F. A WTP profile with console login disabled is applied to the FortiAP.

To configure the WTP profile and apply it to the FortiAP:
  1. Configure a WTP profile:

    config wireless-controller wtp-profile
        edit "FAP433F-default"
            config platform
                set type 433F
                set ddscan enable
            end
            set handoff-sta-thresh 55
            set allowaccess https ssh snmp
            config radio-1
                set band 802.11ax,n,g-only
            end
            config radio-2
                set band 802.11ax-5G
            end
            config radio-3
                set mode monitor
            end
        next
    end
    
  2. Configure the FortiAP to use the profile:

    config wireless-controller wtp
        edit "FP433FTF21000000"
            set admin enable
            set wtp-profile "FAP433F-default"
            config radio-1
            end
            config radio-2
            end
        next
    end
  3. On the FortiAP, confirm that console login is enabled:

    FortiAP-433F # wcfg | grep console-login
        console-login        : enabled
  4. Disable console login in the WTP profile:

    config wireless-controller wtp-profile 
        edit FAP433F-default 
            set console-login disable 
    WARNING: changing console-login will reboot managed APs.
        next
    end

    The managed FortiAPs are rebooted.

  5. Log in to the FortiAP with the SSH connection and confirm that console login is disabled:

    FortiAP-433F # wcfg | grep console-login
        console-login        : disabled