Download Fortinet.NSE6_FWF-6.4.VCEplus.2024-12-23.18q.tqb

FortiPlanner is a wireless network planning and deployment tool that helps to design and optimize wireless networks based on various parameters, such as floor plans, AP models, coverage areas, and client density.FortiPlanner uses a predictive model in wireless design projects, which means that it estimates the wireless coverage and performance based on mathematical calculations and simulations, without requiring any physical measurements or site surveys.Reference:FortiOS 6.4.0 Handbook - Wireless Controller, page 5; [FortiPlanner User Guide], page 9.

The configuration changes that will resolve the issue are to configure set vaps to be ''Authors'' for both interfaces in the wtp-profile, and to configure vap-all to be manual for both interfaces in the wtp-profile. This is because the current configuration does not assign any VAPs to the AP interfaces, which means that no wireless networks are broadcasted by the APs. The vap-all setting determines whether all VAPs are assigned to an interface or not, and the vaps setting specifies which VAPs are assigned to an interface. By setting vap-all to manual and vaps to ''Authors'', the APs will only broadcast the Authors wireless network on both interfaces. Disabling intra-vap-privacy for the Authors vap-wireless network will not help, as it only affects the communication between clients on the same SSID, not their connection to the AP. Increasing the transmission power of the AP radio interfaces will not help, as it only affects the signal strength and coverage of the APs, not their broadcasting of wireless networks.Reference:wireless-controller vap | FortiGate / FortiOS 6.4.0,Technical Note: How to configure intra-SSID privacy

A FortiGate unit is an industry leading enterprise firewall. In addition to consolidating all the functions of a network firewall, IPS, anti-malware, VPN, WAN optimization, Web filtering, and application control in a single platform, FortiGate also has an integrated Wi-Fi controller.

Setting the wireless controller country setting is a standard best practice that should be performed before configuring FortiAPs using a FortiGate wireless controller. The country setting determines the regulatory domain and the allowed channels and power levels for the wireless network. The country setting must match the physical location of the FortiAPs to comply with local regulations and avoid interference issues.Reference:Secure Wireless LAN Course Description, page 5;FortiOS 6.4.0 Handbook - Wireless Controller, page 24.

The correct way to ensure that the RF channels and transmission power limits are appropriately configured for the remote APs is to create a new FortiAP profile and change the country code settings on the profile. This is because the country code settings determine the legal RF channels and transmission power limits for each country, and they are applied at the FortiAP profile level. By creating a new FortiAP profile for the remote APs, you can specify the correct country code for Germany and assign it to the APs. This will ensure that the APs comply with the local regulations and avoid interference with other devices. Configuring the APs individually by overriding the settings in Managed FortiAPs is not recommended, as it is tedious and error-prone. Configuring the controller for the correct country code for Germany is not possible, as the controller can only have one country code setting, which should match its physical location. Cloning a suitable FortiAP profile and changing the county code settings on the profile is not advisable, as it may cause conflicts with other settings that are specific to the original profile.Reference:Secure Wireless LAN course description, [FortiOS 6.4.0 Handbook - Wireless Controller]

The RADIUS user attributes used for the VLAN ID assignment are:IETF 64 (Tunnel Type)---Set this to VLAN.IETF 65 (Tunnel Medium Type)---Set this to 802IETF 81 (Tunnel Private Group ID)---Set this to VLAN ID.Dynamic VLAN allocation is a feature that allows wireless clients to be assigned to different VLANs based on RADIUS attributes returned by the authentication server. The three IETF attributes that must be supplied by the RADIUS server are: 81 Tunnel-Private-Group-ID, which specifies the VLAN ID for the client; 65 Tunnel-Medium-Type, which specifies the tunneling protocol as IEEE-802 (Ethernet); and 64 Tunnel-Type, which specifies the tunneling method as VLAN.Reference:FortiOS 6.4.0 Handbook - Wireless Controller, page 60;FortiAP / FortiWiFi 6.4.0 Administration Guide, page 68.

According to the web search results, the project information phase and the site survey phase are part of the process to plan a wireless design project. The project information phase involves defining the project scope, objectives, requirements, deliverables, and stakeholders.It also includes creating a project plan, a risk management plan, a communication plan, and a budget.1The site survey phase involves conducting a physical inspection of the site where the wireless network will be deployed, measuring the signal strength and interference levels, identifying the optimal locations for the access points and antennas, and validating the network performance and coverage.2The hardware selection phase and the installation phase are not part of the planning process, but rather part of the implementation process.The hardware selection phase involves choosing the appropriate wireless devices, such as access points, routers, switches, controllers, and cables, based on the network design and specifications.3The installation phase involves installing, configuring, testing, and documenting the wireless network components according to the project plan and best practices.3Reference:Wireless Device Network Planning and Design - Emerson,Telecommunications and Implementation Project Management - BICSI,Project Planning | Wireless Design Services | Digi International

The control channel for managing traffic, which is always encrypted by DTLS. l The data channel for carrying client data packets.When enabling security fabric on the FortiGate interface to manage FortiAPs, two types of communication channels are established between FortiGate and FortiAPs: control channels and data channels. Control channels are used for management and configuration of the FortiAPs, such as firmware updates, provisioning, and monitoring. Data channels are used for tunneling wireless traffic from the FortiAPs to the FortiGate for security inspectionand policy enforcement.Reference:FortiOS 6.4.0 Handbook - Security Fabric, page 17;FortiOS 6.4.0 Handbook - Wireless Controller, page 15.

FortiGate, FortiCloud wireless access points (send visitor data in the form of station reports directly to FortiPresence)Part of the location service registration process is to link FortiAPs in FortiPresence, which is a cloud-based service that provides location analytics and customer engagement tools for wireless networks. The management services that can configure the discovered AP registration information from the FortiPresence cloud are FortiAP Cloud and FortiGate. FortiAP Cloud is a cloud-based wireless LAN management platform that can discover, configure, monitor, and troubleshoot FortiAP devices. FortiGate is a network security appliance that can act as a wireless controller and manage FortiAP devices through security fabric or CAPWAP protocols.Reference:FortiPresence Data Sheet, page 1;FortiOS 6.4.0 Handbook - Wireless Controller, page 9.