Support wireless client mode on FortiWiFi 80F series models 7.2.4
|
This information is also available in the FortiWiFi and FortiAP 7.2 Configuration Guide: |
This release supports wireless client mode on FortiWiFi 80F series models. When wireless client mode is successfully configured, a default static route to the "aplink" interface is automatically created. To allow outgoing traffic to use this wireless client connection, you must configure a firewall policy from the wired internal/LAN interface as the source interface to the "aplink" interface as the destination interface.
|
|
Before setting up the FortiWiFi unit as a wireless client using the steps described below, make sure to remove any AP WiFi configurations such as SSIDs, DHCP servers, policies, and software switch members using the CLI or GUI. |
To configure wireless client mode - GUI:
-
Go to WiFi and Switch Controller > Local WiFi Radio and change the Mode to Wireless Client.
Note: You must remove any AP WiFi configurations such as SSIDs, DHCP servers, policies, and software switch members before you can change the mode to Wireless Client. Once you select Wireless Client, the FortiWiFi unit will reboot.
- Click Add Network and select an SSID to set up the WiFi connection.
- Click OK to save the WiFi Network Connection Setting.
-
From the Local WiFi Radio page, verify that the WiFi network is connected.
-
Go to Policy & Object > Firewall Policy and click Create New to create a firewall policy.
-
Enter the following policy information:
Incoming Interface
internal
Outgoing Interface
aplink
For FortiWiFi 80F series models, you must select "aplink" as the destination interface in the firewall policy. Older FortiWiFi models must select "wifi" as the destination interface.
-
Configure remaining fields as needed, when you are finished, click OK.
-
Connect a wired station to the internal ports of the FortiWiFi to verify that it can pass traffic to the Internet.
To configure wireless client mode - CLI:
-
Change the wireless mode to client.
config system global set wireless-mode client end
Note: You must remove any AP WiFi configurations such as SSIDs, DHCP servers, policies, and software switch members before you can change the mode to Wireless Client. Once you select Wireless Client, the FortiWiFi unit will reboot.
-
Set up a wifi-network entry under interface "wifi".
config system interface edit "wifi" config wifi-networks edit 1 set wifi-ssid "FOS_61F_psk" set wifi-passphrase * next end next end -
Verify that the network connection is connected.
FortiWiFi-80F-2R # diagnose wireless-controller wlsta cfg STA intf name: wlan17 status: up ip: 10.10.80.4 mac: d5:73:a0:7d:49:27 auto connect: yes auto save: no ap band: any wifi network cnt: 1 1: FOS_61F_psk, 8, 1 connected: FOS_61F_psk -
Once you verify the connection, confirm that the default routing to "aplink" is added as static entry.
config router static edit 1 set gateway 192.168.80.2 set device "aplink" next end FortiWiFi-80F-2R # get router info routing-table details Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area V - BGP VPNv4 * - candidate default Routing table for VRF=0 S* 0.0.0.0/0 [10/0] via 192.168.80.2, aplink, [1/0] -
Create a firewall policy from "internal" to "aplink".
For FortiWiFi 80F series models, you must select "aplink" as the destination interface in the firewall policy. Older FortiWiFi models must select "wifi" as the destination interface.
config firewall policy edit 1 set name "lan" set srcintf "internal" set dstintf "aplink" set action accept set srcaddr "all" set dstaddr "all" set schedule "always" set service "ALL" set nat enable next end -
Connect a wired station to the internal ports of the FortiWiFi to verify that it can pass traffic to the Internet.