Allow pre-authorization of a FortiAP by specifying a Wildcard Serial Number
This enhancement allows a FortiGate Wireless Controller to pre-authorize a FortiAP by specifying a Wildcard Serial Number (SN) that represents the model of FortiAP you want to authorize. You can pre-configure and pre-authorize a template FortiAP SN to represent the SN of specific FortiAP models. When a physical FortiAP connects, the pre-configured SN is replaced by the actual SN of the FortiAP, and the FortiAP can be automatically authorized.
For example, a Wildcard Serial Number of FP231F****000001 will allow the first FortiAP-231F to register to the Wireless Controller to be authorized automatically and adopt profile configurations.
A Wildcard Serial Number consists of three parts:
- A six digit valid prefix for a FortiAP model, like "FP231F".
- Four "*" (asterisks) to indicate that the Serial Number is a Wildcard Serial Number.
-
Six digits containing any valid characters. The characters do not need the match the actual Serial Number of the FortiAP you are registering.
The last six digits enable you to create multiple profiles where each new FortiAP that registers adopt one of the wildcard SN profiles in order.
To configure a Wildcard Serial Number and pre-authorize a FortiAP - GUI:
- Go to WiFI & Switch Controller > Managed FortiAPs and click Create New > Managed AP.
- In Serial number, enter a Wildcard Serial Number (example "FP231F****000001").
-
Select a FortiAP profile you want to apply to the FortiAP.
- Click OK to save.
-
Connect the FortiAP unit to your topology.
Once the FortiAP is discovered by FortiGate, FortiGate will try to find a matching Wildcard SN. When FortiGate finds a matching Wildcard SN, the template Serial Number is renamed to match the newly discovered physical FortiAP SN.
- Go to WiFI & Switch Controller > Managed FortiAPs to verify that the FortiAP is pre-authorized.
To configure a Wildcard Serial Number and pre-authorize a FortiAP- CLI:
-
Pre-configure a Wildcard FortiAP SN (example "FP231F****000001").
config wireless-controller wtp edit "FP231F****000001" set uuid 47ab50f8-5f7c-51ec-0a60-4ff00a3eba2e set admin enable set wtp-profile "FAP231F-test" config radio-1 end config radio-2 end next end
-
Connect the FortiAP unit to your topology.
Once the FortiAP is discovered by FortiGate, FortiGate will try to find a matching Wildcard SN. When FortiGate finds a matching Wildcard SN, the template Serial Number is renamed to match the newly discovered physical FortiAP SN.
FortiGate-80E-POE # diag debug enable FortiGate-80E-POE # diag debug cli 7 Debug messages will be on for unlimited time. FortiGate-80E-POE # 0: config wireless-controller wtp 0: rename "FP231F****000001" to "FP231FTF20026472" 0: end
The pre-configured template FortiAP SN is successfully renamed to match the FortiAP SN "FP231FTF20026472".
-
The new FortiAP is now pre-authorized and can be managed from the FortiGate without manual authorization. Note that the UUID does not change.
config wireless-controller wtp edit "FP231FTF20026472" set uuid 47ab50f8-5f7c-51ec-0a60-4ff00a3eba2e set admin enable set wtp-profile "FAP231F-test" config radio-1 end config radio-2 end next end