Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Abin_FTNT
Staff
Staff

Created on ‎10-04-2019 01:33 AM Edited on ‎02-05-2024 02:53 AM By Moderator

Article Id 189632

Technical Tip: How to configure WPA3 on FortiGate WiFi/AP

Description
This article explains how to configure WPA3 on FortiGate WiFi/AP.

Solution
FortiGate supports GUI as well as CLI configuration of WPA3 starting from firmware version 6.2.1


To configure WPA3 in the GUI:
 
1) Go to WiFi & Switch Controller -> SSID
2) Click Create New -> SSID.
3) In the WiFi Settings section Security Mode drop down list, select a WPS3 option.
 
4) Click 'OK'
 
Use a client with WPA3 to verify the connection.
 
To configure WPA3 in the CLI:
 
1) WPA3 OWE.
 
- WPA3 OWE only.
  Clients which support WPA3 can connect with this SSID.
#config wireless-controller vap
edit "80e_owe"
set ssid "80e_owe"
set security owe
set pmf enable
set schedule "always"
next
end
- WPA3 OWE TRANSITION.
  Clients connect with normal OPEN or OWE depending on its capability.
  Clients which support WPA3 connect with OWS standard.
  Clients which cannot support WPA3 connect with Open SSID.
#config wireless-controller vap
edit "80e_open"
set ssid "80e_open"
set security open
set owe-transition enable
set owe-transition-ssid "wpa3_open"
set schedule "always"
next
edit "wpa3_owe_tr"
set ssid "wpa3_open"
set broadcast-ssid disable
set security owe
set pmf enable
set owe-transition enable
set owe-transition-ssid "80e_open"
set schedule "always"
next
end
2) WPA3 SAE.
 
- WPA3 SAE.
  Clients which support WPA3 can connect with this SSID.
#config wireless-controller vap
edit "80e_sae"
set ssid "80e_sae"
set security wpa3-sae
set pmf enable
set schedule "always"
set sae-password 12345678
next
end
- WPA3 SAE TRANSITION.
  There are two passwords in the SSID.
  If passphrase is used, the client connects with WPA2 PSK.
  If sae-password is used, the client connects with WPA3 SAE.
#config wireless-controller vap
edit "80e_sae-tr"
set ssid "80e_sae-transition"
set security wpa3-sae-transition
set pmf optional
set passphrase 11111111
set schedule "always"
set sae-password 22222222
next
end
3) WPA3 Enterprise.
     Using this option, select the auth type to use either RADIUS authentication or local user authentication.
#config wireless-controller vap
edit "80e_wpa3"
set ssid "80e_wpa3"
set security wpa3-enterprise
set pmf enable
set auth radius
set radius-server "wifi-radius"
set schedule "always"
next
edit "80e_wpa3_user"
set ssid "80e_wpa3_user"
set security wpa3-enterprise
set pmf enable
set auth usergroup
set usergroup "usergroup"
set schedule "always"
next
end
Use a client with WPA3 to verify the connection.

 

5681
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.