Setting up a WiFi Bridge with a FortiAP

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this example, you will set up a WiFi network with a FortiGate managing a FortiAP in Bridge mode.

You can configure a FortiAP unit in either Tunnel or Bridge mode. When a FortiAP is in Bridge mode, the Ethernet and WiFi interfaces are connected (or bridged), allowing wired and wireless networks to be on the same subnet. Tunnel mode is the default mode for a FortiAP. A FortiAP in Tunnel mode uses a wireless-only subnet for wireless traffic.

For information about using a FortiAP in Tunnel mode, see Setting up WiFi with a FortiAP.

Find this recipe for other FortiOS versions
5.2 | 5.4 | 5.6

1. Connecting and authorizing the FortiAP unit

Go to Network > Interfaces and edit the lan interface.

Set Addressing Mode to Manual and set an IP/Network Mask.

Under Administrative Access, enable CAPWAP and optionally enable PING to test your connection.

Enable the DHCP Server.

Under Networked Devices, enable both Device Detection and Active Scanning.

Shows the LAN hardware switch interface page. 

Connect the FortiAP to the lan interface.

Shows connecting a FortiAP to a FortiGate's local area network or lan. 

Go to WiFi & Switch Controller > Managed FortiAPs. The FortiAP is listed. The device is not yet authorized, as indicated by the  in the State column.

By default, the FortiGate adds newly discovered FortiAPs to the Managed FortiAPs list but does not authorize them.

This screenshot is already described in the text in the column beside. 

Right-click on the FortiAP, and select Authorize.

This image is described in the text in the column next to it. 

The device interface will be down initially, but after a few minutes, hit the Refresh button and a  will confirm that the device is authorized.

This screenshot is already described in the text in the column beside. 
 Verify that your FortiAP is on the latest firmware. If the OS Version shows that a newer firmware version is available, check the release notes for your product.

This screenshot is already described in the text in the column beside. 

 

You can download the firmware images from the Support Site to your Local Hard Disk, or you can select A new firmware version is available and download the latest version directly from FortiGuard.

This screenshot is already described in the text in the column beside.This screenshot is already described in the text in the column beside.

2. Creating an SSID

Go to WiFi & Switch Controller > SSID and create a new SSID.

Set Traffic Mode to AP Bridge, creating a local bridge with the FortiAP’s interface.

Configure the WiFi Settings as you would for a regular wireless network and set a secure Pre-shared Key.

 

3. Creating a custom FortiAP profile

Go to WiFi & Switch Controller > FortiAP Profiles and create a new profile.

Set Platform to the FortiAP model you are using (FAP221C).

Select the Country/Region and you have the option change your AP Login Password.

Under Radio 1, set the Mode to Access Point.

Set SSID to use the new SSID profile (in the example, MyWiFi).

Set Radio 2 to Disabled. 

 

This shows the FortiAP profile page.

 

Go to WiFi & Switch Controller > Managed FortiAPs and right-click on the FortiAP. Select Assign Profile andset the FortiAP to use the new SSID profile (in the example, MyProfile).

 This screenshot is already described in the text in the column beside.

4. Results

Connect to the SSID with a wireless device. After a connection is established, you can browse the Internet using the wireless network configured in this recipe. 

 This shows the iPhone connected to the new SSID.

On the policy list page, right-click on your lan to wan Internet access policy and click Show in FortiView.

 This screenshot is already described in the text in the column beside.

Make sure to view the session details, including more information under the various tabs (Sources, Destination, Applications, Countries, Sessions).

This screenshot is already described in the text in the column beside. 

Go to Log & Report > WiFi Events to see the detected client IP and authentication logs.

 This screenshot is already described in the text in the column beside.

You can also go to Monitor > WiFi Client Monitor for user details and Monitor > WiFi Health Monitor for the AP Status.

This shows that one device is connected to the AP and shows a client count over time. 

 

For further reading, check out Wireless Networks in the FortiOS 5.6 Handbook.

Kayla Robinson

Kayla Robinson

Technical Writer at Fortinet
Kayla Robinson works in Ottawa as part of Fortinet's Technical Documentation and New Media team. With a Bachelor's degree from Carleton, and a graduate certificate in Technical Writing from Algonquin College, she enjoys creating FortiOS Cookbook videos.
Kayla Robinson

Latest posts by Kayla Robinson (see all)

  • Was this helpful?
  • Yes   No
Some FortiGates may not have an Active Scanning option and it is not required.
It may take a few minutes for the FortiAP to appear.
You can disable this in the CLI. See Deploying Wireless Networks.
Alternatively, select the FortiAP unit on the list and select Authorize from the top menu.
Unless you wish to use a second radio.
Located under Policy & Objects > IPv4 Policy.