FortiAP profiles
FortiAP profiles define radio settings for FortiAP models. The profile specifies details such as the operating mode of the device, SSIDs, and transmit power. Custom AP profiles can be created as needed for new devices.
You can assign AP profiles to FortiAP devices in the Managed FortiAPs menu. See Assigning profiles to FortiAP devices.
Click View All Profiles to display all FortiAP profiles configured in the ADOM in the FortiAP Profiles table, including custom AP profiles.
FortiManager includes Fortinet recommended factory default FortiAP profiles that you can activate and use in your environment. See Using Fortinet recommended profiles. |
To view FortiAP profiles:
-
If using ADOMs, ensure that you are in the correct ADOM.
-
Go to AP Manager > Operation Profiles > FortiAP Profiles.
The following options are available in the toolbar and right-click menu:
Create New
Create a new AP profile.
Edit
Edit the selected AP profile.
Delete
Delete the selected AP profile.
Clone
Clone the selected AP profile.
Where Used
View where the selected AP profile is used.
Import
Import AP profiles from a connected FortiGate (toolbar only).
To create custom FortiAP profiles:
-
If using ADOMs, ensure that you are in the correct ADOM.
-
Go to AP Manager > Operation Profiles > FortiAP Profiles.
-
In the toolbar, click Create New.
The Create New AP Profile pane opens.
-
Enter the following information, and click OK to create the AP profile:
Name
Type a name for the profile.
Comment
Optionally, enter comments.
Platform
Select the platform that the profile will apply to from the dropdown list.
Indoor / Outdoor
Select Default (Indoor), Indoor, or Outdoor. The selection can affect the available channels due to regulatory rules.
Country / Region Select the country or region from the drop-down list.
FortiAP Configuration Profile
Optionally, enable the toggle to select a FortiAP configuration profile.
AP Login Password
Set, leave unchanged (default), or empty the AP login password.
Administrative Access Allow management access to the managed AP via telnet, http, https, and/or ssh.
Client Load Balancing
Select the client load balancing methods to use: Frequency Handoff and/or AP Handoff.
Bluetooth Profile
If available for the platform, select a profile from the list or click the plus (+) to create a new Bluetooth profile.
See Bluetooth profiles.
Radio 1 & 2
Configure the radio settings. The Radio 2 settings will only appear if the selected platform has two radios.
Mode
Select the radio operation mode:
- Disabled: The radio is disabled. No further radio settings are available.
- Access Point: The device is an access point. See options below.
- Dedicated Monitor: The device is a dedicated monitor. See options below.
- SAM: The device is a station that can connect to a neighboring AP for connectivity and health check. See options below.
Mode = Access Point
WIDS Profile
Select a WIDS profile from the dropdown list. See WIDS profiles.
Radio Resource Provision
Select to enable radio resource provisioning.
This feature measures utilization and interference on the available channels and selects the clearest channel at each access point.
ARRP Profile
Select an Automatic Radio Resource Provisioning (ARRP) profile. See ARRP profiles.
This option is only available if Radio Resource Provision is enabled.
Band
Select the wireless protocol from the dropdown list. The available bands depend on the selected platform.
In two radio devices, both radios cannot use the same band.
Channel Width
Select 20MHz or 40MHz channel width.
This option is only available for 802.11n bands.
Channel Plan
Select Three Channels or Four Channels to select predefined channels. Select Custom to specify custom channels.
Channels
Available when Channel Plan is set to Custom. Select the channel or channels to include. The available channels depend on the selected platform and band.
Short Guard Interval
Select to enable the short guard interval.
This option is only available for 802.11n bands.
Transmit Power Mode
Select Percent or dBm to specify the minimum and maximum power levels by percent or dBm.
Select Auto to specify a range of dBm and allow the level to be automatically set within the range.
Transmit Power
If Transmit Power Mode is Percent or dBm, specify the percentage or dBm of the total available power.
If Transmit Power Mode is Auto, enter the power low and high values in dBm.
SSIDs
Choose the SSID profiles that APs using this profile will broadcast. You can select Tunnel or Bridge to choose them automatically, or Manual to select the SSIDs manually.
-
Tunnel: Available tunnel-mode SSIDs are automatically assigned to this radio.
-
Bridge: Available bridge-mode SSIDs are automatically assigned to this radio.
-
Manual: Manually select which available SSIDs and SSID groups to assign to this radio.
Tunnel and Bridge mode automatically assign corresponding SSID profiles that are on the FortiGate to the AP. SSID profiles on FortiManager are not pushed to the FortiGate when using these modes.
Manual mode is the only mode that will distribute an SSID profile to the FortiGate.
Monitor Channel Utilization
Enable/disable monitoring channel utilization.
Mode = Dedicated Monitor
WIDS Profile
Select a WIDS profile from the dropdown list. See WIDS profiles.
Mode = SAM
SSID
Enter the SSID for the WiFi network.
BSSID
Enter the BSSID for the WiFi network.
Security Type
Select Open, WPA/WPA2 Personal, or WPA/WPA2 Enterprise for the WiFi network.
WiFi Username
Enter the WiFi username.
This option is only available if Security Type = WPA/WPA2 Enterprise.
WiFi Password
Enter the WiFi password.
This option is not available if Security Type = Open.
Captive Portal Authentication
Enable/disable captive portal authentication.
This option is not available if Security Type = WPA/WPA2 Enterprise.
Test Type
Select ping or Iperf for the SAM test type.
Test Server Type
Select ip or fqdn for the SAM server type.
Test Server
Enter the SAM IP address or the FQDN according to the Test Server Type.
Iperf Server Port
Enter the Iperf service port number.
Iperf Protocol
Select UDP or TCP for the Iperf test protocol.
Report Interval (seconds)
Enter the SAM report interval in seconds (60-864000, default = 0). Enter
0
for a one-time report.LAN Configuration
Port ESL Mode
Select Offline, NAT to WAN, Bridge to WAN, or Bridge to SSID.
Port ESL SSID
Available when Port ESL Mode is set to Bridge to SSID. Select the SSID.
Handoff STA Thresh
Threshold value for AP handoff (default = 55).
WAN Port Mode
Enable/disable using a WAN port as a LAN port. Select wan-lan or wan-only (default = wan-only).
ESL SES Dongle Configuration
APC FQDN
Enter the FQDN of the ESL SES-imagotag Access Point Controller (APC).
Location Based Services
FortiPresence
Mode
Select the FortiPresence mode:
- Disable
- Foreign channels only
- Foreign and home channels
Project name
The FortiPresence project name.
Password
FortiPresence secret password.
FortiPresence Server Type
Select IP or FQDN.
FortiPresence server IP/FQDN
FortiPresence server IP address or FQDN.
FortiPresence server port
FortiPresence server UDP listening port (default = 3000).
Report rogue APs
Enable/disable FortiPresence reporting of Rogue APs.
Report unassociated clients
Enable/disable FortiPresence reporting of unassociated devices.
Report transmit frequency (in seconds)
FortiPresence report transmit frequency, in seconds (5 - 65535, default = 30).
Ekahau blink
Enable/disable Ekahau blink location based services.
RTLS controller server IP
Enter the realtime location services (RTLS) controller server IP address.
RTLS controller server port
The RTLS controller server port (default = 8569).
Ekahau tag MAC address
Enter the Ekahau tag MAC address.
AeroScout
Enable/disable AeroScout location based services.
AeroScout server IP
Enter the AeroScout server IP address.
AeroScout server port
Enter the AeroScout server port.
MU mode dilution factor
Enter the MU mode dilution factor (default = 20).
MU mode dilution timeout
Enter the MU mode dilution timeout (default = 5).
Locate WiFi clients when not connected
Enable/disable locating WiFi client when they are not connected.
Advanced Options
Expand to display and set the advanced options. Hover the mouse over the i icon to view a tooltip of each advanced option.
For more information, refer to the FortiOS CLI Reference.
You can edit, delete, clone and import existing profiles, as well as see where the profile is being used.
To edit a profile:
- Select the profile to edit.
- In the toolbar, click Edit.
Alternatively, you can right-click the profile and select Edit, or double-click a profile.
- Edit the settings as required.
- Click OK to apply your changes.
To delete profiles:
- Select the profile(s) to be deleted.
- In the toolbar, click Delete.
Alternatively, right-click the profile and select Delete.
- Click OK.
To clone a profile:
- Select a profile in the list.
- In the toolbar, click Clone.
Alternatively, right-click a profile and select Clone.
- Edit the name of the profile, then edit the remaining settings as required.
- Click OK to clone the profile.
To import a profile:
- In the toolbar, click Import.
The Import dialog opens.
- From the FortiGate dropdown, select a device. The list will include all of the devices in the current ADOM.
- From the Profiles dropdown, select a profile.
- Click OK.
To view where a profile is used:
- Select the profile.
- In the toolbar, click More > Where Used.
Alternatively, you can right-click the profile and select Where Used.
The Where <profile name> is used pane opens.
- Click Close.
AP profiles can also be imported through the Device Manager. See Importing AP profiles and FortiSwitch templates. |