Combining WiFi and wired networks with a software switch


Including mobile (WiFi) users on your office LAN can be more convenient than putting them on a separate wireless network. The Software Switch feature of your FortiGate is a simple way to do this.

Software Switches are only available if your FortiGate is in Interface mode. For more information, see Choosing your FortiGate’s switch mode.

1. Create the SSID

Go to WiFi Controller > WiFi Network > SSID and configure your wireless network.

Leave the IP address empty. This is allowed.

You can use any type of security/authentication. In this example, your users must be members of the employees group to access the network. 


2. Combine the WiFi and wired interfaces

Go to System > Network > Interface. Edit the existing lan software switch interface or create a new one. 

Make sure your wired and WiFi interfaces are both included.

Make sure there is a DHCP Server configured. It will provide IP addresses to both WiFi and wired users.


3. Create the security policy

Go to Policy & Objects > Policy > IPv4 and create a policy allowing all users on the software switch interface to connect to the Internet. policy

4. Connect and authorize the FortiAP unit

Go to System > Network > Interface. Configure a network interface that is dedicated to extension devices.


Connect the FortiAP unit and wait for it to be listed in WiFi Controller > Managed Access Points > Managed FortiAPs.

Highlight the FortiAP unit on the list and select Authorize.


5. Add the SSID to the FortiAP profile

Go to WiFi Controller > WiFi Network > FortiAP Profiles and edit the profile for your FortiAP model.

For each radio:

  • Enable Radio Resource Provision.
  • Select your SSID.


Go to WiFi Controller > Monitor > Client Monitor to see connected users. client_monitor

For further reading, check out Software switch in the FortiOS 5.2 Handbook.

