We had a good percentage of access points across the enterprise that were not assigned to a WTP profile but instead were set to "Automatic". Even though this caused us no immediate harm it was definitely not optimal.
In order to fix this issue we needed a uniform WTP profile across the board on all Fortigates and we needed to assign all of the FAPs on each FGT to the uniform WTP profile. Unfortunately, this option is not available through the standard Fortimanager features and is a very cumbersome process via the CLI because in order to reference the AP you need to address it by it's serial #.
ex:
config wireless-controller wtp
edit "FAP22B3U12345678"
set wtp-profile "NEWdefaultwifiprof"
end
Solution:
For a work around we will need to script out this manual process.
The script will need to:
1. Create a new standard WTP profile.
2. Query all of the FAPs on the unit.
3. Add each FortiAP to the new WTP profile by serial.
Script:
#!
#creates do_cmd process
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# "]
}
#creates single instance of new wtp-profile
do_cmd "config wireless-controller wtp-profile"
do_cmd "edit NEWdefaultwifiprof"
do_cmd "config radio-1"
do_cmd "set mode ap"
do_cmd "set band 802.11n-5G"
do_cmd "set ap-bgscan enable"
do_cmd "set rogue-scan enable"
do_cmd "set frequency-handoff enable"
do_cmd "set ap-handoff enable"
do_cmd "set vaps NewSitewifi"
do_cmd "set channel 36 40 44 48 149 153 157 161 165"
do_cmd "end"
do_cmd "config radio-2"
do_cmd "set mode ap"
do_cmd "set band 802.11n"
do_cmd "set ap-bgscan enable"
do_cmd "set rogue-scan enable"
do_cmd "set frequency-handoff enable"
do_cmd "set ap-handoff enable"
do_cmd "set vaps NewSitewifi"
do_cmd "set channel 1 6 11"
do_cmd "end"
do_cmd "next"
do_cmd "end"
#queries all access points
foreach line [split [exec "show wireless-controller wtp | grep edit\n" "# "] \n] {
#regexp to match FAP serial #s
if {[regexp {edit[ ]+"(.*)"} $line match fapid]} {
#assigns all aps on fortigate to new wtp-profile
do_cmd "config wireless-controller wtp"
do_cmd "edit $fapid"
do_cmd "set wtp-profile NEWdefaultwifiprof"
do_cmd "end"
}
}
#creates do_cmd process
proc do_cmd {cmd} {
puts [exec "$cmd\n" "# "]
}
#creates single instance of new wtp-profile
do_cmd "config wireless-controller wtp-profile"
do_cmd "edit NEWdefaultwifiprof"
do_cmd "config radio-1"
do_cmd "set mode ap"
do_cmd "set band 802.11n-5G"
do_cmd "set ap-bgscan enable"
do_cmd "set rogue-scan enable"
do_cmd "set frequency-handoff enable"
do_cmd "set ap-handoff enable"
do_cmd "set vaps NewSitewifi"
do_cmd "set channel 36 40 44 48 149 153 157 161 165"
do_cmd "end"
do_cmd "config radio-2"
do_cmd "set mode ap"
do_cmd "set band 802.11n"
do_cmd "set ap-bgscan enable"
do_cmd "set rogue-scan enable"
do_cmd "set frequency-handoff enable"
do_cmd "set ap-handoff enable"
do_cmd "set vaps NewSitewifi"
do_cmd "set channel 1 6 11"
do_cmd "end"
do_cmd "next"
do_cmd "end"
#queries all access points
foreach line [split [exec "show wireless-controller wtp | grep edit\n" "# "] \n] {
#regexp to match FAP serial #s
if {[regexp {edit[ ]+"(.*)"} $line match fapid]} {
#assigns all aps on fortigate to new wtp-profile
do_cmd "config wireless-controller wtp"
do_cmd "edit $fapid"
do_cmd "set wtp-profile NEWdefaultwifiprof"
do_cmd "end"
}
}