FortiAP

In this lesson, we will show for Fortinet’s wireless offering, the FortiAP fits into our Security-Driven Networking
portfolio.
 FortiAP

This course is made up of two sections: a product overview in which we will go over the basics of the FortiAP
solution, followed by Sales Enablement, to help you sell the product.
 FortiAP

You should be able to perform these tasks by the end of this section.

• Identify the business drivers and security challenges that customers currently face
• Describe FortiAP and our wireless key features, and
• Identify the sales strategies for, and competitive advantages of, the FortiAP product line

By demonstrating competence in our FortiAP product line, you will be able to discuss the value of Fortinet’s
wireless LAN offering within the overall Security-Driven Networking product pillar.
4

The access layer continues to grow, threats are becoming more complex as hackers and malware are now
targeting endpoint devices to get past edge security. On air encryption is NOT enough to protect a wireless
network. Attacks launched at the wireless network are far more likely to be targeting widescale access to the
network itself than cracking over-air encryption. Managing the copious amount of equipment that even a
moderately sized location needs to install can become overwhelming.
5

The impacts of these challenges are real. Almost one-half of IT decision-makers are worried about the
challenges of securing the explosion of devices that IoT is bringing into our networks. They now must balance
requirements for strong security with flexibility to provide access to almost any type of device onto the network
without being in-line for that process. The challenge today is how to truly secure your infrastructure no matter
the number of devices, and feel confident that wireless security can react without IT’s involvement, even in the
case of zero-day threats.

The reliance on standalone point products, even when those products are considered “best-in-breed” is no
longer a viable methodology for IT. Trying to oversee an expanding number of management interfaces, and
the chances of a misconfiguration or security mismatch compounds the management problem. The difficulty
only grows as more disparate systems are added.
 FortiAP

The FortiAP is part of our LAN Edge solution, along with the FortiGate and FortiSwitch. This solution allows
users to secure the LAN edge using the power and security of the FortiGate.
7

A key enabling technology for this solution is FortiLink. It is what enables our unique capabilities for secure
infrastructure. FortiLink protocols enable the FortiGate to be able to manage Fortinet’s LAN edge solution.
FortiLink drives the simplicity as well as the automated provisioning of the LAN and improve visibility because
everything is centered around the FortiGate. It provides for a flexible architecture the scales as needs change
and it enables the FortiGate to be able to offer a high level of security to the SSIDs and the ports on the
switch.

You can confidently create global security policies enforced by an architecture centered around FortiGate and
FortiOS. There's no additional licensing required for you to be able to utilize FortiLink in order to manage your
LAN—no AP licenses, switch licenses, etc. This is all part of your investment into the FortiGate.
FortiAP
9

FortiLink also powers our key strategic use case for FortiAP: SD-Branch. Fortinet Secure SD-Branch builds
upon Fortinet’s SD-WAN solution in our FortiGate. Secure SD-Branch is composed of two key elements to
address the new edge paradigm. Our wired and wireless products, FortiSwitch and FortiAP, address securing
the LAN edge. It offers consolidation through the convergence of security and the LAN through FortiLink. This
allows FortiOS, through FortiGate, to integrate the network as an extension of the Next Generation Firewall.

The second component is NAC, be it the onboard NAC in FortiOS or the stand alone FortiNAC product, which
addresses the device edge, offering discovery and security of devices as they enter the network.
10

• Recognized As a Leader for Network Firewall and WAN Edge

• Delivered From The Same FortiGate Platform
11

Fortinet offers a wide range of Access Point models to serve any need.

We have high end high throughout 4 by 4 models, as well as less costly 2 by 2 models for price sensitive
customers.

For applications that need a ruggedized or wall plate form factor AP, we have those as well.
 FortiAP

From a management perspective, the FortiAP has a number of options for customers.

At the simplest, is the robust wireless controller offered in the FortiGate UI to manage APs at the site.

For those preferring cloud based management, FortiGate Cloud gives all the same great features with hosted
cloud management.

Larger enterprises may prefer to have management localized in their NOC/SOC environment, and
FortiManager with FortiAnalyzer is the perfect combination for large scale Fortinet Security Fabric
management within a single pane of glass.

FortiWLM can be added to give enhanced RF troubleshooting and visibility.

No FortiGate? No problem! FortiAP Cloud allows for cloud based management of standalone FortiAPs.

No matter the installation, there is a management choice that is right for the customer.
13

Wireless technology is largely a commodity at this point. What sets Fortinet’s offering apart from other
vendors is our belief in Security-Driven Networking.

Traditional network architecture and network design builds out network access first and then it looks to layer
on security after the fact. Fortinet Security-Driven Networking enables the convergence of security and
network access. The LAN edge is designed within an integrated security framework through FortiOS and the
FortiGate. This unique architecture is ideal for SD Branch deployments as well as large enterprises. It
consolidates functions, it simplifies management, and it lowers the overall cost of a solution for an Enterprise
with a branch-based architecture.

When you add network management into an industry leading firewall you get a platform that is simple to
implement and configure, is very scalable, but is defined by security. Being able to look at all your security and
your security policies, and easily port those over to the LAN, has been a very difficult issue for network
administrators for a very long time.
 FortiAP

Let’s look at some case studies that show the value of Security-Driven Networking in action.

Batteries + Bulbs had a number of distributed locations. Their centralized IT team needed a solution that could
offer strong branch security while still enabling wireless access for all necessary onsite functions. By installing
the Fortinet SD-Branch solution they were able to gain visibility of their entire branch architectures from a
centralized location, and have a framework in place that could easily scale with their business and grow to
meet any of their future security or networking needs.
 FortiAP

Arnes was looking for a new wireless solution to cover nearly a thousand schools in Slovenia. They chose to
use centralized FortiGate VMs with remote FortiAPs (over 20,000 of them) to offer a fully secure wireless
network at each location with strong centralized security. In doing so, they were able to reduce their costs
compared to other solutions they had evaluated, while still enabling zero-touch provisioning when bringing a
school online.
16

Now, let’s look at additional components that can make up a wireless solution.

As mentioned earlier, FortiWLM offers RF visibility and advanced troubleshooting tools intended to aid in the
management of large scale wireless deployments. FortiWLM can manage the RF of multiple FortiGates and
present that information in a consolidated manner.
17

Deploying APs can be problematic, particularly if there are little to no resources at an individual site who can
handle configuration of each unit. Fortinet's FortiDeploy service makes it easy to rapidly provision and deploy
large numbers of access points with a few clicks of the mouse.

After booting up, an AP with internet connectivity will communicate with our FortiDeploy server to learn where
it should report to.

After learning that it’s supposed to be managed by FortiAP Cloud, this AP reports into the customer’s FortiAP
Cloud account and is ready for further management and configuration.
18

Similarly, FortiDeploy can be used to configure which FortiGate a given FortiAP is supposed to be managed
by.
 FortiAP

Keep in mind that FortiExplorer also supports FortiAPs managed by FortiGates and can provide statistics and
configuration information while “on the go”.
 FortiAP

Many retail and hospitality environments look to better understand their visitor’s habits. How often they come,
where they go, how long they spend, etc. Fortinet’s FortiPresence offering offers a full presence analytics tool
suite that works with any of our wireless management options. With cumulative statistics across days and
weeks, plus the ability to compare data across time or locations, FortiPresence can provide valuable insights
into visitor traffic at a location.
 FortiAP

Good job! You now understand the FortiAP product portfolio

Take the next section to learn sales enablement.

 FortiAP

Welcome to the FortiAP sales product training.

 FortiAP

In this section, you’ll learn the sales aspects of FortiAP.

 FortiAP

The wireless market continues to be strong. It is a $5.8B market in 2020, with a 7.9% CAGR through 2023.
And that’s not the only reason to be bullish about Fortinet’s wireless opportunity. Comparatively speaking,
Fortinet’s current market share is relatively low, while the larger incumbents are steadily infuriating their
traditional customer base by gauging them with numerous licenses and inflating the costs of their hardware.
Fortinet is moving away from this. This gives Fortinet a great chance to not only grow with the market, but
outgrow the market as we take share from other vendors.
Looking at this even further. What is the value to you of selling FortiAP? Increased business.

Customers don’t stop with firewalls or SD-WAN; they update their networks. Per leading
analysts, they expect better integration with LAN platforms and ways to address IoT. FortiAP
and SD-Branch provide for the network infrastructure, so depending on the size of the location,
you may sell several (even dozens) of FortiSwitch and FortiAP units into a location that is
served by one or two FortiGates. This significantly increases your deal size, often two to three
times what it would have been with FortiGate alone.
 FortiAP

When you sell, remember that Security-Driven Networking, powered by FortiLink, is the key to our message.
Wireless is a commodity market at this point, so it is rarely a model comparison. It is the management aspects
that drive the importance. Security integration is unique to Fortinet and is a topic that is continuing to grow in
importance and mind share.

We focus on 3 key pieces of our message:

If you sell Fortinet, you know how to sell security. Lean into that message, as it is a strong differentiator for
Fortinet and an increasingly important message as security breaches continue to happen.

IT spend and IT resources never scale at the same rate as IT complexity. Stress the simplicity of the Fortinet
solution; the benefits that can be gained by reducing the number of separate vendors and separate products
to manage.

It’s rare you’ll find any customer who isn’t interested in minimizing their TCO. With no licenses to enable
FortiLink and no licenses to manage APs, there are no vendors on the market who can compete with our
TCO.

Avoid getting pulled into a feature by feature comparison or a dive into AP specs-manship. While Fortinet
compares favorably to most vendors, there is usually a feature here or there that someone can become overly
focused on. By pulling the conversation and the focus back to these three high level talking points, you are
focused on important business factors that will resonate with whomever you talk to.
So who do we talk to? Well in general terms almost every company these days has a wireless network, so
that means everyone is in play. We tend to see our highest success in distributed enterprise with our SD-
Branch story. The term distributed enterprise refers to organizations with several locations of various sizes.
These could be small offices with a few employees or mini-campuses with several hundred employees on
site.

Examples of distributed enterprises can be retail stores, hospital clinics, k-12 education, any organization with
a number of remote sites, often without large scale onsite IT resources.
 FortiAP

When selling wireless, your primary audience it typically a VP or director of engineering. They will be most
interested in the security and simplicity aspects of our message. If you’re talking to a more technical person
on the buying team, go over FortiLink, what it does and how it drives our security-driven networking message.
If this is an SD-Branch opportunity, be sure to talk about the importance of SECURE SD-Branch, and stress
the industry leading features that the Fortinet offers for application awareness and how this will benefit the
entire SD-Branch.

For anyone on the money side of things (CFO, procurement, etc.), they’ll be most interested in our TCO
benefits as outlined in the pitch.
 FortiAP

Discovering a wireless opportunity is fairly simple, most companies have a wireless network, so asking when
that is up for refresh is often all you need to know in order to discover an opportunity.

To further qualify that opportunity and drive the conversation around the benefits that Fortinet offers and get
them to perceive the pain points that they may not have considered when they focus on their wireless
network. Ask how they are harmonizing security across their network. Find out how they mange all the
different aspects of their network and whether that is causing them any complexity issues.
 FortiAP

Do they have global policies today? How are they enforced? And what about compliance? FortiGate-based
networks can easily report on regulatory compliance, but can their current solution?
 FortiAP

You will probably receive pushback as you introduce our solution.

The most typical is due to Fortinet not being thought of as a network equipment vendor. While this isn’t what
we’re known for (that would be security), you can direct them to the Gartner Magic Quadrant for Wired and
Wireless LAN. Only a few vendors are ranked more highly than Fortinet, and those are major players in the
space. Call their attention to Fortinet being recognized for multiple years as a Gartner Customer Choice
winner for Wired and Wireless LAN infrastructure, showing that the customers who deploy our systems love
them.
 FortiAP

As the FortiGate is the most common deployed management platform, those without a FortiGate may push
back that their current project is only for wireless and they are not budgeted to also replace the Firewall.
Remind them that most any solution they look at is going to include a management platform (even Meraki
features a yearly subscription for management). With our lack of licenses etc. we’re often so cost effective that
with their existing wireless budget they can get the APs and the FortiGate for the same cost as the wireless
only from other vendors. Or think of it this way, our wireless controller comes with a free industry leading Next
Generation Firewall!
 FortiAP

Cloud architectures are popular, thanks primarily to Meraki pushing this topology. A customer’s preference for
cloud should not create a barrier for considering Fortinet product. Fortinet can also offer several cloud based
options, such as FortiGate Cloud for those with FortiGates or FortiAP Cloud for those without FortiGates.
 FortiAP

Some customers hear that this is part of an integrated platform approach. They hear about our Security Fabric
and they may assume that this feature richness will also imply solution complexity. This is not the case. In
fact, we simplify deployment by replacing multiple management platforms with a single simple interface on the
FortiGate with FortiOS.
 FortiAP

As mentioned several times in this training course, integration with a Next Generation Firewall is one of
Fortinet’s chief competitive advantages. In addition, our solution features a single management console for
Wired, Wireless, and Security. With our lack of per AP and feature licensing, our TCO beats the competition
across the board. Don’t be fooled by discounted HW costs; most vendors easily make this up in licensing
and/or subscription costs.

For more detailed competitive information, please reference our vendor specific battlecards on FUSE.
Now, let’s look at two flow wins.

Ânima is one of the largest private higher education educational organizations in Brazil, with about 115,000
students in various states.

They were looking for a more scalable network solution that was easy to manage. At the same time, they
were looking to deploy SD-WAN at their schools. A perfect fit for our SD-Branch solution.

36
We were competing against Cisco, HP, and Dell in this account. Fortinet’s offering had the best TCO of any of
the proposals, as well as being the most comprehensive SD-Branch solution. Our simplified management,
with our Fabric Management Center of FortiManager and FortiAnalyzer, was the simplest to deploy and grow.

It also needed to worry about new data privacy laws in Brazil, and our tight integration of the access layer with
the security layer was a major plus for the customer. In the end, the deal was over a quarter of a million
dollars with FortiGates, FortiSwitches, FortiAPs, FortiManager, and FortiAnalyzer all deployed.

37
In Europe, a small municipality just outside of Gothenburg in the west coast of Sweden has about 40,000
inhabitants of which 3,000 work for the municipality.

They had a desire to update the technology in their branches with newer equipment. Management of their
existing MSP supplied Cisco solution had been a struggle, so simplified management was a key solution goal.
As always, a tight budget was in place, so low TCO was a plus.

38
Our biggest competition in the account was Cisco as the incumbent. We were able to show that all branch
equipment could be controlled in a unified management console with FortiManager and FortiAnalyzer. They
were very interested in learning about our SD-WAN capabilities on the FortiGate and wanted to eventually
move to our SD-Branch architecture, but their budget was so tight that they could not afford to purchase the
FortiGates at this time. Our flexibility of management became an important side benefit as they could install
the current equipment and use FortiAP Cloud and FortiSwitch Cloud as a temporary management solution for
their access equipment until the FortiGates could be purchased and deployed. The fact that all access
equipment could be simply switched from Cloud managed to on-premises controlled without the need to do
any rip-and-replace or lost money on licences was valuable for aiding the customer to get their long term
deployment goal.

39
 FortiAP

For most vendors, Access Point part numbers are just a semi-randomly chosen family / model combinations.
At first appearance, Fortinet might appear to be no different, but there is actually a lot of important information
encoded into our Access Point part numbers:

All part numbers start with the Eff-Aye-Pee prefix. After that is the first variable field, a family indication. There
are two primary families, a “Standard” AP (no letter) and a Premium AP (indicated by a U), which allows for
dual 5GHz capabilities on newer APs and will pick up additional premium features going forward.

The first numerical field indicates the number of spatial streams that the AP radios feature. The more spatial
streams, the more available aggregate throughput, but also the more cost.

The second numerical field indicates how many Wi-Fi radios are in the Access Point. Tri-radio APs have a
third radio that can be used for 24 by 7 dedicated scanning, or (in the case of the U series) can allow for Dual
5GHz operation while still offering client access on 2.4GHz.

The Form Factor field comes next, and indicates the physical characteristics of the AP. Indoor vs. ruggedized
for outdoor, wall plate / desktop as well as internal vs. external antenna capabilities are encoded into this field.

Finally, generational information is included with an alpha character. APs with an E in this field are 802.11ac,
while APs with an F are Wi-Fi 6. All wireless devices have a regulatory designation added to the end of the
model number. The Fortinet price list contains a table of the various region codes and what countries they
correspond to.
41

As mentioned several times, there are no licenses necessary to configure or operate a FortiAP with the
FortiGate. For use with FortiAP Cloud, a subscription is available that adds access to advanced configuration
options as well as yearly FortiGuard services for those APs that can leverage them.

The FortiWLM RF management platform features perpetual per AP licenses to add centralized RF
management and troubleshooting.
 FortiAP

Let’s look further at the FortiWLM part numbers. FortiWLM is available as either a HW appliance or as a VM.
In both cases AP license part numbers are purchased and applied to cover the number of desired APs.
 FortiAP

Fortinet’s FortiPresence Location Analytics tool is also licensed. Per AP subscriptions enable one year of data
retention and an unlimited number of sites to be configured and managed within the tool. Remember that
FortiPresence can be used with any of Fortinet’s wireless management solutions.
 FortiAP

Here is a review of all the objectives in this lesson.

You can now identify the business drivers and security challenges that customers currently face. You can
describe the FortiAP key features and how Fortinet provides coverage, and you can identify the sales
strategies for, and competitive advantages of wireless from Fortinet using the FortiAP.
 FortiAP

Good job! You now understand Fortinet’s wireless offerings with the FortiAP.
 FortiAP

Now, don’t forget to take the quiz. To earn your NSE 3 certification, you must pass each quiz for at least four
courses.

Thank you for your time.