Deploying WPA2-Personal SSID to FortiAP units
The guide provides simple configuration instructions for developing WPA2-Personal SSID with FortiAP. The steps include creating an SSID, selecting the SSID for the FortiAP, and creating a policy from the SSID to the Internet.
The following shows a simple network topology for this recipe:
To deploy WPA2-Personal SSID to FortiAP units on the FortiOS GUI:
- Create a WPA2-Personal SSID:
- Go to WiFi & Switch Controller> SSID, select SSID, then click Create New.
- Enter the desired interface name. For Traffic mode, select Tunnel.
- In the Address > IP/Network Mask field, enter the IP address. DHCP Server is enabled by default. You can modify the DHCP IP address range manually.
- In the SSID field, enter the desired SSID name. For Security, select WPA2 Personal.
- In the Pre-Shared Key field, enter the password. The password must be 8 to 63 characters long, or exactly 64 academical digits.
- Click OK.
- Select the SSID on a managed FortiAP. The following configuration is based on a example using a managed FortiAP-320C and a “FAP320C-default” profile that is applied to the FortiAP-320C. Do one of the following: Select the SSID by editing the FortiAP:
- Go to WiFi & Switch Controller> Managed FortiAPs. Select the FortiAP-320C and click Edit. ii. Ensure that Managed AP Status is Connected.
- Under WiFi Setting, ensure that the configured FortiAP profile is the desired profile, in this case FAP320C-default. Click Edit entry.
- To broadcast the SSID from 2.4 G radio, scroll to Radio 1 > SSIDs. Select Manual, then click + to select the Fortinet-PSK SSID.
- To broadcast the SSID from 5 G radio, scroll to Radio 2 > SSIDs. Select Manual, then click + to select the Fortinet-PSK SSID.
- Click OK.
- Select the SSID by editing the FortiAP profile:
- Go to WiFi & Switch Controller> FortiAP Profile. Select the FAP320C-default profile, then click Edit.
- To broadcast the SSID from 2.4 G radio, scroll to Radio 1 > SSIDs. Select Manual, then click + to create the Fortinet-PSK SSID. To broadcast the SSID from 5 G radio, scroll to Radio 2 > SSIDs. Select Manual, then click + to create the Fortinet-PSK SSID.
- Click OK.
- Create the SSID-to-Internet firewall policy:
- Go to Policy & Objects > IPv4 Policy, then click Create New.
- Enter the desired policy name.
- From the Incoming Interface dropdown list, select the source interface, such as wifi-vap.
- From the Outgoing Interface dropdown list, select the destination interface, such as wan1.
- In the Source and Destination fields, select all. In the Service field, select ALL. If desired, you can configure different values for these fields.
- Click OK.
To deploy WPA2-Personal SSID to FortiAP units using the FortiOS CLI:
- Create a WPA2-Personal SSID:
- Create a VAP interface named “wifi-vap”:
config wireless-controller vap edit “wifi-vap” set ssid “Fortinet-psk” set security wpa2-only-personal set passphrase fortinet
next
end
- Configure an IP address and enable DHCP:
config system interface edit “wifi-vap” set ip 10.10.80.1 255.255.255.0
next
end
config system dhcp server edit 1 set dns-service default set default-gateway 10.10.80.1 set netmask 255.255.255.0 set interface “wifi-vap” config ip-range edit 1 set start-ip 10.10.80.2 set end-ip 10.10.80.254
next
end
set timezone-option default
next
end
- Select the SSID on a managed FortiAP. The following configuration is based on a example using a managed FortiAP-320C and a “FAP320C-default” profile that is applied to the FortiAP-320C:
config wireless-controller wtp edit “FP320C3X14000640” set admin enable
set wtp-profile “FAP320C-default”
next
end
config wireless-controller wtp-profile edit “FAP320C-default” config radio-1 set vap-all disable
set vaps “wifi-vap”
end config radio-2 set vap-all disable set vaps “wifi-vap”
end
next
end
- Create the SSID-to-Internet firewall policy: config firewall policy edit 1 set name “WiFi to Internet” set srcintf “wifi-vap” set dstintf “wan1” set srcaddr “all” set dstaddr “all” set action accept set schedule “always” set service “ALL” set fsso disable set nat enable
next
end