Your AP device will need an IP on your main vlan, when guests connect to the AP they will get a wireless connection but no internet, which is correct. Youâll need to add a rule on your guest vlan to access the AP and the port running your captive portal if you are using one. All the other vlans ought to just work with your existing rules if you just map them to your SSIDs.
i already setup all the profile and network in the firewall and AP. i think i just need to configure the switch side. what port in the switch should i choose as âtagged or untaggedâ?
I have almost the exact setup in my office. FortiGate >>> HP Switch >>> Ubiquiti AP. You will need to setup the VLAN tags on the port the AP in plugged in as well as the port plugged into the FortiGate. Once the VLAN âpathâ is set then you can manage the guest VLAN from Fortigate. The only other thing I also do is have a user profile setup in the Ubiquiti controller that limits bandwidth to 50/50.
for example i have a VLAN_id =100 then the port which we will plugged the AP will set vlan_id = 100 and marked it as âtaggedâ? because i also have two AP.
The IP of the Dlink shouldnât cause any issues with routing, just harder to manage if you are on another network than it.
You need to ensure the VLAN path/network is complete all the way back to the router. I tried to circle in blue each port that should be tagged with VLAN 100 to allow traffic back to the router.