Name | Enter a name for the SSID interface. |
Type | WiFi SSID. |
Traffic Mode | Tunnel to Wireless Controller — Data for WLAN passes through WiFi Controller. This is the default. Local bridge with FortiAP’s Interface — FortiAP unit Ethernet and WiFi interfaces are bridged. Mesh Downlink — Radio receives data for WLAN from mesh backhaul SSID. |
IP/Netmask | Enter the IP address and netmask for the SSID. |
IPv6 Address | Enter the IPv6 address. This is available only when IPv6 has been enabled on the unit. |
Administrative Access | Select which types of administrative access are permitted on this SSID. |
IPv6 Administrative Access | If you have IPv6 addresses, select the permitted IPv6 administrative access types for this SSID. |
DHCP Server | Select to enable a DHCP server and define IP address ranges to assign to clients or to relay DHCP requests to another server. If the unit is in transparent mode, the DHCP server settings will be unavailable. For more information, see “Configuring DHCP for WiFi clients”. |
WiFi Settings | |
SSID | Enter the SSID. By default, this field contains fortinet. |
Security Mode | Select the security mode for the wireless interface. Wireless users must use the same security mode to be able to connect to this wireless interface. Additional security mode options are available in the CLI. For more information, see “Configuring security”. |
WPA/WPA2-Personal – WPA or WPA2 security. WPA is WiFi protected access. WPA2 is WPA with additional security features. There is one shared key (password) that all users use. | |
WPA/WPA2-Enterprise – similar to WPA/WPA2-Personal, but is best used for enterprise networks. Each user is separately authenticated by user name and password. | |
Captive Portal – authenticates users through a customizable web page. | |
Pre-shared Key | Available only when Security Mode is WPA/WPA2-Personal. Enter the encryption key that the clients must use. |
Data Encryption | Available only when Security Mode is WPA/WPA2-Personal or WPA/WPA2-Enterprise. Select TKIP or AES encryption as appropriate for the capabilities of your wireless clients. This is available for WPA/WPA2 security modes. |
Authentication | Available only when Security Mode is WPA/WPA2-Enterprise. Select one of the following: RADIUS Server — Select the RADIUS server that will authenticate the clients. Usergroup – Select the user group(s) that can authenticate. |
Customize Portal Messages | Available only when Security Mode is Captive Portal. Select to customize the endpoint replacement messages. When you select Edit, the Edit Message window appears. Within the window, you can modify each one of the endpoint replacement messages. |
User Groups | Available only when Security Mode is Captive Portal. Select the user groups that can authenticate. To select a user group, select the group in Available and then use the -> arrow to move that group to Selected. To remove a user group from Selected, select the group and then use the <- arrow to move the group back to Available. |
Block Intra-SSID Traffic | Select to enable the unit to block intra-SSID traffic. |
Allow New WiFi Client Connections When Controller Is Down | This option is available for local bridge SSIDs with WPA-Personal security. See “Continued FortiAP operation when WiFi controller connection is down”. |
Maximum Clients | Select to limit the number of clients permitted to connect simultaneously. Enter the limit value. |
Device Management | Select Detect and Identify Devices if you want to monitor the device types using this interface or create device identity policies involving this interface. See “Managing “bring your own device””. Optionally, enable Add New Devices to Vulnerability Scan List. |
Enable Explicit Web Proxy | Select to enable explicit web proxy for the SSID. |
Listen for RADIUS Accounting Messages | This is required to permit RADIUS SSO authentication on this WiFi inteface. See “SSO using RADIUS accounting records”. |
Secondary IP Address | Optioanally, enable and define secondary IP addresses. Administrative access can be enabled on secondary interfaces. |
Comments | Enter a description or comment for the SSID. |