Device Manager : Provisioning Templates : WiFi Templates : SSIDs
 
SSIDs
To view a list of SSIDs, in the Provisioning Templates tree menu, select an ADOM, then select WiFi Templates > SSIDs.
SSIDs can be created, edited, cloned, deleted, searched, and imported.
Figure 103: SSIDs list
The following information is available:
Create New
Create a new SSID. See “To create a new SSID:”.
Delete
Select to delete the selected SSIDs. See “To delete an SSID or SSIDs:”.
Import
Select to import SSIDs. See “To import an SSID:”.
Search
Search the SSIDs by entering a search term in the search field.
Name
The name given to the SSID.
SSID
The SSID name that is broadcast.
Traffic Mode
The traffic mode for the SSID; one of:
Tunnel to Wireless Controller: Data for WLAN passes through the WiFi controller.
Local bridge with FortiAP’s Interface: FortiAP unit Ethernet and WiFi interfaces are bridged.
Mesh Downlink
Security Mode
The security mode for the SSID; one of:
WPA-Personal: The user must know the pre-shared key value to connect.
WPA-Enterprise: The user must know the user name and password to connect.
Captive Portal: The user connects to the open access point and then must authenticate to use the network.
OPEN
Data Encryption
The data encryption method for the SSID.
Maximum Client
The maximum number of clients that can connect to the SSID at one time.
To create a new SSID:
1. From the SSIDs page, select Create New.
The New SSID window opens.
Figure 104: New SSID
2. Enter the following information:
Name
Enter a name for the SSID.
Traffic Mode
Select the traffic mode from the drop-down list. The available options are: Tunnel to Wireless Controller, Local bridge with FortiAP’s Interface, and Mesh Downlink.
Common Interface Settings
Select to enable common interface settings.
Only available when Traffic Mode is set to Tunnel to Wireless Controller.
IP/Netmask
Enter the IP address and network mask.
Only available when Traffic Mode is set to Tunnel to Wireless Controller.
Administrative Access
Select the allowed administrative service protocols from: HTTPS, HTTP, PING, SSH, Telnet, SNMP, FMG-Access, Auto IPsec Request, and FCT-Access.
Only available when Traffic Mode is set to Tunnel to Wireless Controller.
Enable DHCP
Select to enable and configure DHCP.
Only available when Traffic Mode is set to Tunnel to Wireless Controller.
 
Address Range
Enter the DHCP address range.
 
Netmask
Enter the netmask.
 
Default Gateway
Select Same As Interface IP if the default gateway is the same as the interface IP, or select Specify and enter a new gateway.
 
DNS Server
Select Same As System DNS if the DNS server is the same as the system DNS, or select Specify and enter a DNS server address.
 
MAC Address Access Control List
The MAC address control list allows you to view the MAC addresses and their actions. It includes a default entry for unknown MAC addresses.
Select Create New to create a new IP MAC binding.
Select an address and then select Edit to edit the default action for unknown MAC addresses or your IP MAC bindings.
Select an address or addresses and then select Delete to delete the selected items. The unknown MAC address cannot be deleted.
Wireless Settings
 
 
SSID
Enter the wireless service set identifier (SSID) or network name for this wireless interface. Users who want to use the wireless network must configure their computers with this network name.
 
Security Mode
Select a security mode. The options are: WEP64, WEP128, WPA/WPA2-PERSONAL, WPA/WPA2-ENTERPRISE, Captive Portal, OPEN, WPA-ONLY-PERSONAL, WAP-ONLY-ENTERPRISE, WPA2-ONLY-PERSONAL, or WPA2-ONLY-ENTERPRISE.
Captive Portal is not available if the traffic mode is set to Mesh Downlink.
When Traffic Mode is set to Mesh Downlink, the security mode options are: WPA/WPA2-PERSONAL, OPEN, WPA-ONLY-PERSONAL, or WPA2-ONLY-PERSONAL.
 
Key Index
Select 1, 2, 3, or 4 from the drop-down menu.
Many wireless clients can configure up to four WEP keys. Select which key clients must use.with this access point. This is available when security is a WEP type.
This option is only available when Traffic Mode is set to Tunnel to Wireless Controller or Local bridge with FortiAP’s Interface.
 
Key
Enter 10 Hex digits for the key value.
This option is only available when Traffic Mode is set to Tunnel to Wireless Controller or Local bridge with FortiAP’s Interface.
 
Data Encryption
Select the data encryption method. The options are: AES, TKIP, and TKIP-AES.
This option is only available when the security mode is set to WPA.
 
Pre-shared Key
Enter the pre-shared key for the SSID.
This option is only available when the security mode is set to WPA-Personal.
 
Detect and Identify Devices
Select to enable or disable detect and identify devices. When this setting is configured as enable, you can select to Add New Devices to Vulnerability Scan List.
 
Authentication
Select the authentication method for the SSID, either a RADIUS server or a user group, then select the requisite server or group from the respective drop-down list.
This option is only available when the security mode is set to WPA-Enterprise.
 
Customize Portal Messages
Select to allow for customized portal messages.
This option is only available when the security mode is set to Captive Portal.
 
User Groups
Select the user groups to add from the Available user group box. Use the arrow buttons to move the desired user groups to the Selected user groups box.
This option is only available when the security mode is set to Captive Portal.
 
Block Intra-SSID Traffic
Select to block intra-SSID traffic.
This option is only available when Traffic Mode is set to Tunnel to Wireless Controller.
 
Maximum Clients
Select to limit the concurrent WiFi clients that can connect to the SSID. If selected, enter the desired maximum number of clients. Enter 0 for no limit.
This option is only available when Traffic Mode is set to Tunnel to Wireless Controller or Local bridge with FortiAP’s Interface.
Advanced Options
Configure advanced options for the SSID.
 
broadcast-ssid
Enable broadcast of the SSID. Broadcasting the SSID enables clients to connect to your wireless network without first knowing the SSID. For better security, do not broadcast the SSID.
 
broadcast-suppression
Prevent ARP or DHCP messages being carried to other access points carrying the same SSID. Select DHCP and/or ARP broadcast suppression.
 
dynamic-vlan
Enable dynamic VLAN assignment for users based RADIUS attribute.
 
external-fast-roaming
Enable or disable pre-authentication with external non-managed access points.
 
fast-roaming
Select to enable or disable fast roaming. Enabling fast-roaming enables pre-authentication where supported by clients.
 
gtk-rekey-intv
Set the WPA re-key interval. Some clients may require a longer interval. Range 60 to 864 000 seconds.
 
local-authentication
Enable authentication of clients by the FortiAP unit if the wireless controller is unavailable. This applies only if security is a WPA-Personal mode and local-bridging is enabled.
 
local-switching
Enable or disable bridging of local VAP interfaces.
 
me-disable-thresh
Set the multicast enhancement threshold. Enter the threshold value in the text field.
 
multicast-enhance
Select to enable or disable multicast enhance.
 
portal-message-override-group
Select the portal message override group from the drop-down menu.
 
ptk-rekey-intv
Enter the re-key interval value in the text field.
 
radius-mac-auth
Select to enable or disable RADIUS MAC authentication.
 
radius-mac-auth-server
Select the RADIUS MAC authentication server from the drop-down list.
 
vlan-auto
Select to enable or disable automatic VLAN assignment for authenticated users of this SSID.
 
vlanid
Enter the VLAN ID in the text field. Enter 0 is VLANs are not used.
3. Select OK to create the new SSID.
To edit an SSID:
1. From the SSIDs page, double click on an SSID name or right-click on the name and select Edit from the pop-up menu.
The Edit SSID window opens.
2. Edit the settings as required. The SSID name cannot be edited.
3. Selected OK to apply your changes.
To delete an SSID or SSIDs:
1. Select the SSID or SSIDs that you would like to delete from the SSID list.
2. Select Delete or right click on the SSID and select Delete from the pop-up menu.
3. Select OK in the confirmation dialog box to delete the SSID or SSIDs.
To clone an SSID:
1. From the SSIDs page, right-click on the SSID name and select Clone from the pop-up menu.
The Clone SSID window opens.
2. Edit the settings as required.
3. Selected OK to clone the SSID.
To import an SSID:
1. From the SSIDs page, select Import.
The Import SSID dialog box opens.
Figure 105: Import SSID
2. Enter the following information:
Import from device
Select a device from which to import the SSID or SSIDs from the drop-down list. This list will include all the devices available in the ADOM.
Virtual Domain
Is applicable, select the virtual domain from which the SSIDs will be imported.
Available Objects List
The available objects that can be imported.
Select an object or objects and then select the down arrow to move the selected object or objects to the Selected Objects List.
Selected Objects List
The objects that are to be imported.
To remove an object or objects from the list, select the object or objects and then select the up arrow. The selected items will be moved back to the Available Objects List.
New Name
Select to create a new name for the object or objects that are being imported, and then enter the name in the field.
3. Select OK to import the SSID or SSIDs.