- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiAP configuration with Different Subnet
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiAP configuration with Different Subnet
Dear Leads,
Need your help and advice for the below configuration on Fortigate 60D.
I have one 60D and 5 FortiAP (FAP-221C-E Indoor wireless AP) the connectivity is as below.
Internet link is coming on the Fortigate 60D and the Fortgate Internal Port (LAN) is connected to a Edge Switch and all the 5 FortiAP are connected to the Edge Switches.
I need to configure 2 SSID one for LAN and one for Guest, both the SSID's should get IP in different range (192.x.x.x. for LAN and 10.x.x.x. for Guest ) and the Fortigate will be the DHCP Server.
Early reply will be really helpful.
Regards,
Awnish.
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Awnish,
This is a simple configuration; I'd recommend you go through the FortiAP Cookbook available here: http://cookbook.fortinet.com/setting-up-wifi-with-fortiap-54/
Key thing is that you'd configure two SSID's, each with their own subnets, then assign both SSIDs to the AP profile.
Create policies for both SSIDs depending on what you want each to be able to access.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Sir,
Thanks for your reply, apologies for the delay in reply from my side.
But just need to know if the Forti AP is connected to LAN switch than it was automatically get detected to the FortiGate or additional configuration is needed, also the settings will be same if there are more than 2 vlans.
Do need to configure the AP in bridge mode?
Regards,
Awnish.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The best thing to do is have a dedicated interface on your fortigate that is used for managing and communicating with your fortiap's. Depending on the version of fortios you are on, it may have an option to set an interface as "Dedicated to fortiAP" (in later versions of fortios, this is removed and you will need to set the interface on the fortigate as manual, enable the CAPWAP under administrative access and configure dhcp settings for the dedicated fortiap backbone network). This network will only be used by FortiAPs to communicate between the fortigate.
On the switch side, I would configure a dedicated vlan for the fortiaps and have the ports that connect to the fortiaps be on that specific vlan (also make sure that the port that is going to connect to the fortigate on the interface you just set up is also on that vlan).
Once that is done, you can start plugging in fortiaps and the fortigate will automatically detect them. From here you can authorize them and apply AP profiles. When creating the SSID's, leave them in tunnel to wireless controller" mode. Hope that helps!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Leads,
I have a somewhat similar configuration but with some key differences that I want to bounce off this audience for some configuration advise.
I have a Fortigate 90D with WiFi SSID in Bridge Mode. Works great. DHCP is off and DNS is run by a separate server on the same subnet. So, IP addressing is handled externally for the primary SSID.
Now, I'm trying to add a second WiFi SSID in Tunnel mode. So, the expectation is that it'll run off DHCP being pushed by the Fortigate. I need captive portal on this tunneled SSID and for both SSID's to be run off the 2 FortiAP's that I have.
The steps I've taken so far is:
1. to create the second FortiAP profile
2. the second SSID
3. the user group for this 2nd SSID
4. and the user that will authenticate to the captive portal
The SSID is published and I can't connect to the open wifi network - but no captive portal page and no internet. Any thoughts on what I missed?
awnishkumar643 wrote:Dear Leads,
Need your help and advice for the below configuration on Fortigate 60D.
I have one 60D and 5 FortiAP (FAP-221C-E Indoor wireless AP) the connectivity is as below.
Internet link is coming on the Fortigate 60D and the Fortgate Internal Port (LAN) is connected to a Edge Switch and all the 5 FortiAP are connected to the Edge Switches.
I need to configure 2 SSID one for LAN and one for Guest, both the SSID's should get IP in different range (192.x.x.x. for LAN and 10.x.x.x. for Guest ) and the Fortigate will be the DHCP Server.
Early reply will be really helpful.
Regards,
Awnish.
Related Posts
Labels
-
FortiGate
6,442 -
FortiClient
1,284 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
410 -
5.6
362 -
FortiSwitch
330 -
FortiAP
326 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
64 -
4.0MR3
64 -
Wireless Controller
57 -
SSL-VPN
53 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
FortiConverter
21 -
High Availability
20 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
ZTNA
15 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
DNS
11 -
Interface
11 -
BGP
10 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
Traffic shaping
8 -
Virtual IP
8 -
RADIUS
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
FortiAuthenticator
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
DoS policy
3 -
FortiTester
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
Intrusion prevention
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.