Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

Home FortiAP / FortiWiFi 7.4.2 FortiWiFi and FortiAP Configuration Guide
7.4.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.1
7.2.0
7.0.4
7.0.2
7.0.1
7.0.0
6.4.6
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.2
6.2.0
6.0.5
6.0.4
6.0.3
5.6.4
5.4.3

Connectivity Profiles Entry

Connectivity Profiles Entry

You can access Connectivity Profiles to manage your MPSK and Bonjour profiles.

MPSK Profiles

After you click Connectivity Profile, the MPSK Profiles tab loads by default. From there you can create or edit MPSK profiles to manage multiple pre-shared keys.

Click Create new to create an MPSK profile.

From there you can click Add to create or import MPSK groups and determine how you want to add your MPSK keys.

These fields correspond to the following CLI settings under config wireless-controller mpsk-profile:

Name

 MPSK profile name. 
edit <name>

Maximum concurrent client count

 Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication. 
  set mpsk-concurrent-clients {integer}

MPSK Group List > New/Edit MPSK Group

 List of multiple PSK groups. 
  config mpsk-group

Name

 MPSK group name. 
    edit <name>

VLAN type

 MPSK group VLAN options. 
    set vlan-type [no-vlan|fixed-vlan]

VLAN ID

Optional VLAN ID.

Shown when VLAN type is set to Fixed VLAN.

 
    set vlan-id {integer}

MPSK key list > New / Edit MPSK Key

 List of multiple PSK entries. 
    config mpsk-key

Name

 Pre-shared key name. 
      edit <name>

Comment

 Enter optional comment. 
      set comment {var-string}

Pre-shared key

 WPA Pre-shared key. 
      set passphrase {password}

MAC address

 MAC address. 
      set mac {mac-address}

Client limit type

MPSK client limit type options.

  • Default: Use the value in profile configuration.

  • Unlimited: Unlimited number of clients.

  • Specified: Specify the Client limit.

 
      set concurrent-client-limit-type [default|unlimited|...]

Client limit

Number of clients that can connect using this pre-shared key.

Shown when Client limit type is set to Specified. 

      set concurrent-clients {integer}

MPSK schedule

Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.

 
      set mpsk-schedules <name1>, <name2>, …

Bonjour Profiles

Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow FortiAPs to connect to networks using Bonjour. You can create or edit Bonjour profiles by clicking the Bonjour Profiles tab.

Click Create new to create a Bonjour profile.

From there you can create and add policies that determine which services you want to advertise across the network.

These fields correspond to the following CLI settings under config wireless-controller bonjour-profile:

Name

Enter a name for the profile.

 
edit <name>

Comment

Optionally, enter comments.

 
set comment {string}

Policy list > New/Edit Bonjour Policy

Configure the policy list.

 
config policy-list

Policy ID

Enter the Policy ID.

 
  edit <policy-id>

Description

Description of the Bonjour profile policy.

 
  set description {string}

Source VLAN

The VLAN ID that the Bonjour service will be advertised from.

 
  set from-vlan {string}

Destination VLAN

The VLAN ID that the Bonjour service will be made available to.

 
  set to-vlan {string}

Services

Select services for the VLAN.

 
  set services {option1}, {option2}, …
To apply a Bonjour profile at the FortiAP profile level - CLI:

Once you create a Bonjour profile, you can apply it at the FortiAP profile and device level.

config wireless-controller wtp-profile
  edit FAP234F-default
    set bonjour-profile "Example-Bonjour-Profile"
  next
end

If a Bonjour profile is applied at both the device and profile level, the configuration made at the device level takes precedence. If a Bonjour profile is applied to multiple APs, the APs execute an algorithm to determine the Bonjour Default Gateway. The AP with the highest base MAC address is selected as the primary default gateway while the other APs are designated as backup default gateways in case the primary default gateway becomes unavailable.

To verify that the Bonjour profile is successfully applied to a FortiAP:

  1. From the FortiAP CLI, enter cw_diag -c bonjour:

    cw_diag -c bonjour
Bonjour Gateway: Controlled by AC
Configured Bonjour Vlans:
    10    ==> 20    services 00000001  all
    101   ==> 202   services 00000001  all
Total 2 Bonjour Vlans
Bonjour Gateway Election Info:
1/2 e8:ed:d6:a5:2e:e8 state=cap,8825 live=16605 age=1
2/2 e8:ed:d6:a5:31:08 state=oper,8807 live=8825 age=1
---- e0:23:ff:b2:18:68 state=cap,16609
    Note

    The diagnoses output also provides details of the last election process under "Bonjour Gateway Election Info". The AP with the MAC address of 8:ed:d6:a5:31:08 is in the oper state, meaning it serves as the default gateway. The other APs are in the cap state, meaning they act as back-up gateways in case the primary gateway becomes unavailable. If there are any more APs in the same setup, they will go into a hold state.
Previous
Next

Connectivity Profiles Entry

You can access Connectivity Profiles to manage your MPSK and Bonjour profiles.

MPSK Profiles

After you click Connectivity Profile, the MPSK Profiles tab loads by default. From there you can create or edit MPSK profiles to manage multiple pre-shared keys.

Click Create new to create an MPSK profile.

From there you can click Add to create or import MPSK groups and determine how you want to add your MPSK keys.

These fields correspond to the following CLI settings under config wireless-controller mpsk-profile:

Name

 MPSK profile name. 
edit <name>

Maximum concurrent client count

 Maximum number of concurrent clients that connect using the same passphrase in multiple PSK authentication. 
  set mpsk-concurrent-clients {integer}

MPSK Group List > New/Edit MPSK Group

 List of multiple PSK groups. 
  config mpsk-group

Name

 MPSK group name. 
    edit <name>

VLAN type

 MPSK group VLAN options. 
    set vlan-type [no-vlan|fixed-vlan]

VLAN ID

Optional VLAN ID.

Shown when VLAN type is set to Fixed VLAN.

 
    set vlan-id {integer}

MPSK key list > New / Edit MPSK Key

 List of multiple PSK entries. 
    config mpsk-key

Name

 Pre-shared key name. 
      edit <name>

Comment

 Enter optional comment. 
      set comment {var-string}

Pre-shared key

 WPA Pre-shared key. 
      set passphrase {password}

MAC address

 MAC address. 
      set mac {mac-address}

Client limit type

MPSK client limit type options.

  • Default: Use the value in profile configuration.

  • Unlimited: Unlimited number of clients.

  • Specified: Specify the Client limit.

 
      set concurrent-client-limit-type [default|unlimited|...]

Client limit

Number of clients that can connect using this pre-shared key.

Shown when Client limit type is set to Specified. 

      set concurrent-clients {integer}

MPSK schedule

Firewall schedule for MPSK passphrase. The passphrase will be effective only when at least one schedule is valid.

 
      set mpsk-schedules <name1>, <name2>, …

Bonjour Profiles

Bonjour is Apple's zero configuration networking protocol. Bonjour profiles allow FortiAPs to connect to networks using Bonjour. You can create or edit Bonjour profiles by clicking the Bonjour Profiles tab.

Click Create new to create a Bonjour profile.

From there you can create and add policies that determine which services you want to advertise across the network.

These fields correspond to the following CLI settings under config wireless-controller bonjour-profile:

Name

Enter a name for the profile.

 
edit <name>

Comment

Optionally, enter comments.

 
set comment {string}

Policy list > New/Edit Bonjour Policy

Configure the policy list.

 
config policy-list

Policy ID

Enter the Policy ID.

 
  edit <policy-id>

Description

Description of the Bonjour profile policy.

 
  set description {string}

Source VLAN

The VLAN ID that the Bonjour service will be advertised from.

 
  set from-vlan {string}

Destination VLAN

The VLAN ID that the Bonjour service will be made available to.

 
  set to-vlan {string}

Services

Select services for the VLAN.

 
  set services {option1}, {option2}, …
To apply a Bonjour profile at the FortiAP profile level - CLI:

Once you create a Bonjour profile, you can apply it at the FortiAP profile and device level.

config wireless-controller wtp-profile
  edit FAP234F-default
    set bonjour-profile "Example-Bonjour-Profile"
  next
end

If a Bonjour profile is applied at both the device and profile level, the configuration made at the device level takes precedence. If a Bonjour profile is applied to multiple APs, the APs execute an algorithm to determine the Bonjour Default Gateway. The AP with the highest base MAC address is selected as the primary default gateway while the other APs are designated as backup default gateways in case the primary default gateway becomes unavailable.

To verify that the Bonjour profile is successfully applied to a FortiAP:

  1. From the FortiAP CLI, enter cw_diag -c bonjour:

    cw_diag -c bonjour
Bonjour Gateway: Controlled by AC
Configured Bonjour Vlans:
    10    ==> 20    services 00000001  all
    101   ==> 202   services 00000001  all
Total 2 Bonjour Vlans
Bonjour Gateway Election Info:
1/2 e8:ed:d6:a5:2e:e8 state=cap,8825 live=16605 age=1
2/2 e8:ed:d6:a5:31:08 state=oper,8807 live=8825 age=1
---- e0:23:ff:b2:18:68 state=cap,16609
    Note

    The diagnoses output also provides details of the last election process under "Bonjour Gateway Election Info". The AP with the MAC address of 8:ed:d6:a5:31:08 is in the oper state, meaning it serves as the default gateway. The other APs are in the cap state, meaning they act as back-up gateways in case the primary gateway becomes unavailable. If there are any more APs in the same setup, they will go into a hold state.
Previous
Next