Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiManager 7.0.8 Administration Guide
    7.0.8
    7.6.1
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0
    6.2.13
    6.2.12
    6.2.11
    6.2.10
    6.2.9
    6.2.8
    6.2.7
    6.2.6
    6.2.6
    6.2.5
    6.2.3
    6.2.2
    6.2.1
    6.2.0
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.6.11
    5.6.10
    5.6.9
    5.6.8
    5.6.7
    5.6.6
    5.6.5
    5.6.4
    5.6.3
    5.6.2
    5.6.1
    5.6.0
    5.4.7
    5.4.6
    5.4.5
    5.4.4
    5.4.3
    5.4.2
    5.4.1
    5.4.0
    5.2.10
    5.2.7
    5.2.6
    5.2.4
    5.2.3
    5.2.2
    5.2.1
    5.2.0
    5.0.12
    5.0.11
    5.0.10
    5.0.9
    5.0.8
    5.0.7
    5.0.6
    5.0.5
    5.0.4
    5.0.3
    5.0.2
    4.3.8
    4.3.7
    4.3.6
    4.3.5
    4.3.4
    4.3.3
    4.3.2
    4.3.1
    4.3.0
    4.2.9
    4.2.8
    4.2.7
    4.2.6
    4.2.5
    4.2.4
    4.2.3
    4.2.2
    4.2.1
    4.2.0
    4.1.0
    4.0.3
    4.0.2
    4.0.1
    4.0.0

    AP profiles

    AP profiles

    AP profiles define radio settings for FortiAP models. The profile specifies details such as the operating mode of the device, SSIDs, and transmit power. Custom AP profiles can be created as needed for new devices.

    To view AP profiles:
    1. Ensure you are in the correct ADOM.
    2. Go to AP manager.
    3. In the tree menu, go to Wifi Templates > AP Profile.

      The following options are available in the toolbar and right-click menu:

      Create New

      Create a new AP profile.

      Edit

      Edit the selected AP profile.

      Delete

      Delete the selected AP profile.

      Clone

      Clone the selected AP profile.

      Import

      Import AP profiles from a connected FortiGate (toolbar only).

    To create custom AP profiles:
    1. Ensure you are in the correct ADOM.
    2. Go to AP manager.
    3. In the tree menu, click Wifi Templates > AP Profile.
    4. In the toolbar Create New. The Create New AP Profile windows opens.

    5. Enter the following information:

      Name

      Type a name for the profile.

      Comment

      Optionally, enter comments.

      Platform

      Select the platform that the profile will apply to from the dropdown list.

      Country/ Region

      Select the country or region from the drop-down list.

      AP Login Password

      Set, leave unchanged (default), or empty the AP login password.

      Administrative Access

      Allow management access to the managed AP via telnet, http, https, and/or ssh.

      Client Load Balance

      Select the client load balancing methods to use: Frequency Handoff and/or AP Handoff.

      Bluetooth Profile

      Select a profile from the list, or click Add to create a new Bluetooth profile.

      Radio 1 & 2

      Configure the radio settings. The Radio 2 settings will only appear if the selected platform has two radios.

      Mode

      Select the radio operation mode:

      • Disabled: The radio is disabled. No further radio settings are available.
      • Access Point: The device is an access point.
      • Dedicated Monitor: The device is a dedicated monitor. Only the WIDS Profile setting is available.

      WIDS Profile

      Select a WIDS profile from the dropdown list. See WIDS profiles.

      Radio Resource Provision

      Select to enable radio resource provisioning.

      This feature measures utilization and interference on the available channels and selects the clearest channel at each access point.

      Band

      Select the wireless protocol from the dropdown list. The available bands depend on the selected platform.

      In two radio devices, both radios cannot use the same band.

      Channel Width

      Select 20MHz or 40MHz channel width. This option is only available for 5GHz 802.11n bands.

      Short Guard Interval

      Select to enable the short guard interval.

      Channels

      Select the channel or channels to include. The available channels depend on the selected platform and band.

      TX Power Control

      Optionally, enable automatic adjustment of transmit power, then specify the minimum and maximum power levels, dBm.

      TX Power

      If TX Power Control is Manual, enter the TX power in the form of the percentage of the total available power.

      If TX Power Control is Auto, enter the TX power low and high values, in dBm.

      SSIDs

      Manually choose the SSIDs that APs using this profile will carry, or let them be selected automatically.

      Monitor Channel Utilization

      Enable/disable monitoring channel utilization.

      FortiPresence

      Mode

      Select the FortiPresence mode:

      • Disable
      • Foreign channels only
      • Foreign and home channels

      Project name

      The FortiPresence project name.

      Password

      FortiPresence secret password.

      FortiPresence server IP

      FortiPresence server IP address.

      FortiPresence server port

      FortiPresence server UDP listening port (default = 3000).

      Report rogue APs

      Enable/disable FortiPresence reporting of Rogue APs.

      Report unassociated clients

      Enable/disable FortiPresence reporting of unassociated devices.

      Report transmit frequency (in seconds)

      FortiPresence report transmit frequency, in seconds (5 - 65535, default = 30).

      Ekahau blink

      Enable/disable Ekahau blink location based services.

      RTLS controller server IP

      Enter the realtime location services (RTLS) controller server IP address.

      RTLS controller server port

      The RTLS controller server port (default = 8569).

      Ekahau tag MAC address

      Enter the Ekahau tag MAC address.

      AeroScout

      Enable/disable AeroScout location based services.

      AeroScout server IP

      Enter the AeroScout server IP address.

      AeroScout server port

      Enter the AeroScout server port.

      MU mode dilution factor

      Enter the MU mode dilution factor (default = 20).

      MU mode dilution timeout

      Enter the MU mode dilution timeout (default = 5).

      Locate WiFi clients when not connected

      Enable/disable locating WiFi client when they are not connected.

      Advanced Options

      Configure advanced options for the SSID:

      • control-message-offload: Configure CAPWAP control message data channel offload: aeroscout-mu, aeroscout-tag, ap-list, ebp-frame, sta-list, sta-cap-list, stats.
      • dtsl-in-kernal: Enable/disable data channel DTLS in kernel.
      • dtls-policy: Select the WTP data channel DTLS policy: clear-text, dtls‑enabled, and/or ipsec-vpn.
      • energy-efficient-ethernet: Enable/disable use of energy efficient Ethernet on WTP.
      • ext-info-enable: Enable/disable station/VAP/radio extension information, providing more detailed statistics for troubleshooting purposes.
      • handoff-roaming: Enable/disable handoff when a client is roaming.
      • handoff-rssi: Enter the minimum RSSI handoff value.
      • handoff-sta-thresh: Enter the threshold value for AP handoff.
      • ip-fragment-preventing: Prevent IP fragmentation for CAPWAP tunneled control and data packets. Select tcp-mss-adjust and/or icmp-unreachable.
      • led-schedules: Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid.
      • led-state: Enable/disable use of LEDs on WTP.
      • lldp: Enable/disable LLDP.
      • max-clients: Enter the maximum number of STAs supported by the WTP.
      • poe-mode: Set the WTP, FortiAP, or AP's PoE mode: auto, 8023af, 8023at, or power-adapter (use the power adapter to control the mode).
      • split-tunneling-acl-local-ap-subnet: Enable/disable split tunneling ACL local AP subnet.
      • tun-mtu-downlink: Enter the downlink tunnel MTU.
      • tun-mtu-uplink: Enter the uplink tunnel MTU.
      • wan-port-mode: Set the WAN port mode: wan-only or wan-lan.
    6. Click OK to create the new AP profile.
    To edit a custom AP profile:
    1. Select the profile you want to edit.
    2. In the toolbar, click Edit, or right-click the profile and click Edit. You can also double-click a profile to open it. The Edit AP Profile pane opens.
    3. Edit the settings as required. The profile name cannot be edited.
    4. Click OK to apply your changes.
    To delete custom AP profiles:
    1. Select the AP profile or profiles to be deleted. Default profiles cannot be deleted.
    2. In the toolbar, click Delete, or right-click the profile and select Delete.
    3. Click OK in the confirmation dialog box to delete the profile.
    To clone a custom AP profile:
    1. Select the profile to be cloned.
    2. In the toolbar, click Clone, or right-click the profile and click Clone.
    3. Edit the name of the profile, then edit the remaining settings as required.
    4. Click OK to clone the profile.
    To import a AP profile:
    1. In the toolbar, click Import . The Import dialog box opens.
    2. From the FortiGate dropdown, select a FortiGate from the list. The list will include all of the devices in the current ADOM.
    3. From the Profiles dropdown, select the profile or profiles to be imported from the dropdown list.
    4. Click OK to import the profile or profiles.
      Note

      AP profiles can also be imported through the Device Manager. See Importing AP profiles and FortiSwitch templates.

    Previous
    Next

    AP profiles

    AP profiles

    AP profiles define radio settings for FortiAP models. The profile specifies details such as the operating mode of the device, SSIDs, and transmit power. Custom AP profiles can be created as needed for new devices.

    To view AP profiles:
    1. Ensure you are in the correct ADOM.
    2. Go to AP manager.
    3. In the tree menu, go to Wifi Templates > AP Profile.

      The following options are available in the toolbar and right-click menu:

      Create New

      Create a new AP profile.

      Edit

      Edit the selected AP profile.

      Delete

      Delete the selected AP profile.

      Clone

      Clone the selected AP profile.

      Import

      Import AP profiles from a connected FortiGate (toolbar only).

    To create custom AP profiles:
    1. Ensure you are in the correct ADOM.
    2. Go to AP manager.
    3. In the tree menu, click Wifi Templates > AP Profile.
    4. In the toolbar Create New. The Create New AP Profile windows opens.

    5. Enter the following information:

      Name

      Type a name for the profile.

      Comment

      Optionally, enter comments.

      Platform

      Select the platform that the profile will apply to from the dropdown list.

      Country/ Region

      Select the country or region from the drop-down list.

      AP Login Password

      Set, leave unchanged (default), or empty the AP login password.

      Administrative Access

      Allow management access to the managed AP via telnet, http, https, and/or ssh.

      Client Load Balance

      Select the client load balancing methods to use: Frequency Handoff and/or AP Handoff.

      Bluetooth Profile

      Select a profile from the list, or click Add to create a new Bluetooth profile.

      Radio 1 & 2

      Configure the radio settings. The Radio 2 settings will only appear if the selected platform has two radios.

      Mode

      Select the radio operation mode:

      • Disabled: The radio is disabled. No further radio settings are available.
      • Access Point: The device is an access point.
      • Dedicated Monitor: The device is a dedicated monitor. Only the WIDS Profile setting is available.

      WIDS Profile

      Select a WIDS profile from the dropdown list. See WIDS profiles.

      Radio Resource Provision

      Select to enable radio resource provisioning.

      This feature measures utilization and interference on the available channels and selects the clearest channel at each access point.

      Band

      Select the wireless protocol from the dropdown list. The available bands depend on the selected platform.

      In two radio devices, both radios cannot use the same band.

      Channel Width

      Select 20MHz or 40MHz channel width. This option is only available for 5GHz 802.11n bands.

      Short Guard Interval

      Select to enable the short guard interval.

      Channels

      Select the channel or channels to include. The available channels depend on the selected platform and band.

      TX Power Control

      Optionally, enable automatic adjustment of transmit power, then specify the minimum and maximum power levels, dBm.

      TX Power

      If TX Power Control is Manual, enter the TX power in the form of the percentage of the total available power.

      If TX Power Control is Auto, enter the TX power low and high values, in dBm.

      SSIDs

      Manually choose the SSIDs that APs using this profile will carry, or let them be selected automatically.

      Monitor Channel Utilization

      Enable/disable monitoring channel utilization.

      FortiPresence

      Mode

      Select the FortiPresence mode:

      • Disable
      • Foreign channels only
      • Foreign and home channels

      Project name

      The FortiPresence project name.

      Password

      FortiPresence secret password.

      FortiPresence server IP

      FortiPresence server IP address.

      FortiPresence server port

      FortiPresence server UDP listening port (default = 3000).

      Report rogue APs

      Enable/disable FortiPresence reporting of Rogue APs.

      Report unassociated clients

      Enable/disable FortiPresence reporting of unassociated devices.

      Report transmit frequency (in seconds)

      FortiPresence report transmit frequency, in seconds (5 - 65535, default = 30).

      Ekahau blink

      Enable/disable Ekahau blink location based services.

      RTLS controller server IP

      Enter the realtime location services (RTLS) controller server IP address.

      RTLS controller server port

      The RTLS controller server port (default = 8569).

      Ekahau tag MAC address

      Enter the Ekahau tag MAC address.

      AeroScout

      Enable/disable AeroScout location based services.

      AeroScout server IP

      Enter the AeroScout server IP address.

      AeroScout server port

      Enter the AeroScout server port.

      MU mode dilution factor

      Enter the MU mode dilution factor (default = 20).

      MU mode dilution timeout

      Enter the MU mode dilution timeout (default = 5).

      Locate WiFi clients when not connected

      Enable/disable locating WiFi client when they are not connected.

      Advanced Options

      Configure advanced options for the SSID:

      • control-message-offload: Configure CAPWAP control message data channel offload: aeroscout-mu, aeroscout-tag, ap-list, ebp-frame, sta-list, sta-cap-list, stats.
      • dtsl-in-kernal: Enable/disable data channel DTLS in kernel.
      • dtls-policy: Select the WTP data channel DTLS policy: clear-text, dtls‑enabled, and/or ipsec-vpn.
      • energy-efficient-ethernet: Enable/disable use of energy efficient Ethernet on WTP.
      • ext-info-enable: Enable/disable station/VAP/radio extension information, providing more detailed statistics for troubleshooting purposes.
      • handoff-roaming: Enable/disable handoff when a client is roaming.
      • handoff-rssi: Enter the minimum RSSI handoff value.
      • handoff-sta-thresh: Enter the threshold value for AP handoff.
      • ip-fragment-preventing: Prevent IP fragmentation for CAPWAP tunneled control and data packets. Select tcp-mss-adjust and/or icmp-unreachable.
      • led-schedules: Recurring firewall schedules for illuminating LEDs on the FortiAP. If led-state is enabled, LEDs will be visible when at least one of the schedules is valid.
      • led-state: Enable/disable use of LEDs on WTP.
      • lldp: Enable/disable LLDP.
      • max-clients: Enter the maximum number of STAs supported by the WTP.
      • poe-mode: Set the WTP, FortiAP, or AP's PoE mode: auto, 8023af, 8023at, or power-adapter (use the power adapter to control the mode).
      • split-tunneling-acl-local-ap-subnet: Enable/disable split tunneling ACL local AP subnet.
      • tun-mtu-downlink: Enter the downlink tunnel MTU.
      • tun-mtu-uplink: Enter the uplink tunnel MTU.
      • wan-port-mode: Set the WAN port mode: wan-only or wan-lan.
    6. Click OK to create the new AP profile.
    To edit a custom AP profile:
    1. Select the profile you want to edit.
    2. In the toolbar, click Edit, or right-click the profile and click Edit. You can also double-click a profile to open it. The Edit AP Profile pane opens.
    3. Edit the settings as required. The profile name cannot be edited.
    4. Click OK to apply your changes.
    To delete custom AP profiles:
    1. Select the AP profile or profiles to be deleted. Default profiles cannot be deleted.
    2. In the toolbar, click Delete, or right-click the profile and select Delete.
    3. Click OK in the confirmation dialog box to delete the profile.
    To clone a custom AP profile:
    1. Select the profile to be cloned.
    2. In the toolbar, click Clone, or right-click the profile and click Clone.
    3. Edit the name of the profile, then edit the remaining settings as required.
    4. Click OK to clone the profile.
    To import a AP profile:
    1. In the toolbar, click Import . The Import dialog box opens.
    2. From the FortiGate dropdown, select a FortiGate from the list. The list will include all of the devices in the current ADOM.
    3. From the Profiles dropdown, select the profile or profiles to be imported from the dropdown list.
    4. Click OK to import the profile or profiles.
      Note

      AP profiles can also be imported through the Device Manager. See Importing AP profiles and FortiSwitch templates.

    Previous
    Next