Configure FortiAP with Wi-Fi controller 200D


Configure FortiAP with Wi-Fi controller 200D

Configuration is applicable on respected Forti OS –

 Forti OS          5.2.1 – 5

Create one LAB diagram. In diagram internet is connected with Forti200B UTM device and Forti 200D device connected to 200B. Forti A
P connected with FG 200D Wi-Fi controller. FortiAP connected with Tunnel mode to manage unite FG 200D.


Forti gate unit has to mode is used for wireless traffic. where can configure a Forti AP unite in either tunnel mode or Bridge mode. If we configure FortiAP is in Tunnel mode, a wireless traffic only pass through the wireless subnet only. When a FortiAP is in bridge mode, wireless traffic pass through the Ethernet and Wi-Fi interface are connected, allowing wired and wireless network traffic to be on same subnet.

Tunnel mode is the default mode for a FortiAP. Tunnel mode is secure mode for wireless network traffic.

Now let’s start configuration of FortiAP.

  1. Connect FortiAP locally with your Laptop device and configure IP address of your IP address and network subnet. You can configure FortiAP with help of user manual guide.
  1. Connect FortiAP unit with FG device and Authorizing the AP.
  •    Go toSystem > Network > Interfaces and edit the interface that will connect to the      FortiAP. We connect with Port no. 16.
  • fg2


  • Edit the interface port 16 and assigning IP address/network to manual addressing mode.


  1. Connect Forti AP unit with FG LAN interface port 16.



  1. Go to Wi-Fi Controller > Managed Access Points > Managed FortiAPs

Here can see the state with a yellow mark it because the device is not authorized yet. All connected Forti AP unit with controller will display here in Managed FortiAPs.



  1. Go to WiFi Controller > Managed Access Points > Managed FortiAPs

Highlight the FortiAP unit on the list and select Authorize. A grey checkmark is now shown beside the Access Point, showing that it is authorized but not yet online.


  1. Create SSID .

Go to Wi-Fi Controller > WiFi Network > SSID and create a new SSID.

Set IP address and Subnet mask to interface.

Assign the DHCP IP Address range to wireless client machine.

Assign DNS server address and gateway also.

Set the unique SSID, security mode and assign PreShared key to SSID.

Set the Traffic mode in Tunnel to Wireless Controller.



  1. Create FortiAP profile.

Go to WiFi Controller > WiFi Network > FortiAP Profilesand create a new profile.


8. Go toWi-Fi Controller > Managed Access Points > Managed Forti APs and edit the FortiAP. Set FortiAP Profile to use the new profile.


9.    Allowing wireless access to the Internet

Go to Policy & Objects > Policy > IPv4 and create a new policy.

Set Incoming Interface to the SSID and Outgoing Interface to your Internet-facing interface. Ensure that NAT is turned ON.


10.   Results of AP state

Go to WiFi Controller > Managed Access Points > Managed FortiAPs.

Check state beside of Access Point is showing in green state.


NEXT  —   We will post next with post subject line “ How to configure NPS Radius Server for FortiAP authentication with AD ”


One thought on “Configure FortiAP with Wi-Fi controller 200D

Add yours

Leave a Reply to Cancel reply

Fill in your details below or click an icon to log in: Logo

You are commenting using your account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s

This site uses Akismet to reduce spam. Learn how your comment data is processed.

Create a free website or blog at

Up ↑

%d bloggers like this: