Fortinet black logo

FortiLAN Cloud User Guide

Home FortiLAN Cloud 23.2.0 FortiLAN Cloud User Guide
23.2.0
24.1.0
23.4.0
23.3.0
23.2.0
23.1.0
22.4.0
22.3.0

Adding a FortiAP platform profile

Adding a FortiAP platform profile

FortiLAN Cloud provides default platform (AP) profiles for each supported model. All APs of a given model can use their default platform profile. However, more profiles can be added, edited, and then assigned to APs, thereby changing their characteristic. For instance, two FAP221E models can have their own platform profiles, one with rogue scanning disabled (using default platform profile) and the other enabled (using a customized platform profile).

Other parameters that you can customize for each AP using its own platform profile include radio band, channel, channel width, and transmit power.

When you perform the Configuring FortiAP settings procedure, you can select the FortiAP platform profile that you added using this procedure.

Procedure steps

  1. In the Menu bar,navigate to Configuration > Operation Profiles > FortiAP Platform Profile.
  2. Near the top-right corner, click Add Platform Profile.
  3. Customize the profile and update the following fields.
    Select the required Platform (AP model) for your network and Country, optionally, enter any Comments related to the platform profile.
  4. Configure the following options as per your network requirement.

    Configuration

    Description

    LED OffDisables the LEDs from glowing on the FortiAP.

    Dedicated Monitor

    In this mode, during FortiAP operation the radio scans for other available APs as a dedicated monitor.

    • When enabled, all radios except the last one do not scan, hence you cannot apply the WIDS profile to the last radio (WIDS option not available). This radio can be in disabled/monitor mode with/without WIDS profile.

    • When disabled, you can apply the WIDS profile to all radios.

    Note: This features is available only for F-series and G-series models and works only with Single-5G mode in G-series models.

    Short Guard Interval

    Configure the short guard interval to protect symbols (characters) transmitted in your packet from damaging other symbols by eliminating inter-symbol interference, thereby enhancing throughput. This is set to 400 nano seconds.

    Channel Utilization

    Select this option to monitor FortiAP's per radio channel utilization.

    Radio Resource Provision

    Select to enable DARRP to measures utilization and interference on the available channels and automatically and periodically select the optimal channel for your FortiAP.

    Client Load Balancing

    Wireless load balancing allows your wireless network to distribute wireless traffic more efficiently among FortiAPs and available frequency bands. The following types of client load balancing are supported.

    AP Handoff - The wireless controller signals a client to switch to another access point.

    Frequency Handoff - The wireless controller monitors the usage of 2.4 GHz and 5 GHz bands, and signals clients to switch to the lesser-used frequency.

    TX Power

    High-density deployments cover a small area that has many clients. Maximum AP signal power is usually not required. Enabling Automatic TX Power Control reduces power and interference between APs. This feature is based on the interference level of the strongest neighbour AP signal being higher than -70dBm. Additionally, you can configure the interference level as per your wireless network deployment.

    Configuring the target Tx power is particularly beneficial in high density deployments where multiple APs serve on the same channel. In such a scenario, it is possible that the highest neighbour AP signal strength could be greater than -70dBm. For example, if the AP signal strength is -50dBm, then the target value must be set close to -50dBm. Hence, avoiding the reduction of Tx power to very low values leading to coverage issues. The optimal value for this parameter is set based on the average RSSI of the neighbour APs, that is observed (as normal) in a deployment.

    The automatic Tx power is computed based on the target value, assume the strongest neighbour AP signal =S and the auto Tx power target = T, then:

    • If S > T: the current TX power is reduced by (S-T)
    • If S < T: the current TX power is increased by (T-S)
    Rogue AP Scan

    The access point radio scans, detects, and reports rogue APs in your network.

    Call Admission Control

    Enable to regulate voice traffic and specify the Call Capacity, the maximum number of concurrent VoIP calls allowed. The valid range is 0 – 60 and default is 10.

    Bandwidth Admission Control: Enable to limit traffic bandwidth usage and specify the Bandwidth Capacity, the bandwidth usage per second. The valid range is 0 – 600000 kbps and default is 2000 kbps.

    LAN Port

    To use the LAN port, run the cfg -a WANLAN_MODE=WAN-LAN command in the FortiAP, and select any of the following options.

    • NAT to WAN

    • Bridge to WAN

    • Bridge to SSID


    The following features require a license for advanced AP management.

    Configuration

    Description

    Dynamic Radio Mode Assignment

    The Adaptive Radio Architecture (ARA) centralizes and improves the overall efficiency of the wireless network in high traffic conditions. Dynamic Radio Mode Assignment (DRMA) is a feature in ARA that enables FortiAPs to calculate the network coverage factor (NCF) based on radio interference.

    The NCF value is calculated at configured intervals and is based on overlapping coverage in a radio coverage area. When DRMA is enabled and the NCF value crosses the configured threshold, then the radio becomes redundant by switching from AP mode to monitor mode. On subsequent NCF calculation, if the value is below the threshold then the radio switches back to AP mode.

    The DRMA Sensitivity determines the NCF threshold value to consider a radio redundant or not. The following are the permissible values.

    • Low: 100% NCF
    • Medium: 95% NCF
    • High: 90% NCF

    You can configure the DRMA interval in Network Settingsand override the configuration in Overriding FortiAP Settings

    You can view the DRMA AP events in the Wireless logs displayed in Viewing the FortiAP status. Logs are generated when DRMA runs and stops, also, whenever the operational mode of the radio changes.

    Upgrade APs upon Connect

    Enables upgrade of newly deployed FortiAPs associated with this Platform profile. The firmware is upgraded to the Target Firmware Version when the FortiAP connects to the FortiLAN Cloud. If this FortiAP is included in the Scheduled Upgrade profile ensure that the target firmware versions match. To upgrade fully deployed FortiAPs, see Configuring Scheduled Upgrades.

    Force Downgrade

    Forcefully downgrades newly deployed FortiAPs with a firmware version greater than the Target Firmware Version.

    Target Firmware Version

    The firmware version that the newly deployed FortiAPs are upgraded/downgraded to.

    Enhanced LoggingEnable to receive and store more than 50 categories of logs from the FortiAPs with detailed insights into all network activity. The logs provide specific insights into different stages of client connection to troubleshoot/enhance poor wireless connectivity experience.

    Console Login

    You can enable/disable console port access on the FortiAP. This feature is enabled by default and is supported on FortiOS 7.0.1 and higher. You can edit the access point settings to override this feature configuration on a per FortiAP basis (Console Login Override)

    Note: Modifying this feature setting reboots the FortiAP.

    Airtime FairnessWi-Fi has a natural tendency for clients farther away or clients at lower data rates to monopolize the airtime and drag down the overall performance. Airtime Fairness (ATF) helps to improve the overall network performance.
    AP Scan ThresholdConfigures the threshold for minimum detected signal strength required for a FortiAP to be categorized as an interfering/rogue AP when a scan is performed. This parameter is supported in the monitor mode and conditionally in the AP mode with either of the these parameters enabled, Radio Resource Provision, Auto TX Power Control enabled, Rogue AP Scan. The valid range of signal strength is -95 to -20 dBm with a default of -90 dBm.

    Beacon Interval (ms)

    Configures the time interval between two successive beacon frames. The beacon interval is measured in milliseconds and supports a valid range of 40 – 3500 milliseconds with a default of 100 milliseconds. Higher beacon intervals aid in the power saving capability of wireless clients and lower beacon intervals keep fast roaming clients connected to the network.

    DTIM Period

    Configures the Delivery Traffic Indication Map (DTIM) interval to transmit buffered multicast and broadcast data, after the beacon is broadcast. This enables wireless clients in power-saving mode to wake up at a suitable time to check for buffered traffic. Higher DTIM period aids in the power saving capability of wireless clients and lower DTIM period speeds up broadcast and multicast data delivery to wireless clients. The valid range is 1 -255 with a default of 1.
    The recommended values are 1 (to transmit broadcast and multicast data after every beacon) and 2 (to transmit broadcast and multicast data after every other beacon).

    TX Optimization

    The data packet transmit optimization feature enables a set of options in your FortiAP to enhance transmission performance and minimize packet loss.
    Note: This feature is supported only on 2.4G radios of the FAP-U series.
    The following optimization options are available and are enabled by default.

    • Power Save: Tags the client as operating in the power-save mode if excessive transmit retries are detected.
    • Aggregation Limit: Reduces the aggregation limit if the data transmission rate is low.
    • Retry Limit: Reduces the software retry limit if the data transmission rate is low.
    • Send BAR: Limits the transmission of the BAR (Block Acknowledgement Request) frames.

    This feature is disabled if none of the options is selected.

  5. To save the profile, click Apply.

    The list of profiles includes the new FortiAP platform profile.

Previous
Next

Adding a FortiAP platform profile

FortiLAN Cloud provides default platform (AP) profiles for each supported model. All APs of a given model can use their default platform profile. However, more profiles can be added, edited, and then assigned to APs, thereby changing their characteristic. For instance, two FAP221E models can have their own platform profiles, one with rogue scanning disabled (using default platform profile) and the other enabled (using a customized platform profile).

Other parameters that you can customize for each AP using its own platform profile include radio band, channel, channel width, and transmit power.

When you perform the Configuring FortiAP settings procedure, you can select the FortiAP platform profile that you added using this procedure.

Procedure steps

  1. In the Menu bar,navigate to Configuration > Operation Profiles > FortiAP Platform Profile.
  2. Near the top-right corner, click Add Platform Profile.
  3. Customize the profile and update the following fields.
    Select the required Platform (AP model) for your network and Country, optionally, enter any Comments related to the platform profile.
  4. Configure the following options as per your network requirement.

    Configuration

    Description

    LED OffDisables the LEDs from glowing on the FortiAP.

    Dedicated Monitor

    In this mode, during FortiAP operation the radio scans for other available APs as a dedicated monitor.

    • When enabled, all radios except the last one do not scan, hence you cannot apply the WIDS profile to the last radio (WIDS option not available). This radio can be in disabled/monitor mode with/without WIDS profile.

    • When disabled, you can apply the WIDS profile to all radios.

    Note: This features is available only for F-series and G-series models and works only with Single-5G mode in G-series models.

    Short Guard Interval

    Configure the short guard interval to protect symbols (characters) transmitted in your packet from damaging other symbols by eliminating inter-symbol interference, thereby enhancing throughput. This is set to 400 nano seconds.

    Channel Utilization

    Select this option to monitor FortiAP's per radio channel utilization.

    Radio Resource Provision

    Select to enable DARRP to measures utilization and interference on the available channels and automatically and periodically select the optimal channel for your FortiAP.

    Client Load Balancing

    Wireless load balancing allows your wireless network to distribute wireless traffic more efficiently among FortiAPs and available frequency bands. The following types of client load balancing are supported.

    AP Handoff - The wireless controller signals a client to switch to another access point.

    Frequency Handoff - The wireless controller monitors the usage of 2.4 GHz and 5 GHz bands, and signals clients to switch to the lesser-used frequency.

    TX Power

    High-density deployments cover a small area that has many clients. Maximum AP signal power is usually not required. Enabling Automatic TX Power Control reduces power and interference between APs. This feature is based on the interference level of the strongest neighbour AP signal being higher than -70dBm. Additionally, you can configure the interference level as per your wireless network deployment.

    Configuring the target Tx power is particularly beneficial in high density deployments where multiple APs serve on the same channel. In such a scenario, it is possible that the highest neighbour AP signal strength could be greater than -70dBm. For example, if the AP signal strength is -50dBm, then the target value must be set close to -50dBm. Hence, avoiding the reduction of Tx power to very low values leading to coverage issues. The optimal value for this parameter is set based on the average RSSI of the neighbour APs, that is observed (as normal) in a deployment.

    The automatic Tx power is computed based on the target value, assume the strongest neighbour AP signal =S and the auto Tx power target = T, then:

    • If S > T: the current TX power is reduced by (S-T)
    • If S < T: the current TX power is increased by (T-S)
    Rogue AP Scan

    The access point radio scans, detects, and reports rogue APs in your network.

    Call Admission Control

    Enable to regulate voice traffic and specify the Call Capacity, the maximum number of concurrent VoIP calls allowed. The valid range is 0 – 60 and default is 10.

    Bandwidth Admission Control: Enable to limit traffic bandwidth usage and specify the Bandwidth Capacity, the bandwidth usage per second. The valid range is 0 – 600000 kbps and default is 2000 kbps.

    LAN Port

    To use the LAN port, run the cfg -a WANLAN_MODE=WAN-LAN command in the FortiAP, and select any of the following options.

    • NAT to WAN

    • Bridge to WAN

    • Bridge to SSID


    The following features require a license for advanced AP management.

    Configuration

    Description

    Dynamic Radio Mode Assignment

    The Adaptive Radio Architecture (ARA) centralizes and improves the overall efficiency of the wireless network in high traffic conditions. Dynamic Radio Mode Assignment (DRMA) is a feature in ARA that enables FortiAPs to calculate the network coverage factor (NCF) based on radio interference.

    The NCF value is calculated at configured intervals and is based on overlapping coverage in a radio coverage area. When DRMA is enabled and the NCF value crosses the configured threshold, then the radio becomes redundant by switching from AP mode to monitor mode. On subsequent NCF calculation, if the value is below the threshold then the radio switches back to AP mode.

    The DRMA Sensitivity determines the NCF threshold value to consider a radio redundant or not. The following are the permissible values.

    • Low: 100% NCF
    • Medium: 95% NCF
    • High: 90% NCF

    You can configure the DRMA interval in Network Settingsand override the configuration in Overriding FortiAP Settings

    You can view the DRMA AP events in the Wireless logs displayed in Viewing the FortiAP status. Logs are generated when DRMA runs and stops, also, whenever the operational mode of the radio changes.

    Upgrade APs upon Connect

    Enables upgrade of newly deployed FortiAPs associated with this Platform profile. The firmware is upgraded to the Target Firmware Version when the FortiAP connects to the FortiLAN Cloud. If this FortiAP is included in the Scheduled Upgrade profile ensure that the target firmware versions match. To upgrade fully deployed FortiAPs, see Configuring Scheduled Upgrades.

    Force Downgrade

    Forcefully downgrades newly deployed FortiAPs with a firmware version greater than the Target Firmware Version.

    Target Firmware Version

    The firmware version that the newly deployed FortiAPs are upgraded/downgraded to.

    Enhanced LoggingEnable to receive and store more than 50 categories of logs from the FortiAPs with detailed insights into all network activity. The logs provide specific insights into different stages of client connection to troubleshoot/enhance poor wireless connectivity experience.

    Console Login

    You can enable/disable console port access on the FortiAP. This feature is enabled by default and is supported on FortiOS 7.0.1 and higher. You can edit the access point settings to override this feature configuration on a per FortiAP basis (Console Login Override)

    Note: Modifying this feature setting reboots the FortiAP.

    Airtime FairnessWi-Fi has a natural tendency for clients farther away or clients at lower data rates to monopolize the airtime and drag down the overall performance. Airtime Fairness (ATF) helps to improve the overall network performance.
    AP Scan ThresholdConfigures the threshold for minimum detected signal strength required for a FortiAP to be categorized as an interfering/rogue AP when a scan is performed. This parameter is supported in the monitor mode and conditionally in the AP mode with either of the these parameters enabled, Radio Resource Provision, Auto TX Power Control enabled, Rogue AP Scan. The valid range of signal strength is -95 to -20 dBm with a default of -90 dBm.

    Beacon Interval (ms)

    Configures the time interval between two successive beacon frames. The beacon interval is measured in milliseconds and supports a valid range of 40 – 3500 milliseconds with a default of 100 milliseconds. Higher beacon intervals aid in the power saving capability of wireless clients and lower beacon intervals keep fast roaming clients connected to the network.

    DTIM Period

    Configures the Delivery Traffic Indication Map (DTIM) interval to transmit buffered multicast and broadcast data, after the beacon is broadcast. This enables wireless clients in power-saving mode to wake up at a suitable time to check for buffered traffic. Higher DTIM period aids in the power saving capability of wireless clients and lower DTIM period speeds up broadcast and multicast data delivery to wireless clients. The valid range is 1 -255 with a default of 1.
    The recommended values are 1 (to transmit broadcast and multicast data after every beacon) and 2 (to transmit broadcast and multicast data after every other beacon).

    TX Optimization

    The data packet transmit optimization feature enables a set of options in your FortiAP to enhance transmission performance and minimize packet loss.
    Note: This feature is supported only on 2.4G radios of the FAP-U series.
    The following optimization options are available and are enabled by default.

    • Power Save: Tags the client as operating in the power-save mode if excessive transmit retries are detected.
    • Aggregation Limit: Reduces the aggregation limit if the data transmission rate is low.
    • Retry Limit: Reduces the software retry limit if the data transmission rate is low.
    • Send BAR: Limits the transmission of the BAR (Block Acknowledgement Request) frames.

    This feature is disabled if none of the options is selected.

  5. To save the profile, click Apply.

    The list of profiles includes the new FortiAP platform profile.

Previous
Next