Actually, at Fortinet it's called a cookbook. And yes, it's pretty thick.
I hate manuals. When I put together IKEA furniture, I only break out their cryptic pictogram instructions as a last resort. And when I get new hardware in my hands, the manual only comes out when I break something. Which I tend to do. What good is tinkering if you can’t break something and then fix it, right?
So, not surprisingly, I glanced at the quickstart guide when Fortinet sent me a FortiGate 90D-POE NGFW and FortiAP thin access point to test around Thanksgiving and then promptly replaced my homemade firewall with the FortiGate. I set the access point aside for a bit and just used a wired test computer and an Apple Airport to start putting the firewall through its paces. All of the basics are easy to configure either from a web interface that you point to the FortiGate’s IP address or with free FortiExplorer client software that allows you to connect to the firewall via a USB cable.
In terms of simple content filtering, gateway anti-malware, and basic application control, the interface should feel pretty straightforward to those familiar with the capabilities of next gen firewalls. Yay! No manual so far!
And then my Airport started flaking out. It was time to hook up the FortiAP, a slick little smoke detector-sized device that was powered and managed by the FortiGate. I plugged the included Ethernet cable into one of four PoE ports on the firewall and watched the access point come to life. Because these are “thin access points”, they are centrally managed right from the FortiGate and you can build profiles for quickly deploying multiple units. Pretty sweet, but I was starting to get into the weeds of the software here, so it was time to break out the manual. Or, as it’s called in FortiSpeak, the FortiGate Cookbook. And before I start getting emails from our product marketing folks, there isn’t really something called FortiSpeak. I just get a kick out of the Forti* nomenclature.
The FortiGate Cookbook gives step-by-step instructions for most tasks within FortiOS (the operating system running on the FortiGate platform). It’s something of a living document, with new recipes added on a regular basis. No need to read all 171 pages (and counting). “Wireless Networking” was one of the chapters so I jumped in there. I’m a big fan of this approach to documentation - If I must read a manual, give me hands-on instructions for the fundamentals and I can tinker with advanced applications. This doesn’t work for everyone, so more detailed looks at various features and functions can be found in individual documents and microsites here.
Of course, this time it didn’t quite quite work for me either. I set up profiles, created SSIDs (I created one for each of the two radios), and the FortiGate recognized the AP. All good. But when it came time to authorize the AP (basically clicking a button to tell the FortiGate that it should actively manage the access point), I got an error. I tried a few more times with no success, so I called Fortinet tech support. I, unlike many male archetypes, have no issue stopping and asking for directions.
Special thanks to my tech support genius, Sarvesh, who took over my computer, stepped me through some troubleshooting, and quickly noticed that I had entered the wrong model FortiAP when I set up the profiles. Whoops.
So a few takeaways.
Cookbooks are good. Easily digestible recipes (yes, I know I’m flogging this metaphor) with hands-on instructions are better than the average manual.
Sharp tech support that doesn’t mind teaching as well as fixing is even better.
Two individually configurable radios on an AP are better than one. The kids get the slower 2.4GHz band, I get 5GHz, and I can easily see what’s happening on both chunks of my wireless network. Clearly, there are other cooler applications of this than making sure my network speeds are faster than my kids’, but you get the idea.
Perhaps the most important takeaway, though, is that I’m just scratching the surface of what my FortiGate can do. I’m moving into a new office with a test lab this week with some additional users to experiment on and lots more bandwidth. I’m thinking it’s time to really start digging into QoS.