Manage FortiAP via FortiCloud

In the past, to create a WLAN with Fortinet FortiAPs, you needed a FortiGate, which then took on the role of a WLAN controller, or a dedicated WLAN controller.
This acquisition is of course associated with additional costs and discourages many potential customers.
Thanks to FortiCloud, this is no longer an issue. You can manage your access points and WLAN networks centrally without having to buy a FortiGate or a wireless controller.
In addition, you can also manage your FortiGates via FortiCloud.

In the comprehensive basic version, the use of FortiCloud is free of charge.
This means that Fortinet not only offers an extremely cost-effective solution, it is also extremely easy to set up and manage.

A comparison of the range of functions:

*Requires FortiCloud Analysis Service licence
**Requires FortiDeploy licence, must be purchased with hardware
***Requires Advanced Management licence

Fortinet has also thought about data protection and provides FortiCloud on European servers where the data does not leave Europe.

If you want to set up a network, visit https://europe.forticloud.com/ and if you haven't already done so, create a user account there.

Once you have logged in with your credentials, you will see the FortiCloud overview page. If no devices are registered yet, the page is empty.
Click on FortiAP Network in the top left menu bar. Now click on Inventory in the top right-hand corner to open FortiAP Inventory. Now click Import AP Key and enter the 8-digit code stuck on the unit. Repeat this until all devices are registered. Alternatively, you can also enter a bulk deployment code. You will receive this when you purchase the corresponding licence when you buy the hardware.

Now you can create your WLAN network. To do this, go back to the FortiAP Network category. Click on Add FortiAP Network to start creating the network.
You will be asked to select a name and a time zone. Select a name that uniquely identifies the network. This name will only be used internally for administration. For the time zone, select the time zone in which the network will be located. This is necessary for log entries and time-controlled rules.

Now you can open the dashboard for the network by clicking on the name of the network. This will open in a pop-up. If this does not happen, it may have been blocked by your browser's pop-up blocker. In this case, check the settings and create an exception rule for the page if necessary.

</>

When you open the dashboard for the first time, you will be informed that there is no SSID in the network yet and that you should please add one.

To do this, go to the Configure tab where you can set up your network in detail.

</>

Access Control

• SSID
  The public name of your WLAN network. The broadcast can be suppressed.
• Enabled
  Whether your network is active or not.
• MAC Access Control
  Whether access to the network should be restricted via MAC address filters.
• Mesh Link
  If one or more APs cannot have an Ethernet connection, you can still use it to provide an area-wide WLAN. Requires FortiAPs with two radios. At least one FortiAP must have a wired connection to FortiCloud.
• Authentication
  • Open
    For open networks such as hotspots.
  • WPA2-Personal
    Authentication via WPA2 with a Pre-Shared Key
  • WPA2-Enterprise
    Authentication via a RADIUS server or users or groups stored in FortiCloud. Individual guest access can also be set up here, either manually or automatically.
• Captive Portal
  Here you can optionally create an internal captive portal or integrate an external one. Either as a normal click through landing page, or with authentication/registration via RADIUS, FortiCloud users or groups, self-registration via email or SMS, as well as login via social media.
• IP Assignment
  IP assignment can be done via NAT or Bridge.
• QoS Profile
  If you have created a Quality of Service profile, you can activate it here.
• VLAN ID
  If you want to segment the network and have VLAN-capable switches, you can enter the VLAN ID here.

In the advanced settings, which require a paid licence, you can also deactivate intra-SSID traffic and make detailed settings for the individual WLAN protocols.

Security

Here you can set up additional security features such as anti-virus, intrusion prevention, botnet blocking, web filters and application controls.
However, this only works with FortiAPs of the S series, and a separate licence must be purchased for each AP.

Availability

Here you can set whether 2.4GHz, 5GHz or both are to be used. This requires access points with two radios. Otherwise you can only use one frequency band.

You can also set when the WLAN should be active. Here you can specifically set for each day at which times the WLAN should be available.

This almost completes the basic configuration of the network. Now you only need to assign the desired number of FortiAPs to the network. To do this, simply go to Deploy APs and select the desired access points.
In the next step, you will be asked to select the platform profile. Select the appropriate model here.
With many access points, it is easy to lose track of them, so you can assign tags and folders to the access points if you have defined them beforehand.
If desired, you can also create direct administration access for the access points. If you wish to do this, we recommend that you only allow an encrypted connection with a strong password.

Once you have completed this process, you are done with the basic configuration. FortiCloud will now transfer the configuration to the selected FortiAPs and, if you have a connection to the Internet, they should receive the configuration and start working within a few seconds to a few minutes.