FortiGate WIFI | Wireless Configuration |Step By Step

Video Statistics and Information

Video

Captions Word Cloud

Reddit Comments

Captions

good morning welcome to network 360 channel in this video we are we are covering fortigate wi-fi configuration we are using infrastructure as fortigate firmware version 6.4.6 and 40 ap model 221e the roadmap summary is first we will connect our ap then ap will be the ap will identify the controller then we we will we will authorize the ap after that we will create custom as a custom ap profile then we will attach the custom ap profile to the 40 ap then we will create the ssid profile last we will create last we will create policy then we will verify the traffic this is the summary so in order to in order to in order to connect ap and work ap to get the connectivity between the ap and fortigate first one we have to enable the cap web on the interface we where we are connecting our ap so we will go to the network interfaces right now i'm connecting in the connected in the internal interface so this service this is a cap of security fabric services you have to enable this is the first pre request and second prerequisite the ap should get the ip so i am enabled dhcp server on the interface itself if you have you have separate dhcp server you can use it uh only the only only the only the main concern is i ap should get the ip addresses okay so we enabled the cap web service and dhcp services ap can power on in two way either using the poe from the switch or using 12 volt power adapter that the details about the power and ampere you can check check the your your aps model the data sheet i am using 221e so and i connected my ap directly to the switch my internal app switch then ap ap should communicate to controller then only we can see the we can see the ap so in order to get the communication between the ap and the controller for the gate the we can use in five way the ap discovery process that we call ip discovery process the minute ap discovery process the first step is static configuration you can configure in each ap controller ip and statically in each ap that's so difficult if you have 100 or 1000 ap is very difficult second way it's a dhcp dhcp in in the dhcp server option 138 you can you you can you can mention the fortigate ip address where you enabled where you enabled your capo app services on that interface ip you can you can mention on the dhcp option one three eight and uh so the a once the ap will get the ip and the option one three eight ipv ap will communicate and and and start the secure channel between the ap and the 40 gate the third option dns option fourth option 40 cloud fifth option multicasting last option broadcast we are using the broadcast because we our ap and controller are both or both are in the same l2 domain so we are using the broadcast two to one e having two uh two uh two channels uh 2.4 as well as 5 gigahertz and okay next step we go to the managed ap i already authorized so we will do the authorizing once you connected we will get waiting for the authorization right click authorize ap will reboot meanwhile what we can do we can change the ap name ap1 you can keep all the old field as it is okay now ap is up the communication between the ap and controller it's the tunnel inside the tunnel there is a two channel is using one is data channel another is control channel management channel management channel by default by default it is a dtls encrypted management traffic between the ap and as well between the ap and the controller for the data traffic it's by default it's a plain test you can change to if your security concern you can change to a dtls tunnel or ipsec ipsec tunnel the note if you are changing to the tunnel mode there may be penalty on your throughput so to changing the the encryption mode you have to go to the you have to do it through the cli only so we will go to the cli i i'll change it now config wireless controller wtp profile okay edit the once we connected the ap default default profile default profile automatically generate and you will it will attach to the ap in this exercise we are creating the custom ap profile and there is a lot of options i will go through that so before doing that we will do so dtls by default is a plain test so i enabled before that's why it's showing okay the command is set policy by default is clear text we have to change to dtls enabled and now the tunnel is between the ap to con ap to fortigate both the data channel and management channel using the dtls encryption okay we already otherwise we change the name of the ap now let's say if you have if you have thousand aps you are you are doing the project or 100 aps so each ap you have to do the manual authorization you can you can do automatic authorization that i will i i will create it i believe i already did so for that you have to do that cli edit in channel okay then set auto hot authentication you have to enable it if you enable this one whenever you're connecting the ap on this interface and you can connect the apk can communicate to the 40 gate using this interface automatically ap will be authorized so if the if the ap and 48 has a different different framework version you will get to hear information and from there you directly you can upgrade from the 40 guard or if you are to upgrade double click and there is option to upgrade upgrade you can do the upgrade firmware right now my 40 gate and and 40 ap are same 6.4 version so that's good to go now we are going to create the custom ap profile okay platform already taken country ap password i don't want to do these things if you want you can change the the country and the login and i prefer to client load balance and ap handoff a frequency handoff and the ap aap handoff i prefer to do because uh if you enable the frequency handoff this is in another vendor same like the band steering you know that a 2.4 gigahertz channel having the less less channel only three channels it's uh available tool channel 2013 is there less three channel is published 1611 so more interference will be there if you enable the frequency end of controller the photogate will check the end point capability if the dual band device is let's say 2.4 and 5 gigahertz band capable devices and the device is in the within the rssi signal strength so the the controller will send the signal to the client okay please switch please change the bandwidth from 2.4 to 5 gigahertz so client will deal with indicate and authenticate to 5 gigahertz channel 5 gigahertz channel we have more channels are available so uh the so that field we will enable and ap hand off ap end of let's say you are implementing in an institution where a lot of aps are there and some ap is having high usage and nearby ap is less user the ap load balance can do the controller can do the ap load balance so ap can switch some uses from one ap to another ap nearby then the mode we will create we will use access point mode wid intrusion we will not use radio resource provisioning we will check it out this is interference checking on the channel then the tunnel mode we are using the cap web tunnel and we are using the tunnel mode so client to client to controller all the traffic is in the in inside the tunnel we are not using dtls which in the power it's a hundred percentage so depends on the on the aor institution you can put the manual also the same thing for the five gigahertz five gigahertz ac and n only i'm not using i'm not using a because it's very old then the channels 20 megahertz channel it's tx power manual location base we are not using any present services if you are using person services you can use the person services for the for the you know monitoring and all these things other than the cow we're on the aeroscout clients okay so we created our custom profile so we have to bind the custom profile to our managed app okay we change the ap profile okay now last step on this ssid side we have to create going to lab tunnel mode lab 1916 10. one slash 24 interface create lab1 address okay i'm not i'm not using any uh administrative access if you from wirelessly if you want to manage the our fortigate you can enable from here tcp server this is for the users this is for the uses if you have the dhcp server internally you can disable this option uh dhcp server option and you can go to the advanced and you can use the relay services let's say you have the dhcp server in your windows then you can enter here the ip address of your server in my case a lab purpose i am using here in my internal dhcp i am not using the relay lab one broadcasting doubly to a personal level then other all is default enabled last step we have to create the policy for the wireless usage to access the internet internet or whatever depends sorry okay destination will give old service i will give all net by default not done so our old process is done we will go to the dashboard wi-fi for dap-1 is green channel utilization you have two radios there is no say clients rocket pc is there okay monitoring radios okay right now i will connect my lap okay we will refresh okay connected my my client okay if you double click here you will get full details about client okay so the 10.2 and i have the internet access also thank you for watching if you like the video please subscribe like and subscribe thank you

Info

Channel: Network 360

Views: 1,654

Rating: undefined out of 5

Keywords: Foertigate Wireless, Fortigate WIFI

Id: 9mzprNbBilE

Channel Id: undefined

Length: 16min 41sec (1001 seconds)

Published: Thu Aug 12 2021