Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Administration Guide

AP profiles

AP profiles define radio settings for FortiAP models. The profile specifies details such as the operating mode of the device, SSIDs, and transmit power. Custom AP profiles can be created as needed for new devices.

To view AP profiles, ensure that you are in the correct ADOM, go to AP Manager > WiFi Profiles, and select AP Profile in the tree menu.

The following options are available in the toolbar and right-click menu:

Create New

Create a new AP profile.

Edit

Edit the selected AP profile.

Delete

Delete the selected AP profile.

Clone

Clone the selected AP profile.

Import

Import AP profiles from a connected FortiGate (toolbar only).

To create custom AP profiles:
  1. On the AP Profile pane, click Create New in the toolbar, or select it from the right-click menu. The Create New AP Profile windows opens.

  2. Enter the following information:

    Name

    Type a name for the profile.

    Comment

    Optionally, enter comments.

    Platform

    Select the platform that the profile will apply to from the dropdown list.

    Country/ Region

    Select the country or region from the drop-down list.

    AP Login Password

    Set, leave unchanged (default), or empty the AP login password.

    Administrative Access

    Allow management access to the managed AP via telnet, http, https, and/or ssh.

    Radio 1 & 2

    Configure the radio settings. The Radio 2 settings will only appear if the selected platform has two radios.

     

    Mode

    Select the radio operation mode:

    • Disabled: The radio is disabled. No further radio settings are available.
    • Access Point: The device is an access point.
    • Dedicated Monitor: The device is a dedicated monitor. Only the WIDS Profile setting is available.

     

    WIDS Profile

    Select a WIDS profile from the dropdown list. See WIDS profiles.

     

    Radio Resource Provision

    Select to enable radio resource provisioning.

    This feature measures utilization and interference on the available channels and selects the clearest channel at each access point.

     

    Client Load Balance

    Select the client load balancing methods to use: Frequency Handoff and/or AP Handoff.

     

    Band

    Select the wireless protocol from the dropdown list. The available bands depend on the selected platform.

    In two radio devices, both radios cannot use the same band.

     

    Channel Width

    Select 20MHz or 40MHz channel width. This option is only available for 5GHz 802.11n bands.

     

    Short Guard Interval

    Select to enable the short guard interval.

     

    Channels

    Select the channel or channels to include. The available channels depend on the selected platform and band.

     

    TX Power Control

    Optionally, enable automatic adjustment of transmit power, then specify the minimum and maximum power levels, dBm.

     

    TX Power

    If TX Power Control is Manual, enter the TX power in the form of the percentage of the total available power.

    If TX Power Control is Auto, enter the TX power low and high values, in dBm.

     

    SSIDs

    Manually choose the SSIDs that APs using this profile will carry, or let them be selected automatically.

     

    Monitor Channel Utilization

    Enable/disable monitoring channel utilization.

    FortiPresence

     

     

    Mode

    Select the FortiPresence mode:

    • Disable
    • Foreign channels only
    • Foreign and home channels

     

    Project name

    The FortiPresence project name.

     

    Password

    FortiPresence secret password.

     

    FortiPresence server IP

    FortiPresence server IP address.

     

    FortiPresence server port

    FortiPresence server UDP listening port (default = 3000).

     

    Report rogue APs

    Enable/disable FortiPresence reporting of Rogue APs.

     

    Report unassociated clients

    Enable/disable FortiPresence reporting of unassociated devices.

     

    Report transmit frequency (in seconds)

    FortiPresence report transmit frequency, in seconds (5 - 65535, default = 30).

    Ekahau blink

    Enable/disable Ekahau blink location based services.

     

    RTLS controller server IP

    Enter the realtime location services (RTLS) controller server IP address.

     

    RTLS controller server port

    The RTLS controller server port (default = 8569).

     

    Ekahau tag MAC address

    Enter the Ekahau tag MAC address.

    AeroScout

    Enable/disable AeroScout location based services.

     

    AeroScout server IP

    Enter the AeroScout server IP address.

     

    AeroScout server port

    Enter the AeroScout server port.

     

    MU mode dilution factor

    Enter the MU mode dilution factor (default = 20).

     

    MU mode dilution timeout

    Enter the MU mode dilution timeout (default = 5).

    Locate WiFi clients when not connected

    Enable/disable locating WiFi client when they are not connected.

    Advanced Options

    Configure advanced options for the SSID:

    • control-message-offload: Configure CAPWAP control message data channel offload: aeroscout-mu, aeroscout-tag, ap-list, ebp-frame, sta-list, sta-cap-list, stats.
    • dtsl-in-kernal: Enable/disable data channel DTLS in kernel.
    • dtls-policy: Select the WTP data channel DTLS policy: clear-text, dtls‑enabled, and/or ipsec-vpn.
    • energy-efficient-ethernet: Enable/disable use of energy efficient Ethernet on WTP.
    • ext-info-enable: Enable/disable station/VAP/radio extension information, providing more detailed statistics for troubleshooting purposes.
    • handoff-roaming: Enable/disable handoff when a client is roaming.
    • handoff-rssi: Enter the minimum RSSI handoff value.
    • handoff-sta-thresh: Enter the threshold value for AP handoff.
    • ip-fragment-preventing: Prevent IP fragmentation for CAPWAP tunneled control and data packets. Select tcp-mss-adjust and/or icmp-unreachable.
    • led-schedules: Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid.
    • led-state: Enable/disable use of LEDs on WTP.
    • lldp: Enable/disable LLDP.
    • max-clients: Enter the maximum number of STAs supported by the WTP.
    • poe-mode: Set the WTP, FortiAP, or AP's PoE mode: auto, 8023af, 8023at, or power-adapter (use the power adapter to control the mode).
    • split-tunneling-acl-local-ap-subnet: Enable/disable split tunneling ACL local AP subnet.
    • tun-mtu-downlink: Enter the downlink tunnel MTU.
    • tun-mtu-uplink: Enter the uplink tunnel MTU.
    • wan-port-mode: Set the WAN port mode: wan-only or wan-lan.
  3. Click OK to create the new AP profile.
To edit a custom AP profile:
  1. Either double-click a profile name, right-click a profile name and select Edit, or select a profile then click Edit in the toolbar. The Edit AP Profile pane opens.
  2. Edit the settings as required. The profile name cannot be edited.
  3. Click OK to apply your changes.
To delete custom AP profiles:
  1. Select the AP profile or profiles that will be deleted. Default profiles cannot be deleted.
  2. Either select Delete from the toolbar, or right-click and select Delete.
  3. Click OK in the confirmation dialog box to delete the profile.
To clone a custom AP profile:
  1. Either select a profile and click Clone in the toolbar, or right-click a profile and select Clone. The Clone AP Profile pane opens.
  2. Edit the name of the profile, then edit the remaining settings as required.
  3. Click OK to clone the profile.
To import a AP profile:
  1. Click Import in the toolbar. The Import dialog box opens.
  2. Select a FortiGate from the dropdown list. The list will include all of the devices in the current ADOM.
  3. Select the profile or profiles to be imported from the dropdown list.
  4. Click OK to import the profile or profiles.

AP profiles

AP profiles define radio settings for FortiAP models. The profile specifies details such as the operating mode of the device, SSIDs, and transmit power. Custom AP profiles can be created as needed for new devices.

To view AP profiles, ensure that you are in the correct ADOM, go to AP Manager > WiFi Profiles, and select AP Profile in the tree menu.

The following options are available in the toolbar and right-click menu:

Create New

Create a new AP profile.

Edit

Edit the selected AP profile.

Delete

Delete the selected AP profile.

Clone

Clone the selected AP profile.

Import

Import AP profiles from a connected FortiGate (toolbar only).

To create custom AP profiles:
  1. On the AP Profile pane, click Create New in the toolbar, or select it from the right-click menu. The Create New AP Profile windows opens.

  2. Enter the following information:

    Name

    Type a name for the profile.

    Comment

    Optionally, enter comments.

    Platform

    Select the platform that the profile will apply to from the dropdown list.

    Country/ Region

    Select the country or region from the drop-down list.

    AP Login Password

    Set, leave unchanged (default), or empty the AP login password.

    Administrative Access

    Allow management access to the managed AP via telnet, http, https, and/or ssh.

    Radio 1 & 2

    Configure the radio settings. The Radio 2 settings will only appear if the selected platform has two radios.

     

    Mode

    Select the radio operation mode:

    • Disabled: The radio is disabled. No further radio settings are available.
    • Access Point: The device is an access point.
    • Dedicated Monitor: The device is a dedicated monitor. Only the WIDS Profile setting is available.

     

    WIDS Profile

    Select a WIDS profile from the dropdown list. See WIDS profiles.

     

    Radio Resource Provision

    Select to enable radio resource provisioning.

    This feature measures utilization and interference on the available channels and selects the clearest channel at each access point.

     

    Client Load Balance

    Select the client load balancing methods to use: Frequency Handoff and/or AP Handoff.

     

    Band

    Select the wireless protocol from the dropdown list. The available bands depend on the selected platform.

    In two radio devices, both radios cannot use the same band.

     

    Channel Width

    Select 20MHz or 40MHz channel width. This option is only available for 5GHz 802.11n bands.

     

    Short Guard Interval

    Select to enable the short guard interval.

     

    Channels

    Select the channel or channels to include. The available channels depend on the selected platform and band.

     

    TX Power Control

    Optionally, enable automatic adjustment of transmit power, then specify the minimum and maximum power levels, dBm.

     

    TX Power

    If TX Power Control is Manual, enter the TX power in the form of the percentage of the total available power.

    If TX Power Control is Auto, enter the TX power low and high values, in dBm.

     

    SSIDs

    Manually choose the SSIDs that APs using this profile will carry, or let them be selected automatically.

     

    Monitor Channel Utilization

    Enable/disable monitoring channel utilization.

    FortiPresence

     

     

    Mode

    Select the FortiPresence mode:

    • Disable
    • Foreign channels only
    • Foreign and home channels

     

    Project name

    The FortiPresence project name.

     

    Password

    FortiPresence secret password.

     

    FortiPresence server IP

    FortiPresence server IP address.

     

    FortiPresence server port

    FortiPresence server UDP listening port (default = 3000).

     

    Report rogue APs

    Enable/disable FortiPresence reporting of Rogue APs.

     

    Report unassociated clients

    Enable/disable FortiPresence reporting of unassociated devices.

     

    Report transmit frequency (in seconds)

    FortiPresence report transmit frequency, in seconds (5 - 65535, default = 30).

    Ekahau blink

    Enable/disable Ekahau blink location based services.

     

    RTLS controller server IP

    Enter the realtime location services (RTLS) controller server IP address.

     

    RTLS controller server port

    The RTLS controller server port (default = 8569).

     

    Ekahau tag MAC address

    Enter the Ekahau tag MAC address.

    AeroScout

    Enable/disable AeroScout location based services.

     

    AeroScout server IP

    Enter the AeroScout server IP address.

     

    AeroScout server port

    Enter the AeroScout server port.

     

    MU mode dilution factor

    Enter the MU mode dilution factor (default = 20).

     

    MU mode dilution timeout

    Enter the MU mode dilution timeout (default = 5).

    Locate WiFi clients when not connected

    Enable/disable locating WiFi client when they are not connected.

    Advanced Options

    Configure advanced options for the SSID:

    • control-message-offload: Configure CAPWAP control message data channel offload: aeroscout-mu, aeroscout-tag, ap-list, ebp-frame, sta-list, sta-cap-list, stats.
    • dtsl-in-kernal: Enable/disable data channel DTLS in kernel.
    • dtls-policy: Select the WTP data channel DTLS policy: clear-text, dtls‑enabled, and/or ipsec-vpn.
    • energy-efficient-ethernet: Enable/disable use of energy efficient Ethernet on WTP.
    • ext-info-enable: Enable/disable station/VAP/radio extension information, providing more detailed statistics for troubleshooting purposes.
    • handoff-roaming: Enable/disable handoff when a client is roaming.
    • handoff-rssi: Enter the minimum RSSI handoff value.
    • handoff-sta-thresh: Enter the threshold value for AP handoff.
    • ip-fragment-preventing: Prevent IP fragmentation for CAPWAP tunneled control and data packets. Select tcp-mss-adjust and/or icmp-unreachable.
    • led-schedules: Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid.
    • led-state: Enable/disable use of LEDs on WTP.
    • lldp: Enable/disable LLDP.
    • max-clients: Enter the maximum number of STAs supported by the WTP.
    • poe-mode: Set the WTP, FortiAP, or AP's PoE mode: auto, 8023af, 8023at, or power-adapter (use the power adapter to control the mode).
    • split-tunneling-acl-local-ap-subnet: Enable/disable split tunneling ACL local AP subnet.
    • tun-mtu-downlink: Enter the downlink tunnel MTU.
    • tun-mtu-uplink: Enter the uplink tunnel MTU.
    • wan-port-mode: Set the WAN port mode: wan-only or wan-lan.
  3. Click OK to create the new AP profile.
To edit a custom AP profile:
  1. Either double-click a profile name, right-click a profile name and select Edit, or select a profile then click Edit in the toolbar. The Edit AP Profile pane opens.
  2. Edit the settings as required. The profile name cannot be edited.
  3. Click OK to apply your changes.
To delete custom AP profiles:
  1. Select the AP profile or profiles that will be deleted. Default profiles cannot be deleted.
  2. Either select Delete from the toolbar, or right-click and select Delete.
  3. Click OK in the confirmation dialog box to delete the profile.
To clone a custom AP profile:
  1. Either select a profile and click Clone in the toolbar, or right-click a profile and select Clone. The Clone AP Profile pane opens.
  2. Edit the name of the profile, then edit the remaining settings as required.
  3. Click OK to clone the profile.
To import a AP profile:
  1. Click Import in the toolbar. The Import dialog box opens.
  2. Select a FortiGate from the dropdown list. The list will include all of the devices in the current ADOM.
  3. Select the profile or profiles to be imported from the dropdown list.
  4. Click OK to import the profile or profiles.