Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • User Guide

    Home FortiPortal 6.0.6 User Guide
    6.0.6
    7.4.1
    7.4.0
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.0.15
    6.0.14
    6.0.13
    6.0.12
    6.0.11
    6.0.10
    6.0.9
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.3.8
    5.3.7
    5.3.6
    5.3.5
    5.3.4
    5.3.3
    5.3.2
    5.3.0
    5.2.0
    4.1.0

    SSID

    SSID

    The following figure shows the SSID pane:

    Add an SSID

    1. Right-click an SSID in the list and select Create New.
    2. Enter values in the relevant fields. See SSID fields.
    3. Select Save.

    To create an SSID, you must have read-only or read-write permission for DHCP.

    Update an SSID

    1. Right-click an SSID in the list and select Edit.
    2. Make any changes.
    3. Select Save.

    To edit an SSID, you must have read-only or read-write permission for DHCP.

    Delete an SSID

    1. Right-click an SSID in the list and select Delete.
    2. Select Yes to confirm your choice.

    SSID fields

    The Create New SSID and Edit SSID dialogs contain the following fields:

    Settings

    Guidelines

    Interface Name

    Required. Enter a name for the SSID interface.

    Alias

    Enter an alternate interface name to remind you what this interface is being used for.

    Traffic Mode

    Select one of the following:

    Tunnel—Data for WLAN passes through WiFi Controller. This is the default.

    Bridge—FortiAP unit Ethernet and WiFi interfaces are bridged.

    Mesh—Radio receives data for WLAN from mesh backhaul SSID.

    IP/Network Mask

    If you selected the Tunnel traffic mode, this field is required. Enter the IP address and netmask for the SSID.

    DHCP Server

    If you selected the Tunnel traffic mode, you can select DHCP Server to assign IP addresses to clients. If you select DHCP Server, right-click in the Addrss Range table and select Create New to define the IP address range for a DHCP server on the FortiPortal unit. You also need to enter the netmask if you select DHCP Server.

    SSID

    Enter the SSID. By default, this field contains fortinet.

    Security Mode

    Select the security mode for the wireless interface. Wireless users must use the same security mode to be able to connect to this wireless interface.

    Captive Portal—authenticates users through a customizable web page.

    WPA2 Only Personal—WPA2 is WiFi Protected Access version 2. There is one pre-shared key (password) that all users use.

    WPA2 Only Enterprise—similar to WPA2 Only Personal but is best used for enterprise networks. Each user is separately authenticated by user name and password.

    Pre-shared Key

    Required. Enter the encryption key that the clients must use.

    Broadcast SSID

    Optionally, disable broadcast of SSID. By default, the SSID is broadcast.

    Schedule

    Select when the SSID is enabled. You can select always or none.

    Block Intra-SSID Traffic

    Select to enable the unit to block intra-SSID traffic.

    RADIUS Server

    Select to use a RADIUS server. If you select this option, select the server name from the drop-down list.

    VLAN Pooling

    In an SSID, you can define a VLAN pool. As clients associate to an AP, they are assigned to a VLAN.

    If you selected the Tunnel or Bridge traffic mode, select one of the following options:

    Disable—This option is selected by default and no VLAN pools are used.

    Managed AP Group—A VLAN pool can assign one of several available VLANs for network load balancing purposes. If you select Managed AP Group, select VLANs from the Available list and then select > or >> to move them to the Selected list.

    Round Robin—The VLAN pool chooses the VLAN with the smallest number of clients. If the VLAN pool contains no valid VLAN ID, the SSIDʼs static VLAN ID setting is used.

    Hash—The VLAN pool chooses a VLAN based on a hash of the current number of SSID clients and the number of entries in the VLAN pool. If the VLAN pool contains no valid VLAN ID, the SSIDʼs static VLAN ID setting is used.

    Quarantine Host

    Enable this option to quarantine devices that are connected in Tunnel traffic mode.
    Previous
    Next

    SSID

    SSID

    The following figure shows the SSID pane:

    Add an SSID

    1. Right-click an SSID in the list and select Create New.
    2. Enter values in the relevant fields. See SSID fields.
    3. Select Save.

    To create an SSID, you must have read-only or read-write permission for DHCP.

    Update an SSID

    1. Right-click an SSID in the list and select Edit.
    2. Make any changes.
    3. Select Save.

    To edit an SSID, you must have read-only or read-write permission for DHCP.

    Delete an SSID

    1. Right-click an SSID in the list and select Delete.
    2. Select Yes to confirm your choice.

    SSID fields

    The Create New SSID and Edit SSID dialogs contain the following fields:

    Settings

    Guidelines

    Interface Name

    Required. Enter a name for the SSID interface.

    Alias

    Enter an alternate interface name to remind you what this interface is being used for.

    Traffic Mode

    Select one of the following:

    Tunnel—Data for WLAN passes through WiFi Controller. This is the default.

    Bridge—FortiAP unit Ethernet and WiFi interfaces are bridged.

    Mesh—Radio receives data for WLAN from mesh backhaul SSID.

    IP/Network Mask

    If you selected the Tunnel traffic mode, this field is required. Enter the IP address and netmask for the SSID.

    DHCP Server

    If you selected the Tunnel traffic mode, you can select DHCP Server to assign IP addresses to clients. If you select DHCP Server, right-click in the Addrss Range table and select Create New to define the IP address range for a DHCP server on the FortiPortal unit. You also need to enter the netmask if you select DHCP Server.

    SSID

    Enter the SSID. By default, this field contains fortinet.

    Security Mode

    Select the security mode for the wireless interface. Wireless users must use the same security mode to be able to connect to this wireless interface.

    Captive Portal—authenticates users through a customizable web page.

    WPA2 Only Personal—WPA2 is WiFi Protected Access version 2. There is one pre-shared key (password) that all users use.

    WPA2 Only Enterprise—similar to WPA2 Only Personal but is best used for enterprise networks. Each user is separately authenticated by user name and password.

    Pre-shared Key

    Required. Enter the encryption key that the clients must use.

    Broadcast SSID

    Optionally, disable broadcast of SSID. By default, the SSID is broadcast.

    Schedule

    Select when the SSID is enabled. You can select always or none.

    Block Intra-SSID Traffic

    Select to enable the unit to block intra-SSID traffic.

    RADIUS Server

    Select to use a RADIUS server. If you select this option, select the server name from the drop-down list.

    VLAN Pooling

    In an SSID, you can define a VLAN pool. As clients associate to an AP, they are assigned to a VLAN.

    If you selected the Tunnel or Bridge traffic mode, select one of the following options:

    Disable—This option is selected by default and no VLAN pools are used.

    Managed AP Group—A VLAN pool can assign one of several available VLANs for network load balancing purposes. If you select Managed AP Group, select VLANs from the Available list and then select > or >> to move them to the Selected list.

    Round Robin—The VLAN pool chooses the VLAN with the smallest number of clients. If the VLAN pool contains no valid VLAN ID, the SSIDʼs static VLAN ID setting is used.

    Hash—The VLAN pool chooses a VLAN based on a hash of the current number of SSID clients and the number of entries in the VLAN pool. If the VLAN pool contains no valid VLAN ID, the SSIDʼs static VLAN ID setting is used.

    Quarantine Host

    Enable this option to quarantine devices that are connected in Tunnel traffic mode.
    Previous
    Next