Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

Add GUI visibility for Advanced Wireless Features 7.2.1

This enhancement adds visibility for configuring advanced options for wireless features in the FortiGate GUI. You can go to Feature Visibility and enable Advanced Wireless Features to access the following:

  • New navigation entries under WiFi & Switch Controller
    • Operation Profiles: FortiAP, QoS, and FortiAP Configuration.

    • Connectivity Profiles: MPSK and Bonjour.

    • Protection Profiles: WIDS and L3 Firewall (also known as L3 Access Control List configurations for FortiAPs).

  • Additional advanced options for wireless features under the SSIDs and WiFi Settings entries.
    • SSIDs > Edit Interface: Voice-Enterprise, Multiband operation, Fast BSS transition, Probe response suppression, Sticky client removal, multicast enhancement, IGMP snooping, Radio sensitivity, Airtime weight, QoS profile, and L3 firewall profile.

    • WiFi Settings: Duplicate SSID, DARRP, Phishing SSID detection, and SNMP settings.

A new CLI command is added under system settings to enable the advanced WiFi features on GUI.

To enable Advanced Wireless Features - GUI:
  1. From the FortiOS GUI, go to System > Feature Visibility.
  2. Under the Additional Features column, locate and enable Advanced Wireless Features.

  3. Click Apply.

    The Navigation bar reloads with the new features visible.

To enable Advanced Wireless Features - CLI:
config system settings
    set gui-advanced-wireless-features enable
end

Operations Profiles Entry

When you enable Advanced Wireless Features, FortiAP Profiles is renamed to Operation Profiles and contains additional tabs that enable you to manage QoS and FortiAP Configuration profiles.

FortiAP Profile Advanced Settings

When you create or edit a FortiAP profile, you can configure additional advanced settings.

QoS Profiles

You can create or edit Quality of Service (QoS) profiles by clicking the QoS Profiles tab.

Click Create new to create a QoS profile.

FortiAP Configuration Profiles

You can create or edit FortiAP Configuration Profile for managing local FortiAP configuration by clicking the FortiAP Configuration Profiles tab.

Click Create new to create a FortiAP Configuration profile.

Connectivity Profiles Entry

You can access Connectivity Profiles to manage your MPSK and Bonjour profiles.

MPSK Profiles

After you click Connectivity Profile, the MPSK Profiles tab loads by default. From there you can create or edit MPSK profiles to manage multiple pre-shared keys.

Click Create new to create an MPSK profile.

From there you can create and add MPSK groups and determine how you want to add your MPSK keys.

Bonjour Profiles

Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connect to networks using Bonjour. You can create or edit Bonjour profiles by clicking the Bonjour Profiles tab.

Click Create new to create a Bonjour profile.

From there you can create and add policies that determine which services you want to advertise across the network.

Protection Profiles Entry

When you enable Advanced Wireless Features, WIDS Profiles is renamed to Protection Profiles and contains additional tabs that enable you to manage L3 Firewall Profiles.

WIDS Profiles

After you click Protection Profiles, the WIDS Profiles tab loads by default. From there you can create or edit WIDS profiles to configure the type of security threats you want to monitor.

L3 Firewall Profile

You can create or edit L3 Firewall Profiles to configure the WiFi bridge access control list by clicking the L3 Firewall Profiles tab.

Click Create new to create a L3 Firewall profile.

From there, you can create IPv4 or IPv6 rule lists to allow or deny traffic that matches the configured policy.

Advanced SSID options

When you create or edit an SSID, you can configure additional advanced settings.

 

Advanced WiFi Settings options

More options are exposed on WiFi Settings page, including Duplicate SSID, DARRP related settings, Phishing SSID detection setting, and SNMP settings.

Add GUI visibility for Advanced Wireless Features 7.2.1

This enhancement adds visibility for configuring advanced options for wireless features in the FortiGate GUI. You can go to Feature Visibility and enable Advanced Wireless Features to access the following:

  • New navigation entries under WiFi & Switch Controller
    • Operation Profiles: FortiAP, QoS, and FortiAP Configuration.

    • Connectivity Profiles: MPSK and Bonjour.

    • Protection Profiles: WIDS and L3 Firewall (also known as L3 Access Control List configurations for FortiAPs).

  • Additional advanced options for wireless features under the SSIDs and WiFi Settings entries.
    • SSIDs > Edit Interface: Voice-Enterprise, Multiband operation, Fast BSS transition, Probe response suppression, Sticky client removal, multicast enhancement, IGMP snooping, Radio sensitivity, Airtime weight, QoS profile, and L3 firewall profile.

    • WiFi Settings: Duplicate SSID, DARRP, Phishing SSID detection, and SNMP settings.

A new CLI command is added under system settings to enable the advanced WiFi features on GUI.

To enable Advanced Wireless Features - GUI:
  1. From the FortiOS GUI, go to System > Feature Visibility.
  2. Under the Additional Features column, locate and enable Advanced Wireless Features.

  3. Click Apply.

    The Navigation bar reloads with the new features visible.

To enable Advanced Wireless Features - CLI:
config system settings
    set gui-advanced-wireless-features enable
end

Operations Profiles Entry

When you enable Advanced Wireless Features, FortiAP Profiles is renamed to Operation Profiles and contains additional tabs that enable you to manage QoS and FortiAP Configuration profiles.

FortiAP Profile Advanced Settings

When you create or edit a FortiAP profile, you can configure additional advanced settings.

QoS Profiles

You can create or edit Quality of Service (QoS) profiles by clicking the QoS Profiles tab.

Click Create new to create a QoS profile.

FortiAP Configuration Profiles

You can create or edit FortiAP Configuration Profile for managing local FortiAP configuration by clicking the FortiAP Configuration Profiles tab.

Click Create new to create a FortiAP Configuration profile.

Connectivity Profiles Entry

You can access Connectivity Profiles to manage your MPSK and Bonjour profiles.

MPSK Profiles

After you click Connectivity Profile, the MPSK Profiles tab loads by default. From there you can create or edit MPSK profiles to manage multiple pre-shared keys.

Click Create new to create an MPSK profile.

From there you can create and add MPSK groups and determine how you want to add your MPSK keys.

Bonjour Profiles

Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow APs and FortiAPs to connect to networks using Bonjour. You can create or edit Bonjour profiles by clicking the Bonjour Profiles tab.

Click Create new to create a Bonjour profile.

From there you can create and add policies that determine which services you want to advertise across the network.

Protection Profiles Entry

When you enable Advanced Wireless Features, WIDS Profiles is renamed to Protection Profiles and contains additional tabs that enable you to manage L3 Firewall Profiles.

WIDS Profiles

After you click Protection Profiles, the WIDS Profiles tab loads by default. From there you can create or edit WIDS profiles to configure the type of security threats you want to monitor.

L3 Firewall Profile

You can create or edit L3 Firewall Profiles to configure the WiFi bridge access control list by clicking the L3 Firewall Profiles tab.

Click Create new to create a L3 Firewall profile.

From there, you can create IPv4 or IPv6 rule lists to allow or deny traffic that matches the configured policy.

Advanced SSID options

When you create or edit an SSID, you can configure additional advanced settings.

 

Advanced WiFi Settings options

More options are exposed on WiFi Settings page, including Duplicate SSID, DARRP related settings, Phishing SSID detection setting, and SNMP settings.