Manage FortiAP with FortiGate (Wireless Controller)

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
in this video we will go over how we can configure a 40 ap managed by a 40 gate firewall so there's three main modes that can be configured and this all starts from the firewall so the firewall can be configured to manage a 40 ap in tunnel mode so in tunnel mode what that means is let's say we connect a 40 ap onto the 192.168.112 network of the fortigate well there's going to be a title established between the 48p and the 48 so that all traffic that hits the ssid that's going to be encrypted and and visible to the fortigate as a virtual interface essentially right and then another mode would be bridge mode so as we can see here the 40 ap connected to the 40 gate again we're on network 192.168.112.0 then we also notice that the ssid being broadcast it's it's on the same network right we're really just extending the wired network onto the wireless lastly here we have mesh mode so we have a concept of leaf 40 aps and route 48ps so as we can see not every single 48p is actually connected um via wired connection to the fortigate we're able to pretty much do what's called a wireless backhaul from the route 48p to multiple leaf 40 aps downstream in this particular case we're just going to be going ahead with configuring tunnel mode as that's the most commonly used option gives us the most visibility flexibility control and security okay so let's start by powering up the 40 ap so i just connected it to a switch that provides poe power and that same switch is going to provide access to the the internal network here which is 192.168.112. we just have to ensure that when we go into that interface security fabric connection is enabled it might be named as cap wap if we're looking at uh a 48 that's on an older firmware but for now security fabric connection is what we have to enable and this is on 7.0.5 code so we'll just give it a bit of time for the 40 ap to boot up but ultimately what we're doing here is we're just waiting for this manage 40 ap section to show the ap that's that's really all there should be to it all right so two or three minutes later we can see that we have a 40 ap showing up waiting for authorization it looks like the power led is showing as amber and a solid and then we can also see that there's one green flickering led for the ethernet cable that's connected between the ap and the fortigate might look a little bit different on your end so we're just going to right click that ap that's just shown up now we're going to authorize it and then it might it'll just take you know maybe just wait a minute or two here all right now the ap is authorized and showing is online and we can see on the right here is that the 40 ap profile that's associated with this access point is faps 421e dash default so if we look under 40 ap profiles we can see that this was actually automatically created once we authorized that access point and essentially what this is is this ap profile will associate an ssid with a physical access point or physical access points so we can see that by default on radio 1 which is our 2.4 gigahertz band ssids that will be broadcasted by default will be any tunnel mode ssid and the same for radio 2 which is on our 5 gigahertz band all right so now really the next step is to start broadcasting ssids so we'll just create a new ssid let's just name it test ssid we're going to leave it in tunnel mode we do have the option to select bridge as we see when we do select bridge we don't have an option anymore to configure an ip address but we'll go back to tunnel mode here let's just create i think we are doing talking about 10.20.30 so this will be the the actual the ip that the 40 ap is broadcasting with the interface ip on the wireless and then we'll just say okay what access will we allow to the 48 itself from this broadcasted ssid and we're going to be leasing out the following ip addresses and the ssid name again we'll name it test ssid the same as the interface name we'll just use uh you know wpa2 personal you do have the option to maybe you want to broadcast with a captive portal maybe you you want to use wpa2 enterprise to authenticate users to a radius server somewhere along the line but we can all in this case we'll just use wpa2 personal status enabled let's hit ok and then we'll just wait maybe a few seconds here all right so you probably noticed pretty quickly there that the um 2.4 and 5 gigahertz leds on the ap are now lighting up so uh you know at this point now we're going to have the ssid be broadcast so that we can connect our cell phones and our laptops up to the the ssid all right so even though the ssid is successfully being broadcast and i can connect a device to it obviously internet access anything like that is not going to work so we need to have a firewall policy that says that traffic from the test ssid interface going to the public internet is allowed and then we're going to configure our security profiles for that type of traffic we'll just enable a few here okay all right now after enabling this policy now my particular device i have a ubuntu machine connected to the 40 ap now we can access the internet uh you know a couple things that we can use now is if we go to dashboard wi-fi we have a bunch of widgets that are already pre-configured for us so that we can get some visibility into the actual devices connected to the access point you know for example we can click the signal strength option have you know a bunch of information about the device that's connected up to that test ssid network you know we can double click it look at some information about the performance we can see the the actual applications um that are being seen from that device the destinations that are being reached out to the actual policies that are being matched on the 48 firewall policy 9 here and we can actually see some of the wi-fi logs so lots of good information there because we're integrating our our fortigate with the uh the 40 ap all right so that wraps things up on how we can quickly configure um a 48p to be managed by a 40 firewall so thanks for joining up and we'll see you in the next video
Info
Channel: ToThePoint Fortinet
Views: 25,160
Rating: undefined out of 5
Keywords: FortiGate, FortiGate how to, Fortinet how to, FortiGate tutorial, Fortinet tutorial, Security, FortiAP, wireless, wifi, FAP, wireless controller, tunnel mode, bridge mode, mesh mode
Id: XjLkLhzL6HE
Channel Id: undefined
Length: 6min 37sec (397 seconds)
Published: Tue Mar 29 2022
Related Videos
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.