Implementação rede wireless (V1.5) - uilamis/Fortinet GitHub Wiki

Implementação rede wireless:

Broadcast packet suppression

config wireless-controller vap

edit nome_do_ssid

set broadcast-suppression: dhcp-up dhcp-down dhcp-starvation netbios-ns netbios-ds ipv6

end

Obs: não fazer supressão do ARP

Multicast to unicast conversion

config wireless-controller vap

edit nome_do_ssid

set multicast-enhance enable

end

Ignore weak or distant clientes

config wireless-controller vap

edit nome_do_ssid

set probe-resp-suppression enable

set probe-resp-threshold valor do dbm a ser ignorado a partir dele

end

Turn off 802.11b protocol

config wireless-controller wtp-profile

edit nome_do_perfil

config radio-1

set powersave-optimize no-11b-rate

end

Limit power

  1. Go to WiFi Controller > WiFi Network > FortiAP Profiles and edit the profile for your AP model.

  2. For each radio, enable Auto TX Power Control and set the TX Power Low and TX Power High levels. The default range of 10 to 17dBm is recommended.

Use frequency band load-balancing

config wireless-controller wtp-profile

edit nome_do_perfil

config radio-1

set frequency-handoff enable

end

Setting the handoff RSSI threshold - para redes 5ghz

config wireless-controller wtp-profile

edit nome_do_perfil

set handoff-rssi 25

end

AP load balancing

config wireless-controller wtp-profile

edit nome_do_perfil

config radio-1

set ap-handoff enable

end

Short Guard Interval

config wireless-controller wtp-profile

edit nome_do_perfil

config radio-1

set short-guard-interval enable

end

Geographic location

config wireless-controller setting

set country BR

end

config wireless-controller wtp-profile

edit nome_do_perfil

set ap-country BR

end

Block Infra-SSID Traffic

config wireless-controller vap

edit ## nome_do_ssid

set broadcast-ssid enable

end

Automatic Radio Resource Provisioning

config wireless-controller wtp-profile

edit FAP321C-default

config radio-1

set darrp enable

end

config radio-2

set darrp enable

end set handoff-roaming enable end

Na medida do possível não utilizar SSID oculto

It is highly recommended to advertise the SSID. It makes it easier for customers and wireless clients. Also, if you 'hide' the SSID (known as ‘network cloaking’), then clients will always look for it when they're outside the coverage area, which searches for known SSIDs, in effect leaking the SSID anyway. Refer to RFC 3370. Furthermore, many of the latest Broadcom drivers do not support hidden SSID for WPA2.

https://docs.fortinet.com/uploaded/files/1954/Best_Practices_52.pdf

Caso o AP esteja conectado a porta de um FortiSwitch:

Logar no Switch onde está o AP e habilitar o Flow Control

S548DN4K16000360 # config switch physical-port

S548DN4K16000360 (physical-port) # edit port9

S548DN4K16000360 (port9) # set flow-control both

Features sendo estudadas para aplicação:

  • Distributed Automatic Radio Resource Provisioning (DARRP) support (283501)

  • Disable low data rates

Não foram aplicadas pois possuem impacto na rede wireless, devem ser melhor estudadas pois não existe um padrão, depende dos equipamentos e frequências que constituem a gama ou espectro do local.