This example will use a FortiGate firewall to manage FortiAP access points. We’ll create what’s called a bridge-mode wireless network, which means the wireless clients will be on the same network as the wired clients. The FortiGate firewall will also provide DHCP services to both wired and wireless clients.
I’ll assume you already have an outbound policy created to allow traffic from inside your network out to the Internet. Because in this example the wired and wireless traffic will be on the same network, this policy will work for both.
Setup the internal interface & DHCP Server
- Navigate to Network > Interfaces and edit the LAN interface
- Setup your IP addressing for Manual and give yourself a static IP and subnet mask
- Enable DHCP Server and create a scope large enough for your wired and wireless devices. We’ll just be setting the default settings here but you can click Advanced and add additional DHCP options if you require it. Click OK when done.
Creating the wireless network
- Connect a FortiAP to the network and get it powered up (via PoE or an injector). It might take a few minutes for it to power up and find the FortiGate.
- While waiting, make sure the Wireless Controller feature is enabled on the FortiGate. Navigate to System > Feature Select and make sure WiFi Controller is enabled
- Navigate to WiFi & Switch Controller > Managed FortiAPs
- Right click on your access point and choose Authorize
Create the SSID
- Navigate to WiFi & Switch Controller > SSID
- Click Create New > SSID
- Setup the new bridge mode SSID
- Interface Name: Name the new wireless interface
- Traffic Mode: Local bridge with FortiAP
- SSID: What you want the SSID to be broadcast as
- Security Mode/Password: Set as appropriate
- Click OK
Create the AP Profiles
- Navigate to WiFi & Switch Controller > FortiAP Profiles
- Edit the default or create a new one
- You can leave this if it’s is going to be your only wireless network, and just change the radio settings to fit your environment. If you will have more then one wireless network, change SSID’s to set your specific SSID and click OK
- Navigate to WiFi & Switch Controller > Managed FortiAP’s and edit your Access Point
- Set the FortiAP Profile to match what you setup above and click OK
That should be it! Users that connect will be on the same network as the internal wired users so there should be no need for additional rules.