FortiWLC – Policy Enforcement Module
Policy Enforcement Module The optional Policy Enforcement Module feature makes it possible to control network content by dropping/allowing traffic based on configured policies applied on a firewall tag...
View ArticleFortiWLC – RSA SecurID Authentication
RSA SecurID Authentication RSA SecurID is two-factor authentication mechanism. This authentication mechanism primarily involves three components: • RSA SecurID Authenticator token (hardware based or...
View ArticleFortiWLC – Configure MAC Filtering
Configure MAC Filtering MAC filtering controls a user station’s access to the WLAN by permitting or denying access based on specific MAC addresses. A MAC address is unique to each IEEE 802-compliant...
View ArticleFortiWLC – Security Certificates
Security Certificates Certificates provide security assurance validated by a Certificate Authority (CA). This chapter describes the process to obtain and use certificates. For a Custom Certificate to...
View ArticleFortiWLC – WAPI Configuration
WAPI Configuration The WLAN Authentication and Privacy Infrastructure (WAPI) is a Chinese national standard for WLANs. There are two authentication models used for WAPI functionality: certificatebased...
View ArticleFortiWLC – Integration with Palo Alto Networks Firewall
Integration with Palo Alto Networks Firewall FortiWLC (SD) supports syslog based integration with User ID Agent solution of the Palo Alto Networks Firewall solution. This allows for setting up firewall...
View ArticleFortiWLC – Configuring VPN Connections
Configuring VPN Connections In System Directer version 5.2 and later, users have the ability to configure supported APs to connect to the corporate controller via VPN connections, allowing a secure...
View ArticleFortiWLC – RADIUS Authentication
RADIUS Authentication Conceptual 802.1X Model for RADIUS Authentication The conceptual model for 802.1X authentication looks like this: Figure 53: Conceptual Model for 802.1X RADIUS Server...
View ArticleFortiWLC – RADIUS Authentication Attributes
RADIUS Authentication Attributes Attributes for 802.1X The RADIUS 802.1X message attributes are: MESSAGE: Access-Request ATTRIBUTES: User-Name(1) NAS-IP-Adress(4) NAS-Port(5) Called-Station-Id(30) =...
View ArticleFortiWLC – RADIUS Accounting for Clients
RADIUS Accounting for Clients If you have a RADIUS accounting server in your network, you can configure the controller to act as a RADIUS client, allowing the controller to send accounting records to...
View ArticleFortiWLC – RADIUS-Based ESS Profile Restriction
RADIUS-Based ESS Profile Restriction This feature gives a controller the capability to restrict wireless clients attempting connection through RADIUS based ESS profiles; the clients can connect only to...
View ArticleFortiWLC – Remote RADIUS Server
Remote RADIUS Server Network deployments with remote sites that are physically away from their head-quarter (or master data center -DC) can use remote RADIUS server in each of the remote sites for...
View ArticleFortiWLC – TACACS+ Authentication
TACACS+ Authentication Terminal Access Controller Access-Control System Plus (TACACS+) is a remote authentication protocol that runs on a TACACS+ server on the network and is similar to RADIUS...
View ArticleFortiWLC – Local Admin Authentication
Local Admin Authentication Local admin authentication takes place on the controller and uses the same three privilege levels as RADIUS and TACACS+, 15 (superuser), 10 (admin), and 1 (user). If...
View ArticleFortiWLC – 802.1X Authentication
802.1X Authentication Authentication in the 802.11 standard is focused more on wireless LAN connectivity than on verifying user or station identity. For enterprise wireless security to scale to...
View ArticleFortiWLC – Fortinet Captive Portal
Optionally Customize and Use Your Own HTML Pages If you want to create custom Captive Portal login and success pages with your own logos and credentials, complete the directions in this section. You do...
View ArticleFortiWLC – Captive Portal With N+1
Captive Portal With N+1 Captive Portal changes are propagated in an Nplus1 environment as follows. When a slave takes over a master, it uses the master’s Captive Portal pages. If changes are made on...
View ArticleFortiWLC – Captive Portal (CP) Authentication for Wired Clients
Captive Portal (CP) Authentication for Wired Clients Wired clients connected via port profile (tunnelled and bridged) will require CP authentication to pass external traffic. Wired Clients can have CP...
View ArticleFortiWLC – CP Bypass for MAC Authenticated Clients
CP Bypass for MAC Authenticated Clients Wired and wireless clients that are successfully authenticated by their MAC address (MAC Filtering) are considered as captive portal authenticated clients. Both...
View ArticleFortiWLC – Third-Party Captive Portal Solutions
Third-Party Captive Portal Solutions Instead of using the Fortinet Captive Portal solution, you can use a third-party solution; you cannot use both. Companies such as Bradford, Avenda, and CloudPath...
View Article