AP profiles define radio settings for FortiAP models. The profile specifies details such as the operating mode of the device, SSIDs, and transmit power. Custom AP profiles can be created as needed for new devices.
To view AP profiles, ensure that you are in the correct ADOM, go to AP Manager > WiFi Profiles, and select AP Profile in the tree menu.
The following options are available in the toolbar and right-click menu:
Create a new AP profile.
Edit the selected AP profile.
Delete the selected AP profile.
Clone the selected AP profile.
Import AP profiles from a connected FortiGate (toolbar only).
To create custom AP profiles:
- On the AP Profile pane, click Create New in the toolbar, or select it from the right-click menu. The Create New AP Profile windows opens.
- Enter the following information:
Type a name for the profile.
Optionally, enter comments.
Select the platform that the profile will apply to from the dropdown list.
Select the country or region from the drop-down list.
AP Login Password
Set, leave unchanged (default), or empty the AP login password.
Allow management access to the managed AP via telnet, http, https, and/or ssh.
Radio 1 & 2
Configure the radio settings. The Radio 2 settings will only appear if the selected platform has two radios.
Select the radio operation mode:
- Disabled: The radio is disabled. No further radio settings are available.
- Access Point: The device is an access point.
- Dedicated Monitor: The device is a dedicated monitor. Only the WIDS Profile setting is available.
Select a WIDS profile from the dropdown list. See WIDS profiles.
Radio Resource Provision
Select to enable radio resource provisioning.
This feature measures utilization and interference on the available channels and selects the clearest channel at each access point.
Client Load Balance
Select the client load balancing methods to use: Frequency Handoff and/or AP Handoff.
Select the wireless protocol from the dropdown list. The available bands depend on the selected platform.
In two radio devices, both radios cannot use the same band.
Select 20MHz or 40MHz channel width. This option is only available for 5GHz 802.11n bands.
Short Guard Interval
Select to enable the short guard interval.
Select the channel or channels to include. The available channels depend on the selected platform and band.
TX Power Control
Optionally, enable automatic adjustment of transmit power, then specify the minimum and maximum power levels, dBm.
If TX Power Control is Manual, enter the TX power in the form of the percentage of the total available power.
If TX Power Control is Auto, enter the TX power low and high values, in dBm.
Manually choose the SSIDs that APs using this profile will carry, or let them be selected automatically.
Monitor Channel Utilization
Enable/disable monitoring channel utilization.
Select the FortiPresence mode:
- Foreign channels only
- Foreign and home channels
The FortiPresence project name.
FortiPresence secret password.
FortiPresence server IP
FortiPresence server IP address.
FortiPresence server port
FortiPresence server UDP listening port (default = 3000).
Report rogue APs
Enable/disable FortiPresence reporting of Rogue APs.
Report unassociated clients
Enable/disable FortiPresence reporting of unassociated devices.
Report transmit frequency (in seconds)
FortiPresence report transmit frequency, in seconds (5 - 65535, default = 30).
Enable/disable Ekahau blink location based services.
RTLS controller server IP
Enter the realtime location services (RTLS) controller server IP address.
RTLS controller server port
The RTLS controller server port (default = 8569).
Ekahau tag MAC address
Enter the Ekahau tag MAC address.
Enable/disable AeroScout location based services.
AeroScout server IP
Enter the AeroScout server IP address.
AeroScout server port
Enter the AeroScout server port.
MU mode dilution factor
Enter the MU mode dilution factor (default = 20).
MU mode dilution timeout
Enter the MU mode dilution timeout (default = 5).
Locate WiFi clients when not connected
Enable/disable locating WiFi client when they are not connected.
Configure advanced options for the SSID:
- control-message-offload: Configure CAPWAP control message data channel offload: aeroscout-mu, aeroscout-tag, ap-list, ebp-frame, sta-list, sta-cap-list, stats.
- dtsl-in-kernal: Enable/disable data channel DTLS in kernel.
- dtls-policy: Select the WTP data channel DTLS policy: clear-text, dtls‑enabled, and/or ipsec-vpn.
- energy-efficient-ethernet: Enable/disable use of energy efficient Ethernet on WTP.
- ext-info-enable: Enable/disable station/VAP/radio extension information, providing more detailed statistics for troubleshooting purposes.
- handoff-roaming: Enable/disable handoff when a client is roaming.
- handoff-rssi: Enter the minimum RSSI handoff value.
- handoff-sta-thresh: Enter the threshold value for AP handoff.
- ip-fragment-preventing: Prevent IP fragmentation for CAPWAP tunneled control and data packets. Select tcp-mss-adjust and/or icmp-unreachable.
- led-schedules: Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid.
- led-state: Enable/disable use of LEDs on WTP.
- lldp: Enable/disable LLDP.
- max-clients: Enter the maximum number of STAs supported by the WTP.
- poe-mode: Set the WTP, FortiAP, or AP's PoE mode: auto, 8023af, 8023at, or power-adapter (use the power adapter to control the mode).
- split-tunneling-acl-local-ap-subnet: Enable/disable split tunneling ACL local AP subnet.
- tun-mtu-downlink: Enter the downlink tunnel MTU.
- tun-mtu-uplink: Enter the uplink tunnel MTU.
- wan-port-mode: Set the WAN port mode: wan-only or wan-lan.
- Click OK to create the new AP profile.
To edit a custom AP profile:
- Either double-click a profile name, right-click a profile name and select Edit, or select a profile then click Edit in the toolbar. The Edit AP Profile pane opens.
- Edit the settings as required. The profile name cannot be edited.
- Click OK to apply your changes.
To delete custom AP profiles:
- Select the AP profile or profiles that will be deleted. Default profiles cannot be deleted.
- Either select Delete from the toolbar, or right-click and select Delete.
- Click OK in the confirmation dialog box to delete the profile.
To clone a custom AP profile:
- Either select a profile and click Clone in the toolbar, or right-click a profile and select Clone. The Clone AP Profile pane opens.
- Edit the name of the profile, then edit the remaining settings as required.
- Click OK to clone the profile.
To import a AP profile:
- Click Import in the toolbar. The Import dialog box opens.
- Select a FortiGate from the dropdown list. The list will include all of the devices in the current ADOM.
- Select the profile or profiles to be imported from the dropdown list.
- Click OK to import the profile or profiles.