Fortinet black logo

Administration Guide

Home FortiSASE Administration Guide

Network topology

Network topology

The following diagram depicts the network topology that the FortiAP as a FortiSASE edge device configuration uses:

A CAPWAP tunnel is established between FortiSASE and the FortiAP device.

There are two channels inside the CAPWAP tunnel:

  • Control channel for managing traffic, which is always encrypted by DTLS.
  • Data channel for carrying client data packets, which can be configured to be encrypted or not.

For a FortiAP to be managed by FortiSASE, the data channel is encrypted using an IPsec VPN tunnel between FortiSASE and the FortiAP that carries CAPWAP data packets and includes the FortiAP serial number within this tunnel.

By default, using DHCP, FortiSASE dynamically assigns IP addresses to Wi-Fi devices connected to the FortiAP.

Previous
Next

Network topology

The following diagram depicts the network topology that the FortiAP as a FortiSASE edge device configuration uses:

A CAPWAP tunnel is established between FortiSASE and the FortiAP device.

There are two channels inside the CAPWAP tunnel:

  • Control channel for managing traffic, which is always encrypted by DTLS.
  • Data channel for carrying client data packets, which can be configured to be encrypted or not.

For a FortiAP to be managed by FortiSASE, the data channel is encrypted using an IPsec VPN tunnel between FortiSASE and the FortiAP that carries CAPWAP data packets and includes the FortiAP serial number within this tunnel.

By default, using DHCP, FortiSASE dynamically assigns IP addresses to Wi-Fi devices connected to the FortiAP.

Previous
Next