Fortinet black logo

Administration Guide

AP profiles

AP profiles

AP profiles define radio settings for FortiAP models. The profile specifies details such as the operating mode of the device, SSIDs, and transmit power. Custom AP profiles can be created as needed for new devices.

To view AP profiles, ensure that you are in the correct ADOM, go to AP Manager > WiFi Profiles, and select AP Profile in the tree menu.

The following options are available in the toolbar and right-click menu:

Create New

Create a new AP profile.

Edit

Edit the selected AP profile.

Delete

Delete the selected AP profile.

Clone

Clone the selected AP profile.

Import

Import AP profiles from a connected FortiGate (toolbar only).

To create custom AP profiles:
  1. On the AP Profile pane, click Create New in the toolbar, or select it from the right-click menu. The Create New AP Profile windows opens.

  2. Enter the following information:

    Name

    Type a name for the profile.

    Comment

    Optionally, enter comments.

    Platform

    Select the platform that the profile will apply to from the dropdown list.

    AP Login Password

    Set, leave unchanged, or empty the AP login password.

    Split Tunneling Subnet(s)

    Enter the split tunneling subnet(s).

    Radio 1 & 2

    Configure the radio settings. The Radio 2 settings will only appear if the selected platform has two radios.

    Operation Mode

    Select the radio operation mode:

    • Disabled: The radio is disabled. No further radio settings are available.
    • Access Point: The device is an access point.
    • Dedicated Monitor: The device is a dedicated monitor. Only the WIDS Profile settings is available.

    WIDS Profile

    Select a WIDS profile from the dropdown list. See WIDS profiles.

    Radio Resource Provision

    Select to enable radio resource provisioning.

    This feature measures utilization and interference on the available channels and selects the clearest channel at each access point.

    Client Load Balance

    Select the client load balancing methods to use: Frequency Handoff and/or AP Handoff.

    Band

    Select the wireless protocol from the dropdown list. The available bands depend on the selected platform.

    In two radio devices, both radios cannot play in the same band.

    Short Guard Interval

    Select to enable the short guard interval. This option is only available for 2.4GHz 802.11n/g/b, and 5GHz 802.11n bands.

    Select Channel Width

    Select 20MHz or 40MHz channel width. This option is only available for 5GHz 802.11n bands.

    Channel

    Select the channel or channels to include. The available channels depend on the selected platform and band.

    Auto TX Power Control

    Optionally, enable automatic adjustment of transmit power, then specify the minimum and maximum power levels, dBm.

    TX Power

    If Auto TX Power Control is disabled, enter the TX power in the form of the percentage of the total available power.

    SSID

    Choose the SSIDs that APs using this profile will carry.

    AP Country Code

    Select the AP country code from the dropdown list.

    FortiPresence

    Mode

    Select the FortiPresence mode:

    • Disable
    • Foreign channels only
    • Foreign and home channels

    Project name

    The FortiPresence project name.

    Password

    FortiPresence secret password.

    FortiPresence server IP

    FortiPresence server IP address.

    FortiPresence server port

    FortiPresence server UDP listening port (default = 3000).

    Report rogue APs

    Enable/disable FortiPresence reporting of Rogue APs.

    Report unassociated clients

    Enable/disable FortiPresence reporting of unassociated devices.

    Report transmit frequency (in seconds)

    FortiPresence report transmit frequency, in seconds (5 - 65535, default = 30).

    Ekahau blink

    Enable/disable Ekahau blink location based services.

    RTLS controller server IP

    Enter the realtime location services (RTLS) controller server IP address.

    RTLS controller server port

    Enter the RTLS controller server port (default = 8569).

    Ekahau tag MAC address

    Enter the Ekahau tag MAC address.

    AeroScout

    Enable/disable AeroScout location based services.

    AeroScout server IP

    Enter the AeroScout server IP address.

    AeroScout server port

    Enter the AeroScout server port.

    MU mode dilution factor

    Enter the MU mode dilution factor (default = 20).

    MU mode dilution timeout

    Enter the MU mode dilution timeout (default = 5).

    Locate WiFi clients when not connected

    Enable/disable locating WiFi client when they are not connected.

    Advanced Options

    Configure advanced options for the SSID.

    • allowaccess: Allow management access to the managed AP via telnet, http, https, and/or ssh.
    • dtsl-in-kernal: Enable/disable data channel DTLS in kernel.
    • dtls-policy: Select the WTP data channel DTLS policy: clear-text, dtls‑enabled, and/or ipsec-vpn.
    • handoff-roaming: Enable/disable handoff when a client is roaming.
    • handoff-rssi: Enter the minimum RSSI handoff value.
    • handoff-sta-thresh: Enter the threshold value for AP handoff.
    • ip-fragment-preventing: Prevent IP fragmentation for CAPWAP tunneled control and data packets. Select tcp-mss-adjust and/or icmp-unreachable.
    • led-state: Enable/disable use of LEDs on WTP.
    • lldp: Enable/disable LLDP.
    • login-passwd: Enter the log in password of the managed AP.
    • login-passwd-change: Select whether or not to allow the log in password to be changed, or to reset to the factory default setting.
    • max-clients: Enter the maximum number of STAs supported by the WTP.
    • split-tunneling-acl-local-ap-subnet: Enable/disable split tunneling ACL local AP subnet.
    • tun-mtu-downlink: Enter the downlink tunnel MTU.
    • tun-mtu-uplink: Enter the uplink tunnel MTU.
    • wan-port-mode: Set the WAN port mode: wan-only or wan-lan.
  3. Click OK to create the new AP profile.
To edit a custom AP profile:
  1. Either double-click a profile name, right-click a profile name and select Edit, or select a profile then click Edit in the toolbar. The Edit AP Profile pane opens.
  2. Edit the settings as required. The profile name cannot be edited.
  3. Click OK to apply your changes.
To delete custom AP profiles:
  1. Select the AP profile or profiles that will be deleted. Default profiles cannot be deleted.
  2. Either select Delete from the toolbar, or right-click and select Delete.
  3. Click OK in the confirmation dialog box to delete the profile.
To clone a custom AP profile:
  1. Either select a profile and click Clone in the toolbar, or right-click a profile and select Clone. The Clone AP Profile pane opens.
  2. Edit the name of the profile, then edit the remaining settings as required.
  3. Click OK to clone the profile.
To import a AP profile:
  1. Click Import in the toolbar. The Import dialog box opens.
  2. Select a FortiGate from the dropdown list. The list will include all of the devices in the current ADOM.
  3. Select the profile or profiles to be imported from the dropdown list.
  4. Click OK to import the profile or profiles.

AP profiles

AP profiles define radio settings for FortiAP models. The profile specifies details such as the operating mode of the device, SSIDs, and transmit power. Custom AP profiles can be created as needed for new devices.

To view AP profiles, ensure that you are in the correct ADOM, go to AP Manager > WiFi Profiles, and select AP Profile in the tree menu.

The following options are available in the toolbar and right-click menu:

Create New

Create a new AP profile.

Edit

Edit the selected AP profile.

Delete

Delete the selected AP profile.

Clone

Clone the selected AP profile.

Import

Import AP profiles from a connected FortiGate (toolbar only).

To create custom AP profiles:
  1. On the AP Profile pane, click Create New in the toolbar, or select it from the right-click menu. The Create New AP Profile windows opens.

  2. Enter the following information:

    Name

    Type a name for the profile.

    Comment

    Optionally, enter comments.

    Platform

    Select the platform that the profile will apply to from the dropdown list.

    AP Login Password

    Set, leave unchanged, or empty the AP login password.

    Split Tunneling Subnet(s)

    Enter the split tunneling subnet(s).

    Radio 1 & 2

    Configure the radio settings. The Radio 2 settings will only appear if the selected platform has two radios.

    Operation Mode

    Select the radio operation mode:

    • Disabled: The radio is disabled. No further radio settings are available.
    • Access Point: The device is an access point.
    • Dedicated Monitor: The device is a dedicated monitor. Only the WIDS Profile settings is available.

    WIDS Profile

    Select a WIDS profile from the dropdown list. See WIDS profiles.

    Radio Resource Provision

    Select to enable radio resource provisioning.

    This feature measures utilization and interference on the available channels and selects the clearest channel at each access point.

    Client Load Balance

    Select the client load balancing methods to use: Frequency Handoff and/or AP Handoff.

    Band

    Select the wireless protocol from the dropdown list. The available bands depend on the selected platform.

    In two radio devices, both radios cannot play in the same band.

    Short Guard Interval

    Select to enable the short guard interval. This option is only available for 2.4GHz 802.11n/g/b, and 5GHz 802.11n bands.

    Select Channel Width

    Select 20MHz or 40MHz channel width. This option is only available for 5GHz 802.11n bands.

    Channel

    Select the channel or channels to include. The available channels depend on the selected platform and band.

    Auto TX Power Control

    Optionally, enable automatic adjustment of transmit power, then specify the minimum and maximum power levels, dBm.

    TX Power

    If Auto TX Power Control is disabled, enter the TX power in the form of the percentage of the total available power.

    SSID

    Choose the SSIDs that APs using this profile will carry.

    AP Country Code

    Select the AP country code from the dropdown list.

    FortiPresence

    Mode

    Select the FortiPresence mode:

    • Disable
    • Foreign channels only
    • Foreign and home channels

    Project name

    The FortiPresence project name.

    Password

    FortiPresence secret password.

    FortiPresence server IP

    FortiPresence server IP address.

    FortiPresence server port

    FortiPresence server UDP listening port (default = 3000).

    Report rogue APs

    Enable/disable FortiPresence reporting of Rogue APs.

    Report unassociated clients

    Enable/disable FortiPresence reporting of unassociated devices.

    Report transmit frequency (in seconds)

    FortiPresence report transmit frequency, in seconds (5 - 65535, default = 30).

    Ekahau blink

    Enable/disable Ekahau blink location based services.

    RTLS controller server IP

    Enter the realtime location services (RTLS) controller server IP address.

    RTLS controller server port

    Enter the RTLS controller server port (default = 8569).

    Ekahau tag MAC address

    Enter the Ekahau tag MAC address.

    AeroScout

    Enable/disable AeroScout location based services.

    AeroScout server IP

    Enter the AeroScout server IP address.

    AeroScout server port

    Enter the AeroScout server port.

    MU mode dilution factor

    Enter the MU mode dilution factor (default = 20).

    MU mode dilution timeout

    Enter the MU mode dilution timeout (default = 5).

    Locate WiFi clients when not connected

    Enable/disable locating WiFi client when they are not connected.

    Advanced Options

    Configure advanced options for the SSID.

    • allowaccess: Allow management access to the managed AP via telnet, http, https, and/or ssh.
    • dtsl-in-kernal: Enable/disable data channel DTLS in kernel.
    • dtls-policy: Select the WTP data channel DTLS policy: clear-text, dtls‑enabled, and/or ipsec-vpn.
    • handoff-roaming: Enable/disable handoff when a client is roaming.
    • handoff-rssi: Enter the minimum RSSI handoff value.
    • handoff-sta-thresh: Enter the threshold value for AP handoff.
    • ip-fragment-preventing: Prevent IP fragmentation for CAPWAP tunneled control and data packets. Select tcp-mss-adjust and/or icmp-unreachable.
    • led-state: Enable/disable use of LEDs on WTP.
    • lldp: Enable/disable LLDP.
    • login-passwd: Enter the log in password of the managed AP.
    • login-passwd-change: Select whether or not to allow the log in password to be changed, or to reset to the factory default setting.
    • max-clients: Enter the maximum number of STAs supported by the WTP.
    • split-tunneling-acl-local-ap-subnet: Enable/disable split tunneling ACL local AP subnet.
    • tun-mtu-downlink: Enter the downlink tunnel MTU.
    • tun-mtu-uplink: Enter the uplink tunnel MTU.
    • wan-port-mode: Set the WAN port mode: wan-only or wan-lan.
  3. Click OK to create the new AP profile.
To edit a custom AP profile:
  1. Either double-click a profile name, right-click a profile name and select Edit, or select a profile then click Edit in the toolbar. The Edit AP Profile pane opens.
  2. Edit the settings as required. The profile name cannot be edited.
  3. Click OK to apply your changes.
To delete custom AP profiles:
  1. Select the AP profile or profiles that will be deleted. Default profiles cannot be deleted.
  2. Either select Delete from the toolbar, or right-click and select Delete.
  3. Click OK in the confirmation dialog box to delete the profile.
To clone a custom AP profile:
  1. Either select a profile and click Clone in the toolbar, or right-click a profile and select Clone. The Clone AP Profile pane opens.
  2. Edit the name of the profile, then edit the remaining settings as required.
  3. Click OK to clone the profile.
To import a AP profile:
  1. Click Import in the toolbar. The Import dialog box opens.
  2. Select a FortiGate from the dropdown list. The list will include all of the devices in the current ADOM.
  3. Select the profile or profiles to be imported from the dropdown list.
  4. Click OK to import the profile or profiles.