The FortiGate WiFi controller configuration is composed of three types of object, the SSID, the AP Profile and the physical Access Point.
- An SSID defines a virtual wireless network interface, including security settings. One SSID is sufficient for a wireless network, regardless how many physical access points are provided. You might, however, want to create multiple SSIDs to provide different services or privileges to different groups of users. Each SSID has separate firewall policies and authentication. Each radio in an access point can support up to 8 SSIDs.
A more common use of the term SSID is for the identifier that clients must use to connect to the wireless network. Each SSID (wireless interface) that you configure will have an SSID field for this identifier. In Managed Access Point configurations you choose wireless networks by SSID values. In firewall policies you choose wireless interfaces by their SSID name.
- An AP Profile defines the radio settings, such as band (802.11g for example) and channel selection. The AP Profile names the SSIDs to which it applies. Managed APs can use automatic profile settings or you can create AP profiles.
- Managed Access Points represent local wireless APs on FortiWiFi units and FortiAP units that the FortiGate unit has discovered. There is one managed access point definition for each AP device. An access point definition can use automatic AP profile settings or select a FortiAP Profile. When automatic profile settings are used, the managed AP definition also selects the SSIDs to be carried on the AP.
Conceptual view of FortiGate WiFi controller configuration
About SSIDs on FortiWiFi units
FortiWiFi units have a default SSID (wireless interface) named wlan. You can modify or delete this SSID as needed. As with external APs, the built-in wireless AP can be configured to carry any SSID.
The AP settings for the built-in wireless access point are located at WiFi Controller > Managed Access Points > Local WiFi Radio. The available operational settings are the same as those for external access points which are configured at WiFi Controller > Managed Access Points > Managed FortiAPs.
Process to create a wireless network
To set up your wireless network, you will need to perform the following steps:
- Make sure the FortiGate wireless controller is configured for your geographic location. This ensures that the available radio channels and radio power are in compliance with the regulations in your region.
- Optionally, if you don’t want to use automatic AP profile settings, configure a FortiAP profile, specifying the radio settings and the SSIDs to which they apply.
- Configure one or more SSIDs for your wireless network. The SSID configuration includes DHCP and DNS settings.
- Configure the user group and users for authentication on the WLAN.
- Configure the firewall policy for the WLAN.
- Optionally, customize the captive portal.
- Configure access points.
Configuration of the built-in AP on FortiWiFi units is described in this chapter. Connection and configuration of FortiAP units is described in the next chapter, see Access point deployment.