FortiAP with FortiGate (Wireless Controller) | NSE 6 Secure Wireless LAN

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

how challenge might be to deploy a wireless network by using 4et devices on the previous videos we saw how to deploy a wireless network by using Cisco devices and we used an access point we used the virtual Wireless line controller to manage the AP and we were able to demonstrate that wireless clients users were able to have network access and also by using uh pre-shared key authentication okay now I decided to shift things a little bit and in this video we'll be using foret devices we also need an access point and I have here an access point that's 40 AP 431f so we have this AP and we also need the controller now unfortunate that's interesting uh instead of using uh different device to manage the AP we're going to use actually the for gate now if you're familiar with foret Solutions you probably know that forgate is the firewall so the firewall is responsible for filtering the traffic that enters or leaves the network but we can also enable a feature that will allow the forgate to act as a wireless L controller or as a controller for short to manage this AP this way you don't need another device to manage the aps so let's take a look at topology for this lab this lab topology is going to be very simple so we have our firewall device our 40 gate okay and I'll be using two interfaces on this firewall so this is my firewall and this is a switch so here I have my when Port so that's when one one you can see here and I have another Port so that's Port 4 okay and in this port I have the IP on the subnet 192 168 2 0/24 and fourth gate as the IP do one and on the side I will connect my AP okay my 40 AP and AP will be assigned an IP dynamically so which means that we need the hcp on this subnet okay and I'm going to use the range from 100 to 199 okay then the AP okay it will be used by the wireless users so I'm going to draw here a laptop and and it's going to create also another Network here so it's going to be2 168 3 Z and the AP will be let's name it AST one for instance and the dacp users or the wireless users they will be assigned an IP address on the Range 192 168 3 uh let's say from 100 to to 99 as well okay and we're going to use the authentication uh so the Wii authentication is going to be uh double p 2 Enterprise now why am I going to use Enterprise because on the previous videos uh we saw how to deploy uh the security uh being uh pre-shared key and I want you to learn as well how to deploy using the Enterprise because that's actually the mode often use for companies so Enterprise environments they might use uh pre-share key and also the Enterprise mode okay so with that being said this is our topology is quite simple so we have wireless users that will be assign an IP address on subnet1 92683 and we have our land or wied network will be2 16820 and then they will able to access the internet but our main goal is to make sure that we have this scenario deployed okay so first thing first we'll start by configuring the 40 gate okay so we'll go at the interface level so on Port four and here we want to enable security Fabric Connection so this will allow the AP to establish the camp web tunnel with the 40 Gates or the controller and we also want to enable the DHCP server now I'm going to change the range here to be from 100 to 199 and the default gateway going to leave as default DNS server I'm going to set uh the interface IP of the firewall and optionally we can uh enable here the wireless controllers to be same as interface IP so it's going to be the 48 IP address now let's see do I have everything in place yes I do also want to enable device detection that might be useful and we're going to save this change so we enable security Fabric and enable the DHCP service on Port for interface okay so now we can prepare the AP to be managed by the 40 gate Okay so so I'm going to reset the AP to its factory defaults so this AP it has a reset button so I'm just going to reset this and I'm going to press and hold for 10 seconds you can see it should be one two three four five 6 7 8 9 10 I'm going to release you can see that it say that it's going to reset the factory the F so this might take uh one or two minutes or so shouldn't take long okay the AP is back so if I try to log in as admin is going to ask to change the password I'm going to change the password okay so it was changed but now we want to make sure that the 40 gate detected or discover this AP let's go back to 40 gate and we have option here Wi-Fi and switch controller we go to manage 40 APS and we can see that it discovered the AP and now is waiting for authorization so we're going to click and authorize this AP to be managed by this 40 gate now this process is going to take some time probably around 5 minutes so they will be exchanging uh the name of the parameters and once it's completes we're going to continue okay the AP is back online and we can see the status now says it's online and all the SS IDs are enabled and there are a couple things that I want to highlight here so whenever we discover a new AP uh forgate will automatically assign a default 40 AP profile so if we go here to 40 AP profiles now this was created because forgate just discovered this new AP and we can create create a new profile and we can change the settings uh such as uh which radios we want to uh leave enabled for instance this AP model supports 2.4 and 5 uh gig uh modes and we can also select which channels we want to enable for one of these bands okay so this is all customized and in case we don't want to use the ones uh created in the profile we can also override directly on the access point mode so uh let's go to forth AP profile and let's enable uh for instance uh the channels 1 6 and 11 uh only for 2.4 and once for five we're going to leave it as disabled okay so we want to press okay so this profile was saved now if we want the wireless users to connect to this AP we have to to create the SSID so for that we go to ssids and here we can create a new one and the parameters are very simple so we're going to provide the name we're going to set the traffic mode to Tunnel uh recall when I said that the wireless user they will be on the subnet 192 16830 so that's where we're going to configure this but I want to show you something first here in security mode uh by default is selected wp2 personal and we would have to create the pre-share key uh but I say that we're going to use the Enterprise mode so we're going to change this to uh Enterprise mode and here we have to specify okay how are we going to get the users uh credentials or the users information we can either use the forgate database locally or we can and uh point to a radius server so just to make things easier we're going to use the forgate database for these users so we have to create first this database we have to create the users assigned to this database and then reference that database or the user groups into this field so we're going to cancel this for now and we go to user and authentication user groups and here we're going to create a user group so we will create a new one uh let's name this as uh Wii users and we're going to click okay and now we're going to create one user so user definition uh let's create a user with the name Carval okay and I'm going to type Carval password and carvalo I'm not going to use 2 FAA uh user account status is enabled and I want to assign car value to that User Group Wi-Fi user so I'm going to enable user group and click on plus and select the Wi-Fi users group okay so we can submit this and we have a new user carvalo okay this is in uh forgate local database is part of this WiFi User Group okay so now let's reference this user group into the SSID configuration so we going back to Wi-Fi and switch controller ssids now we're going to create a new one okay so the name will be um 4T SSID and we're going to leave the traffic mode to tunnel and IP is going to be so21 168 31/24 and we want to enable able the dhtp server so that the wireless uh clients are able to be assigned an IP address I'm going to use this range from 100 to 199 and theault Gateway I'm just going to leave everything as default now I want to change the SS ID so that's going to be Wii employee and we want to broadcast this SS ID and now we can change the security mode to Enterprise and now we're going to grab the user group we just created so what else do we have to enable here I believe everything is okay so okay so now the wireless user they should be able to uh see this SSID so I'm going to use another computer just to connect to this network so if I go to my wireless card uh it's going to be uh advertise in a minute so we can see Wi-Fi employee so let's try to connect to this network connect so the username that should be car valum and the password okay and it's going to throw this message but we can connect okay and this should take a minutes or so okay the connection was successfully authenticated and we can see that it say that it's connected but it doesn't have internet access because we have to create the policies to allow that but uh we're just going to monitor uh whether we have any client connected on this network so we can see it was a sign IP address 192168 3100 uh it's connected on this AP that's the SSID is using the user that is connected on this SSID also some information about the computer uh the channel when we can see how strong is the signal or so we can monitor a lot of details there and we can also get some details as to uh is there any problem on the AP so if we go to logs okay we can see the process uh from the clients connecting to the AP or the AP uh exchanging information with the 40 gate okay and lastly in case you want to allow internet access so this is related to policies I'm just going to show you how to do it I'm not going to do it because I I already uh created a playlist where you can learn all the foundation uh around 40 Gates uh there is a playlist I'm going to past somewhere on the screen and you'll be able to do it yourself so essentially all you have to do is to add the network 192168 30 to your policy and it should be able to access the internet so if you want to dive deeper into 40 gate configuration save the playlist and if you got value from this video don't forget to subscribe and hit the like button and I see you in the next time

Info

Channel: Silesio Carvalho

Views: 708

Rating: undefined out of 5

Keywords: FortiGate, FortiGate how to, Fortinet how to, FortiGate tutorial, Fortinet tutorial, Security, FortiAP, wireless, wifi, FAP, wireless controller, tunnel mode, bridge mode, mesh mode, Private WIFI, Guest WIFI, Fortigate, Firewall, Wireless Configuration

Id: oC1w3tkXdzY

Channel Id: undefined

Length: 15min 8sec (908 seconds)

Published: Mon Mar 04 2024