SSIDs
To view SSIDs and SSID groups, go to AP Manager > WiFi Profiles, and select SSID in the tree menu.
The following options are available in the toolbar and right-click menu:
Create New |
Create a new SSID or SSID group. |
Edit |
Edit the selected SSID or group. |
Delete |
Delete the selected SSID or group. |
Clone |
Clone the selected SSID or group. |
Import |
Import SSIDs from a connected FortiGate (toolbar only). |
When creating a new SSID, the available options will change depending on the selected traffic mode: Tunnel to Wireless Controller, Local bridge with FortiAP's Interface, or Mesh Downlink.
To create a new SSID (Tunnel to Wireless Controller):
- On the SSID pane, click Create New > SSID in the toolbar, or select it from the right-click menu. The Create New SSID Profile windows opens.
- Enter the following information, then click OK to create the new tunnel to wireless controller SSID:
Name
Type a name for the SSID.
Traffic Mode
Select Tunnel to Wireless Controller from the dropdown list.
Common Interface Settings
Select to apply common interface settings for this SSID on all FortiAPs to which this template is applied. Common settings include IP addresses, administrative access, and DHCP settings.
IP/Netmask
Type the IP address and netmask.
IPv6 Address
Type the IPv6 address.
Administrative Access
Select the allowed administrative service protocols from: HTTPS, HTTP, PING, FMG-Access, SSH, SNMP, TELNET, Auto IPsec Request, and FCT-Access.
IPv6 Administrative Access
Select the allowed IPv6 administrative service protocols from: HTTPS, HTTP, PING, FMG-Access, SSH, SNMP, TELNET, and CAPWAP.
Enable DHCP
Select to enable and configure DHCP.
This option is only available if Common Interface Settings is enabled.
Note: If Mode is Relay, only the DHCP Server IP and Type settings are available.
Address Range
Enter the DHCP address range.
This option is only available when Mode is set to Server.
Netmask
Enter the netmask.
This option is only available when Mode is set to Server.
Default Gateway
Select Same As Interface IP if the default gateway is the same as the interface IP, or select Specify and type a new gateway IP address.
This option is only available when Mode is set to Server.
DNS Server
Select Same As System DNS if the DNS server is the same as the system DNS, or select Specify and type a DNS server address.
This option is only available when Mode is set to Server.
Mode
Select Server or Relay.
DHCP Server IP
Enter the DHCP server IP address.
This option is only available if Mode is set to Relay.
MAC Address Access Control List
The MAC address control list allows you to view the MAC addresses and their actions. It includes a default entry for unknown MAC addresses.
- Click Create New to create a new IP MAC binding.
- Select an address then click Edit to edit the MAC address.
- Select an address or addresses then click Delete to delete the selected items. The unknown MAC address cannot be deleted.
This option is only available if Mode is set to Server.
Type
Select Regular or IPsec.
Lease Time
Enter the lease time, in seconds.
WiFi Settings
SSID
Type the wireless service set identifier (SSID), or network name, for this wireless interface. Users who want to use the wireless network must configure their computers with this network name.
Security Mode
Select a security mode. The options are:
WPA/WPA2-PERSONAL WPA2-ONLY-PERSONAL WPA/WPA2-ENTERPRISE WPA2-ONLY-ENTERPRISE Captive Portal WPA/WPA2 Personal with Captive Portal OPEN WPA2 Personal with Captive Portal Pre-shared Key
Enter the pre-shared key for the SSID.
This option is only available when the security mode includes WPA or WPA2 personal.
Authentication
Select the authentication method for the SSID, either Local or RADIUS Server, then select the requisite server or group from the dropdown list.
This option is only available when the security mode includes WPA or WPA2 enterprise.
Portal Type
Select the portal type, one of: Authentication, Disclaimer + Authentication, Disclaimer Only, or Email Collection.
This option is only available when the security mode includes captive portal.
Authentication Portal
Select Local or External. If External is selected, enter the URL of the portal.
This option is only available when the portal type includes authentication.
User Groups
Select the user group to add from the dropdown list. Select the plus symbol to add multiple groups.
This option is only available when the portal type includes authentication.
Exempt Sources
Select exempt sources to add from the dropdown list.
This option is only available when the portal type includes authentication.
Exempt Devices
Select exempt devices to add from the dropdown list.
This option is only available when the portal type includes authentication.
Exempt Destinations
Select exempt destinations to add from the dropdown list.
This option is only available when the portal type includes authentication.
Exempt Services
Select exempt services to add from the dropdown list.
This option is only available when the portal type includes authentication.
Customize Portal Messages
Select to allow for customized portal messages. Portal messages cannot be customized until after the interface has been created.
This option is only available when the portal type includes disclaimer or email collection.
Redirect after Captive Portal
Select Original Request or Specific URL. If Specific URL is selected, enter the redirect URL.
This option is only available when the security mode includes captive portal.
Schedule
Select a schedule to control the availability of the SSID. For information on creating a schedule object, see Create a new object.
Block Intra-SSID Traffic
Select to block intra-SSID traffic.
Split Tunneling
Select to enable split tunneling.
Maximum Clients
Select to limit the concurrent WiFi clients that can connect to the SSID. If selected, type the desired maximum number of clients.
Optional VLAN ID
Select the VLAN ID in the text field using the arrow keys. Select 0 if VLANs are not used.
VLAN Pool
Select AP groups to add to the VLAN pool
Device Detection
Select to detect and identify devices connecting to the SSID.
Add New Devices to Vulnerability Scan List
Select to add new devices to the vulnerability scan list.
Advanced Options
broadcast-ssid
Enable/disable SSID broadcast in the beacon.
encrypt
Select the data encryption protocol: TKIP, AES, or TKIP-AES.
To create a new SSID (Local bridge with FortiAP's Interface):
- On the SSID pane, click Create New > SSID in the toolbar.
- Enter the following information, then click OK to create the new local bridge SSID:
Name
Type a name for the SSID.
Traffic Mode
Select Local bridge with FortiAP’s Interface from the dropdown list.
WiFi Settings
SSID
Type the wireless service set identifier (SSID) or network name for this wireless interface. Users who want to use the wireless network must configure their computers with this network name.
Security Mode
Select a security mode. The options are:
WPA/WPA2-PERSONAL WPA-ONLY-ENTERPRISE WPA/WPA2-ENTERPRISE WPA2-ONLY-PERSONAL OPEN WPA2-ONLY-ENTERPRISE WPA-ONLY-PERSONAL Pre-shared Key
Enter the pre-shared key for the SSID.
This option is only available when the security mode includes WPA or WPA2 personal.
Authentication
Select the authentication method for the SSID, either Local or RADIUS Server, then select the requisite server or group from the dropdown list.
This option is only available when the security mode is includes WPA or WPA2 enterprise.
Schedule
Select a schedule to control the availability of the SSID. For information on creating a schedule object, see Create a new object.
Maximum Clients
Select to limit the concurrent WiFi clients that can connect to the SSID. If selected, type the desired maximum number of clients. Type 0 for no limit.
Optional VLAN ID
Select the VLAN ID in the text field using the arrow keys. Select 0 if VLANs are not used.
VLAN Pool
Select AP groups to add to the VLAN pool
Device Detection
Select to detect and identify devices connecting to the SSID.
Add New Devices to Vulnerability Scan List
Select to add new devices to the vulnerability scan list.
Advanced Options
broadcast-ssid
Enable/disable SSID broadcast in the beacon.
encrypt
Select the data encryption protocol: TKIP, AES, or TKIP-AES.
To create a SSID (Mesh Downlink):
- On the SSID pane, click Create New > SSID in the toolbar.
- Enter the following information, then click OK to create the SSID:
Name
Type a name for the SSID.
Traffic Mode
Select Mesh Downlink from the dropdown list.
WiFi Settings
SSID
Type the wireless service set identifier (SSID) or network name for this wireless interface. Users who want to use the wireless network must configure their computers with this network name.
Security Mode
Select a security mode. The options are:
WPA/WPA2-PERSONAL WPA-ONLY-PERSONAL OPEN WPA2-ONLY-PERSONAL Pre-shared Key
Enter the pre-shared key for the SSID.
Schedule
Select a schedule to control the availability of the SSID. For information on creating a schedule object, see Create a new object.
Maximum Clients
Select to limit the concurrent WiFi clients that can connect to the SSID. If selected, type the desired maximum number of clients. Type 0 for no limit.
Device Detection
Select to detect and identify devices connecting to the SSID.
Add New Devices to Vulnerability Scan List
Select to add new devices to the vulnerability scan list.
Advanced Options
broadcast-ssid
Enable/disable SSID broadcast in the beacon.
encrypt
Select the data encryption protocol: TKIP, AES, or TKIP-AES.
- Click OK to create the SSID.
To create a new SSID group:
- On the SSID pane, click Create New > SSID Group in the toolbar. The Create New SSID Group windows opens.
- Enter a name for the group in the Name field.
- Optionally, enter a brief description of the group in the Comment box.
- Optionally, add SSIDs to the group in the Members field.
- Click OK to create the SSID group.
To edit an SSID or groups:
- Either double-click on an SSID, select as SSID and then click Edit in the toolbar, or right-click then select Edit from the menu. The Edit SSIDor Edit SSID Group window opens.
- Edit the settings as required. The SSID name and traffic mode cannot be edited.
- Click OK to apply your changes.
To delete SSIDs or groups:
- Select the SSIDs and groups that you would like to delete.
- Either click Delete in the toolbar, or right-click and select Delete.
- Click OK in the confirmation dialog box to delete the selected SSIDs and groups.
Deleting a group does not delete the SSIDs that are in the group.
To clone an SSID or group:
- Either select an SSID or group and click Clone in the toolbar, or right-click on the SSID or group name, and select Clone. The Clone SSID or Clone SSID Group dialog box opens.
- Edit the settings as required. An SSID's traffic mode cannot be edited.
- Click OK to clone the SSID.
To import an SSID:
- Click Import in the toolbar. The Import dialog box opens.
- Select a FortiGate from the dropdown list. The list will include all of the devices in the current ADOM.
- Select the SSID or SSIDs to be imported from the Profile dropdown list.
- Click OK to import the SSID or SSIDs.