Fortinet black logo

FortiLAN Cloud User Guide

Home FortiLAN Cloud 24.1.0 FortiLAN Cloud User Guide
24.1.0
24.1.0
23.4.0
23.3.0
23.2.0
23.1.0
22.4.0
22.3.0

Network Settings

Network Settings

Use this procedure to configure and manage specific network settings.

  1. On the FortiLAN Cloud Home page, select the network that you want to edit.
  2. In the Menu bar, navigate to Configuration > Network.
Editing the Network Time Zone

Locate the Network Info section and in the Time Zone drop-down list, select the time zone. Click Apply and verify the updated time.

  1. Go back to the FortiLAN Cloud Home page.
  2. Locate the network that you selected in step 1.
Enabling Network Alerts

Locate the AP Network Alert section. If you want to use the email associated with the FortiLAN Cloud account, click Use Account Email. Otherwise, in the Send alerts via email to field, type an email address. Click Apply. The email alerts are sent only for FortiAP down event (after 10-15 minutes (approximately)).

Editing Radio Scan Settings

Use this procedure to change the following radio scan settings:

  • editing background scan interval (in seconds)
  • disabling background scan
  • enabling passive scan mode (no probe)

Note: These settings can optionally be overridden by a WIDS profile, if any, associated with this radio.

Prerequisites

To use the radio scan settings, make sure to enable one of the following platform profile settings:

  • Automatic TX Power Control
  • DRMA
  • Radio Resource Provision
  • Rogue AP Scan

For details about the platform profile, see the FortiAP Platform Profile procedure.

In the Radio Scan section, complete the updates and click Apply.

NAT Session Keep Alive Timer

The FortiAP sends a probe message to the cloud servers at the configured NAT Session Keep Alive timer duration. This ensures NAT sessions on all intermediate devices in the network path are kept alive. This feature is especially beneficial in case of firewalls with short lived NAT sessions, that sometimes cause the FortiAPs to go offline.

Notes:

  • This feature is applied to all FortiAPs in the network.

  • This feature is supported on FortiAP version 7.4.2 and above.

Managing Automatic FortiAP Reboot

This feature allows you to configure FortiAPs for an automatic reboot when they lose connection with the cloud controller. In such a scenario, this feature reduces network downtime and eliminates the need for manual intervention. If the SSIDs are configured on the FortiAP in standalone mode (such as PSK authentication), then the FortiAP does not interact with the cloud controller for authentication of wireless clients. However, in some cases (such as Enterprise authentication with cloud user/group or MAC allow lists), the SSIDs are in the non-standalone mode, that is, the FortiAP needs to interact with the cloud controller for authentication. This feature is configured separately for standalone and non-standalone SSIDs.

  • FortiAPs deployed with Cloud dependent features - Enable AP Reboot with Timer - Enable the automatic reboot of the FortiAP and configure the time interval the FortiAP waits before automatic rebooting, after losing connection with the cloud controller. The valid range is 5 to 65535 minutes and the default is 60 minutes.

  • FortiAPs deployed with at least one standalone SSID - Enable AP reboot with timer - Enable automatic reboot in case if there is at least one standalone SSID beaconed by the FortiAP. Enter the time interval the FortiAP waits before automatic rebooting. The valid range is 5 to 65535 minutes and the default is 60 minutes.

  • Schedule AP reboot - Enable the FortiAP to automatically reboot at a specific time when standalone SSIDs are pushed to the FortiAP in the previous session.

Note: This feature is supported on FortiAPs version 7.4.2 and above.

Editing Timeout Settings

You can edit the timeout settings for Idle Client and Captive Portal User Authentication.

Enabling Duplicate SSID

A duplicate SSID bears the same wireless network SSID as another original SSID. The duplicate SSID can have different configurations and can be deployed on different APs/AP groups (AP tags).

Consider an example of an organization where an original SSID Staff is configured on AP Group 1 located at the company headquarters. The duplicate SSID Staff is configured on AP Group 2 located at the company branch. Both these SSIDs have different configurations, such as, VLANs, QoS, and so on. A wireless client moving from the headquarters (AP Group 1) to the branch (AP Group 2) seamlessly transitions from the original SSID Staff to the duplicate SSID Staff and is now governed by the configurations of the duplicate SSID.

The OID of the duplicate SSID is displayed for easy identification.

Note: The original and duplicate SSIDs must NOT be deployed on the same AP. This may prevent the wireless client from connecting to the desired SSID.

You must delete the duplicate SSIDs before disabling this feature.

Enabling DRMA Timeout

You can configure the specific interval to run DRMA in the Network configuration. The valid range is 10 - 1440 minutes.

Previous
Next

Network Settings

Use this procedure to configure and manage specific network settings.

  1. On the FortiLAN Cloud Home page, select the network that you want to edit.
  2. In the Menu bar, navigate to Configuration > Network.
Editing the Network Time Zone

Locate the Network Info section and in the Time Zone drop-down list, select the time zone. Click Apply and verify the updated time.

  1. Go back to the FortiLAN Cloud Home page.
  2. Locate the network that you selected in step 1.
Enabling Network Alerts

Locate the AP Network Alert section. If you want to use the email associated with the FortiLAN Cloud account, click Use Account Email. Otherwise, in the Send alerts via email to field, type an email address. Click Apply. The email alerts are sent only for FortiAP down event (after 10-15 minutes (approximately)).

Editing Radio Scan Settings

Use this procedure to change the following radio scan settings:

  • editing background scan interval (in seconds)
  • disabling background scan
  • enabling passive scan mode (no probe)

Note: These settings can optionally be overridden by a WIDS profile, if any, associated with this radio.

Prerequisites

To use the radio scan settings, make sure to enable one of the following platform profile settings:

  • Automatic TX Power Control
  • DRMA
  • Radio Resource Provision
  • Rogue AP Scan

For details about the platform profile, see the FortiAP Platform Profile procedure.

In the Radio Scan section, complete the updates and click Apply.

NAT Session Keep Alive Timer

The FortiAP sends a probe message to the cloud servers at the configured NAT Session Keep Alive timer duration. This ensures NAT sessions on all intermediate devices in the network path are kept alive. This feature is especially beneficial in case of firewalls with short lived NAT sessions, that sometimes cause the FortiAPs to go offline.

Notes:

  • This feature is applied to all FortiAPs in the network.

  • This feature is supported on FortiAP version 7.4.2 and above.

Managing Automatic FortiAP Reboot

This feature allows you to configure FortiAPs for an automatic reboot when they lose connection with the cloud controller. In such a scenario, this feature reduces network downtime and eliminates the need for manual intervention. If the SSIDs are configured on the FortiAP in standalone mode (such as PSK authentication), then the FortiAP does not interact with the cloud controller for authentication of wireless clients. However, in some cases (such as Enterprise authentication with cloud user/group or MAC allow lists), the SSIDs are in the non-standalone mode, that is, the FortiAP needs to interact with the cloud controller for authentication. This feature is configured separately for standalone and non-standalone SSIDs.

  • FortiAPs deployed with Cloud dependent features - Enable AP Reboot with Timer - Enable the automatic reboot of the FortiAP and configure the time interval the FortiAP waits before automatic rebooting, after losing connection with the cloud controller. The valid range is 5 to 65535 minutes and the default is 60 minutes.

  • FortiAPs deployed with at least one standalone SSID - Enable AP reboot with timer - Enable automatic reboot in case if there is at least one standalone SSID beaconed by the FortiAP. Enter the time interval the FortiAP waits before automatic rebooting. The valid range is 5 to 65535 minutes and the default is 60 minutes.

  • Schedule AP reboot - Enable the FortiAP to automatically reboot at a specific time when standalone SSIDs are pushed to the FortiAP in the previous session.

Note: This feature is supported on FortiAPs version 7.4.2 and above.

Editing Timeout Settings

You can edit the timeout settings for Idle Client and Captive Portal User Authentication.

Enabling Duplicate SSID

A duplicate SSID bears the same wireless network SSID as another original SSID. The duplicate SSID can have different configurations and can be deployed on different APs/AP groups (AP tags).

Consider an example of an organization where an original SSID Staff is configured on AP Group 1 located at the company headquarters. The duplicate SSID Staff is configured on AP Group 2 located at the company branch. Both these SSIDs have different configurations, such as, VLANs, QoS, and so on. A wireless client moving from the headquarters (AP Group 1) to the branch (AP Group 2) seamlessly transitions from the original SSID Staff to the duplicate SSID Staff and is now governed by the configurations of the duplicate SSID.

The OID of the duplicate SSID is displayed for easy identification.

Note: The original and duplicate SSIDs must NOT be deployed on the same AP. This may prevent the wireless client from connecting to the desired SSID.

You must delete the duplicate SSIDs before disabling this feature.

Enabling DRMA Timeout

You can configure the specific interval to run DRMA in the Network configuration. The valid range is 10 - 1440 minutes.

Previous
Next