Extend WIFI Networks across the Internet using Fortinet FortiAP units

I travel a lot and also work from home quite a bit.  At times, I need to connect to both the office and our data-center separate subnets at the same time.  Sure I can fire up a software VPN app, but what about devices that doesn’t have the VPN client loaded or even mobile devices?  Well, Fortinet has the solution.

The FortiAP 11c unit.  This little device is a little wall plug.FAP-11C

The unit comes with a USB management port, (1) WAN, (1) LAN.  Let’s assume you have a WIFI network at your office that has a IPSEC VPN to another location that the SSID has access to.  This unit will extend that wireless network where ever you plug it into a valid Internet connection.

Two things need to be done.

1 – FortiAP 11c

You will need to pre-configure the unit by logging into it’s management interface either by USB or http. The options are sparse, but the sections that need updated are the following:

WTP Configuration

  • Set AC Discovery Type to DNS or STATIC
  • AC Control Port should be default 5246
  • AC Host Name 1 <Set to the WAN IP of Fortigate > or DNS <firewall.mycompany.com>

2 – Fortigate

You’ll need to enable CAPWAP on the Fortigate’s WAN connection that the FortiAP will connect to.  If not done ahead of time, someone will need to AUTHORIZE the FortiAP.  Please verify the serial number matches the FortiAP unit you’re configuring – for security sake.