Fortinet black logo

FortiLAN Cloud User Guide

Home FortiLAN Cloud 24.1.0 FortiLAN Cloud User Guide
24.1.0
24.1.0
23.4.0
23.3.0
23.2.0
23.1.0
22.4.0
22.3.0

FortiAP Platform Profile

FortiAP Platform Profile

FortiLAN Cloud provides default platform (AP) profiles for each supported model. All APs of a given model can use their default platform profile. However, more profiles can be added, edited, and then assigned to APs, thereby changing their characteristic. For instance, two FAP 221E models can have their own platform profiles, one with rogue scanning disabled (using default platform profile) and the other enabled (using a customized platform profile).

Note: The 6 GHz band (Radio 3) is supported for the G series access points only. Related information is available in the dashboard, monitoring, and configuration functions of the GUI.

Other parameters that you can customize for each AP using its own platform profile include radio band, channel, channel width, and transmit power.

When you perform the Configuring FortiAP settings procedure, you can select the FortiAP platform profile that you added using this procedure.

  1. In the Menu bar,navigate to Configuration > Operation Profiles > FortiAP Platform Profile.
  2. Near the top-right corner, click Add Platform Profile.
  3. Customize the profile and update the following fields.
    Select the required Platform (AP model) for your network and Country, optionally, enter any Comments related to the platform profile.
  4. Configure the following options as per your network requirement.

    Configuration

    Description

    LED OffDisables the LEDs from glowing on the FortiAP.

    Deployment Type

    You can select the operating environment for channels of a specific FortiAP, whether indoor or outdoor. This feature facilitates compliance with the access point placement regulations enacted in different geographical locations. You can now override the default placements of FortiAPs when configuring a FortiAP Platform Profile. This feature optimizes Wi-Fi performance and is beneficial in different deployment scenarios, such as the following.

    • Indoor APs are enclosed in outdoor enclosures, mimicking the form factor of their outdoor counterparts.

    • Outdoor APs are temporarily mounted in indoor hangers for testing or maintenance purposes.

    This feature is available only for these FortiAP models, FAP433F , FAP433G , FAP234F, FAP432FR,FAP432F and FAP234G.

    Dedicated Monitor

    In this mode, during FortiAP operation the radio scans for other available APs as a dedicated monitor.

    • When enabled, all radios except the last one do not scan, hence you cannot apply the WIDS profile to the last radio (WIDS option not available). This radio can be in disabled/monitor mode with/without WIDS profile.

    • When disabled, you can apply the WIDS profile to all radios.

    Note: This features is available only for F-series and G-series models and works only with Single-5G mode in G-series models.

    Short Guard Interval

    Configure the short guard interval to protect symbols (characters) transmitted in your packet from damaging other symbols by eliminating inter-symbol interference, thereby enhancing throughput. This is set to 400 nano seconds.

    Channel Utilization

    Select this option to monitor FortiAP's per radio channel utilization.

    Radio Resource Provision

    Select to enable DARRP to measures utilization and interference on the available channels and automatically and periodically select the optimal channel for your FortiAP.

    Client Load Balancing

    Wireless load balancing allows your wireless network to distribute wireless traffic more efficiently among FortiAPs and available frequency bands. The following types of client load balancing are supported.

    AP Handoff - The wireless controller signals a client to switch to another access point.

    Frequency Handoff - The wireless controller monitors the usage of 2.4 GHz and 5 GHz bands, and signals clients to switch to the lesser-used frequency.

    TX Power

    High-density deployments cover a small area that has many clients. Maximum AP signal power is usually not required. Enabling Automatic TX Power Control reduces power and interference between APs. This feature is based on the interference level of the strongest neighbour AP signal being higher than -70dBm. Additionally, you can configure the interference level as per your wireless network deployment.

    Configuring the target Tx power is particularly beneficial in high density deployments where multiple APs serve on the same channel. In such a scenario, it is possible that the highest neighbour AP signal strength could be greater than -70dBm. For example, if the AP signal strength is -50dBm, then the target value must be set close to -50dBm. Hence, avoiding the reduction of Tx power to very low values leading to coverage issues. The optimal value for this parameter is set based on the average RSSI of the neighbour APs, that is observed (as normal) in a deployment.

    The automatic Tx power is computed based on the target value, assume the strongest neighbour AP signal =S and the auto Tx power target = T, then:

    • If S > T: the current TX power is reduced by (S-T)
    • If S < T: the current TX power is increased by (T-S)
    Rogue AP Scan

    The access point radio scans, detects, and reports rogue APs in your network.

    Call Admission Control

    Enable to regulate voice traffic and specify the Call Capacity, the maximum number of concurrent VoIP calls allowed. The valid range is 0 – 60 and default is 10.

    Bandwidth Admission Control: Enable to limit traffic bandwidth usage and specify the Bandwidth Capacity, the bandwidth usage per second. The valid range is 0 – 600000 kbps and default is 2000 kbps.

    LAN Port

    To use the LAN port, run the cfg -a WANLAN_MODE=WAN-LAN command in the FortiAP, and select any of the following options.

    • NAT to WAN

    • Bridge to WAN

    • Bridge to SSID

    UNII-4 5GHz band channels

    FortiAP profiles support UNII-4 5GHz bands for FortiAP G-series models. FortiAP-431G and FortiAP-433G operating in Single 5G mode can make use of the UNII-4 frequency band. The 5.85 GHz-5.925 GHz channels of 169, 173, and 177 become available when configuring the 5GHz radio.

    There are a few important points to note about UNII-4 band usage.

    • UNII-4 5GHz channels are not available when FAP43xG models operate in Dual 5G platform mode.

    • Not all countries allow UNII-4 band usage.

    You can enable UNII-4 5GHz band channels in the Platform profile when operating in Single 5G mode with dedicated scan enabled.

    External Antenna

    • Enable the optional external antenna types for the FAP-432F, FAP-432FR, FAP-433F, FAPU-432F, FAPU-433F, FAP233G, and FAP433G FAP models. Configure the radio specific transmit power values. The supported range is 0 – 20 dBi.


    The following features require a license for advanced AP management.

    Configuration

    Description

    Dynamic Radio Mode Assignment

    The Adaptive Radio Architecture (ARA) centralizes and improves the overall efficiency of the wireless network in high traffic conditions. Dynamic Radio Mode Assignment (DRMA) is a feature in ARA that enables FortiAPs to calculate the network coverage factor (NCF) based on radio interference.

    The NCF value is calculated at configured intervals and is based on overlapping coverage in a radio coverage area. When DRMA is enabled and the NCF value crosses the configured threshold, then the radio becomes redundant by switching from AP mode to monitor mode. On subsequent NCF calculation, if the value is below the threshold then the radio switches back to AP mode.

    The DRMA Sensitivity determines the NCF threshold value to consider a radio redundant or not. The following are the permissible values.

    • Low: 100% NCF
    • Medium: 95% NCF
    • High: 90% NCF

    You can configure the DRMA interval in Network Settingsand override the configuration in Overriding FortiAP Settings

    You can view the DRMA AP events in the Wireless logs displayed in Viewing the FortiAP status. Logs are generated when DRMA runs and stops, also, whenever the operational mode of the radio changes.

    Upgrade APs upon Connect

    Enables upgrade of newly deployed FortiAPs associated with this Platform profile. The firmware is upgraded to the Target Firmware Version when the FortiAP connects to the FortiLAN Cloud. If this FortiAP is included in the Scheduled Upgrade profile ensure that the target firmware versions match. To upgrade fully deployed FortiAPs, see Scheduled Upgrades.

    Force Downgrade

    Forcefully downgrades newly deployed FortiAPs with a firmware version greater than the Target Firmware Version.

    Target Firmware Version

    The firmware version that the newly deployed FortiAPs are upgraded/downgraded to.

    Enhanced LoggingEnable to receive and store more than 50 categories of logs from the FortiAPs with detailed insights into all network activity. The logs provide specific insights into different stages of client connection to troubleshoot/enhance poor wireless connectivity experience.

    Console Login

    You can enable/disable console port access on the FortiAP. This feature is enabled by default and is supported on FortiOS 7.0.1 and higher. You can edit the access point settings to override this feature configuration on a per FortiAP basis (Console Login Override)

    Note: Modifying this feature setting reboots the FortiAP.

    Airtime FairnessWi-Fi has a natural tendency for clients farther away or clients at lower data rates to monopolize the airtime and drag down the overall performance. Airtime Fairness (ATF) helps to improve the overall network performance.
    AP Scan ThresholdConfigures the threshold for minimum detected signal strength required for a FortiAP to be categorized as an interfering/rogue AP when a scan is performed. This parameter is supported in the monitor mode and conditionally in the AP mode with either of the these parameters enabled, Radio Resource Provision, Auto TX Power Control enabled, Rogue AP Scan. The valid range of signal strength is -95 to -20 dBm with a default of -90 dBm.

    Beacon Interval (ms)

    Configures the time interval between two successive beacon frames. The beacon interval is measured in milliseconds and supports a valid range of 40 – 3500 milliseconds with a default of 100 milliseconds. Higher beacon intervals aid in the power saving capability of wireless clients and lower beacon intervals keep fast roaming clients connected to the network.

    DTIM Period

    Configures the Delivery Traffic Indication Map (DTIM) interval to transmit buffered multicast and broadcast data, after the beacon is broadcast. This enables wireless clients in power-saving mode to wake up at a suitable time to check for buffered traffic. Higher DTIM period aids in the power saving capability of wireless clients and lower DTIM period speeds up broadcast and multicast data delivery to wireless clients. The valid range is 1 -255 with a default of 1.
    The recommended values are 1 (to transmit broadcast and multicast data after every beacon) and 2 (to transmit broadcast and multicast data after every other beacon).

    TX Optimization

    The data packet transmit optimization feature enables a set of options in your FortiAP to enhance transmission performance and minimize packet loss.
    Note: This feature is supported only on 2.4G radios of the FAP-U series.
    The following optimization options are available and are enabled by default.

    • Power Save: Tags the client as operating in the power-save mode if excessive transmit retries are detected.
    • Aggregation Limit: Reduces the aggregation limit if the data transmission rate is low.
    • Retry Limit: Reduces the software retry limit if the data transmission rate is low.
    • Send BAR: Limits the transmission of the BAR (Block Acknowledgement Request) frames.

    This feature is disabled if none of the options is selected.

    802.11d

    The 802.11d wireless networking standard, also known as the Country Information Element, allows Wi-Fi devices to dynamically adjust their settings, such as channel selection and transmit power, based on the regulatory domain in which they are operating.

    This adds the ability to toggle 802.11d support for 2.4 GHz radios through a Platform profile. When 802.11d is enabled, the FortiAPs broadcast the country code in beacons, probe responses, and probe requests. This led to some older legacy clients failing to associate to the FortiAP. The ability to disable 802.11d prevents the broadcasting of country code settings and provides backwards compatibility with those clients.

    Note: Since IEEE 802.11d only applies to 2.4 GHz radios operating in the 802.11g band, disabling 802.11d only applies to radios configured to operate in the 802.11g band.

    Energy Efficient Ethernet

    This features is also known as IEEE 802.3az standard for Ethernet devices to consume less power during periods of low data activity. This is supported on all FAP models whose Ethernet NIC supports this feature.

    MIMO Mode Setting

    Configure the Multiple Input Multiple Output (MIMO) mode settings on all FortiAP models with firmware version 7.4.1 or later and on FortiAP-U models with firmware version 7.0.2 and above.

    When configured, multiple antennas are used at both the source (transmitter) and the destination (receiver), to enable data to travel over many signal paths at the same time. These antennas are combined at each end of the communications circuit to improve the capacity of radio transmissions, thereby minimizing errors and optimizing data speed.

    The following MIMO modes are selected for various FortiAP models.

    • FortiAP 23x models - 2x2 MIMO mode

    • FortiAP 32x models - 2x2 and 3x3 MIMO modes

    • FortiAP 43x models - 2x2, 3x3, and 4x4 MIMO modes

    • FortiAP 83x models - 1x1, 2x2, 3x3, 4x4, and 8x8 MIMO modes

    By default, the highest MIMO mode is selected.

  5. To save the profile, click Apply.

    The list of profiles includes the new FortiAP platform profile.

Previous
Next

FortiAP Platform Profile

FortiLAN Cloud provides default platform (AP) profiles for each supported model. All APs of a given model can use their default platform profile. However, more profiles can be added, edited, and then assigned to APs, thereby changing their characteristic. For instance, two FAP 221E models can have their own platform profiles, one with rogue scanning disabled (using default platform profile) and the other enabled (using a customized platform profile).

Note: The 6 GHz band (Radio 3) is supported for the G series access points only. Related information is available in the dashboard, monitoring, and configuration functions of the GUI.

Other parameters that you can customize for each AP using its own platform profile include radio band, channel, channel width, and transmit power.

When you perform the Configuring FortiAP settings procedure, you can select the FortiAP platform profile that you added using this procedure.

  1. In the Menu bar,navigate to Configuration > Operation Profiles > FortiAP Platform Profile.
  2. Near the top-right corner, click Add Platform Profile.
  3. Customize the profile and update the following fields.
    Select the required Platform (AP model) for your network and Country, optionally, enter any Comments related to the platform profile.
  4. Configure the following options as per your network requirement.

    Configuration

    Description

    LED OffDisables the LEDs from glowing on the FortiAP.

    Deployment Type

    You can select the operating environment for channels of a specific FortiAP, whether indoor or outdoor. This feature facilitates compliance with the access point placement regulations enacted in different geographical locations. You can now override the default placements of FortiAPs when configuring a FortiAP Platform Profile. This feature optimizes Wi-Fi performance and is beneficial in different deployment scenarios, such as the following.

    • Indoor APs are enclosed in outdoor enclosures, mimicking the form factor of their outdoor counterparts.

    • Outdoor APs are temporarily mounted in indoor hangers for testing or maintenance purposes.

    This feature is available only for these FortiAP models, FAP433F , FAP433G , FAP234F, FAP432FR,FAP432F and FAP234G.

    Dedicated Monitor

    In this mode, during FortiAP operation the radio scans for other available APs as a dedicated monitor.

    • When enabled, all radios except the last one do not scan, hence you cannot apply the WIDS profile to the last radio (WIDS option not available). This radio can be in disabled/monitor mode with/without WIDS profile.

    • When disabled, you can apply the WIDS profile to all radios.

    Note: This features is available only for F-series and G-series models and works only with Single-5G mode in G-series models.

    Short Guard Interval

    Configure the short guard interval to protect symbols (characters) transmitted in your packet from damaging other symbols by eliminating inter-symbol interference, thereby enhancing throughput. This is set to 400 nano seconds.

    Channel Utilization

    Select this option to monitor FortiAP's per radio channel utilization.

    Radio Resource Provision

    Select to enable DARRP to measures utilization and interference on the available channels and automatically and periodically select the optimal channel for your FortiAP.

    Client Load Balancing

    Wireless load balancing allows your wireless network to distribute wireless traffic more efficiently among FortiAPs and available frequency bands. The following types of client load balancing are supported.

    AP Handoff - The wireless controller signals a client to switch to another access point.

    Frequency Handoff - The wireless controller monitors the usage of 2.4 GHz and 5 GHz bands, and signals clients to switch to the lesser-used frequency.

    TX Power

    High-density deployments cover a small area that has many clients. Maximum AP signal power is usually not required. Enabling Automatic TX Power Control reduces power and interference between APs. This feature is based on the interference level of the strongest neighbour AP signal being higher than -70dBm. Additionally, you can configure the interference level as per your wireless network deployment.

    Configuring the target Tx power is particularly beneficial in high density deployments where multiple APs serve on the same channel. In such a scenario, it is possible that the highest neighbour AP signal strength could be greater than -70dBm. For example, if the AP signal strength is -50dBm, then the target value must be set close to -50dBm. Hence, avoiding the reduction of Tx power to very low values leading to coverage issues. The optimal value for this parameter is set based on the average RSSI of the neighbour APs, that is observed (as normal) in a deployment.

    The automatic Tx power is computed based on the target value, assume the strongest neighbour AP signal =S and the auto Tx power target = T, then:

    • If S > T: the current TX power is reduced by (S-T)
    • If S < T: the current TX power is increased by (T-S)
    Rogue AP Scan

    The access point radio scans, detects, and reports rogue APs in your network.

    Call Admission Control

    Enable to regulate voice traffic and specify the Call Capacity, the maximum number of concurrent VoIP calls allowed. The valid range is 0 – 60 and default is 10.

    Bandwidth Admission Control: Enable to limit traffic bandwidth usage and specify the Bandwidth Capacity, the bandwidth usage per second. The valid range is 0 – 600000 kbps and default is 2000 kbps.

    LAN Port

    To use the LAN port, run the cfg -a WANLAN_MODE=WAN-LAN command in the FortiAP, and select any of the following options.

    • NAT to WAN

    • Bridge to WAN

    • Bridge to SSID

    UNII-4 5GHz band channels

    FortiAP profiles support UNII-4 5GHz bands for FortiAP G-series models. FortiAP-431G and FortiAP-433G operating in Single 5G mode can make use of the UNII-4 frequency band. The 5.85 GHz-5.925 GHz channels of 169, 173, and 177 become available when configuring the 5GHz radio.

    There are a few important points to note about UNII-4 band usage.

    • UNII-4 5GHz channels are not available when FAP43xG models operate in Dual 5G platform mode.

    • Not all countries allow UNII-4 band usage.

    You can enable UNII-4 5GHz band channels in the Platform profile when operating in Single 5G mode with dedicated scan enabled.

    External Antenna

    • Enable the optional external antenna types for the FAP-432F, FAP-432FR, FAP-433F, FAPU-432F, FAPU-433F, FAP233G, and FAP433G FAP models. Configure the radio specific transmit power values. The supported range is 0 – 20 dBi.


    The following features require a license for advanced AP management.

    Configuration

    Description

    Dynamic Radio Mode Assignment

    The Adaptive Radio Architecture (ARA) centralizes and improves the overall efficiency of the wireless network in high traffic conditions. Dynamic Radio Mode Assignment (DRMA) is a feature in ARA that enables FortiAPs to calculate the network coverage factor (NCF) based on radio interference.

    The NCF value is calculated at configured intervals and is based on overlapping coverage in a radio coverage area. When DRMA is enabled and the NCF value crosses the configured threshold, then the radio becomes redundant by switching from AP mode to monitor mode. On subsequent NCF calculation, if the value is below the threshold then the radio switches back to AP mode.

    The DRMA Sensitivity determines the NCF threshold value to consider a radio redundant or not. The following are the permissible values.

    • Low: 100% NCF
    • Medium: 95% NCF
    • High: 90% NCF

    You can configure the DRMA interval in Network Settingsand override the configuration in Overriding FortiAP Settings

    You can view the DRMA AP events in the Wireless logs displayed in Viewing the FortiAP status. Logs are generated when DRMA runs and stops, also, whenever the operational mode of the radio changes.

    Upgrade APs upon Connect

    Enables upgrade of newly deployed FortiAPs associated with this Platform profile. The firmware is upgraded to the Target Firmware Version when the FortiAP connects to the FortiLAN Cloud. If this FortiAP is included in the Scheduled Upgrade profile ensure that the target firmware versions match. To upgrade fully deployed FortiAPs, see Scheduled Upgrades.

    Force Downgrade

    Forcefully downgrades newly deployed FortiAPs with a firmware version greater than the Target Firmware Version.

    Target Firmware Version

    The firmware version that the newly deployed FortiAPs are upgraded/downgraded to.

    Enhanced LoggingEnable to receive and store more than 50 categories of logs from the FortiAPs with detailed insights into all network activity. The logs provide specific insights into different stages of client connection to troubleshoot/enhance poor wireless connectivity experience.

    Console Login

    You can enable/disable console port access on the FortiAP. This feature is enabled by default and is supported on FortiOS 7.0.1 and higher. You can edit the access point settings to override this feature configuration on a per FortiAP basis (Console Login Override)

    Note: Modifying this feature setting reboots the FortiAP.

    Airtime FairnessWi-Fi has a natural tendency for clients farther away or clients at lower data rates to monopolize the airtime and drag down the overall performance. Airtime Fairness (ATF) helps to improve the overall network performance.
    AP Scan ThresholdConfigures the threshold for minimum detected signal strength required for a FortiAP to be categorized as an interfering/rogue AP when a scan is performed. This parameter is supported in the monitor mode and conditionally in the AP mode with either of the these parameters enabled, Radio Resource Provision, Auto TX Power Control enabled, Rogue AP Scan. The valid range of signal strength is -95 to -20 dBm with a default of -90 dBm.

    Beacon Interval (ms)

    Configures the time interval between two successive beacon frames. The beacon interval is measured in milliseconds and supports a valid range of 40 – 3500 milliseconds with a default of 100 milliseconds. Higher beacon intervals aid in the power saving capability of wireless clients and lower beacon intervals keep fast roaming clients connected to the network.

    DTIM Period

    Configures the Delivery Traffic Indication Map (DTIM) interval to transmit buffered multicast and broadcast data, after the beacon is broadcast. This enables wireless clients in power-saving mode to wake up at a suitable time to check for buffered traffic. Higher DTIM period aids in the power saving capability of wireless clients and lower DTIM period speeds up broadcast and multicast data delivery to wireless clients. The valid range is 1 -255 with a default of 1.
    The recommended values are 1 (to transmit broadcast and multicast data after every beacon) and 2 (to transmit broadcast and multicast data after every other beacon).

    TX Optimization

    The data packet transmit optimization feature enables a set of options in your FortiAP to enhance transmission performance and minimize packet loss.
    Note: This feature is supported only on 2.4G radios of the FAP-U series.
    The following optimization options are available and are enabled by default.

    • Power Save: Tags the client as operating in the power-save mode if excessive transmit retries are detected.
    • Aggregation Limit: Reduces the aggregation limit if the data transmission rate is low.
    • Retry Limit: Reduces the software retry limit if the data transmission rate is low.
    • Send BAR: Limits the transmission of the BAR (Block Acknowledgement Request) frames.

    This feature is disabled if none of the options is selected.

    802.11d

    The 802.11d wireless networking standard, also known as the Country Information Element, allows Wi-Fi devices to dynamically adjust their settings, such as channel selection and transmit power, based on the regulatory domain in which they are operating.

    This adds the ability to toggle 802.11d support for 2.4 GHz radios through a Platform profile. When 802.11d is enabled, the FortiAPs broadcast the country code in beacons, probe responses, and probe requests. This led to some older legacy clients failing to associate to the FortiAP. The ability to disable 802.11d prevents the broadcasting of country code settings and provides backwards compatibility with those clients.

    Note: Since IEEE 802.11d only applies to 2.4 GHz radios operating in the 802.11g band, disabling 802.11d only applies to radios configured to operate in the 802.11g band.

    Energy Efficient Ethernet

    This features is also known as IEEE 802.3az standard for Ethernet devices to consume less power during periods of low data activity. This is supported on all FAP models whose Ethernet NIC supports this feature.

    MIMO Mode Setting

    Configure the Multiple Input Multiple Output (MIMO) mode settings on all FortiAP models with firmware version 7.4.1 or later and on FortiAP-U models with firmware version 7.0.2 and above.

    When configured, multiple antennas are used at both the source (transmitter) and the destination (receiver), to enable data to travel over many signal paths at the same time. These antennas are combined at each end of the communications circuit to improve the capacity of radio transmissions, thereby minimizing errors and optimizing data speed.

    The following MIMO modes are selected for various FortiAP models.

    • FortiAP 23x models - 2x2 MIMO mode

    • FortiAP 32x models - 2x2 and 3x3 MIMO modes

    • FortiAP 43x models - 2x2, 3x3, and 4x4 MIMO modes

    • FortiAP 83x models - 1x1, 2x2, 3x3, 4x4, and 8x8 MIMO modes

    By default, the highest MIMO mode is selected.

  5. To save the profile, click Apply.

    The list of profiles includes the new FortiAP platform profile.

Previous
Next