Fortinet black logo

New Features

Support WPA3 on FortiWiFi F-series models 7.0.4

Copy Link
Copy Doc ID 4f6cd3c1-22cb-11eb-96b9-00505692583a:631976
Download PDF

Support WPA3 on FortiWiFi F-series models 7.0.4

FortiWiFi F-series models support WPA3 encryption on local radio of all FortiWiFi F-series models. These models can create SSIDs with WPA3-SAE, WPA3-OWE, WPA3-Enterprise security modes, and broadcast it from the local radio.

To select a WPA3 security mode - GUI:
  1. Go to WiFi & Switch Controller > SSIDs and select edit or create a new SSID.
  2. Locate Security mode and select one of the following WPA3 security modes:

    • WPA3 SAE.
    • Opportunistic Wireless Encryption (OWE).
    • WPA3 Enterprise Only - You can select if you want a Local or Radius Server authentication type.
  3. Click OK to save.

Once you've created the SSID, you can apply the SSID to a FortiAP profile, and then apply that profile to the Local WiFi Radio.

To select a WPA3 security mode - CLI:
  1. Create WPA3 SSIDs:

    config wireless-controller vap
      edit "wifi4"
        set ssid "FWF_61F_LR_WPA3_ENT_Group"
        set security wpa3-only-enterprise
        set pmf enable
        set auth usergroup
        set usergroup "group_local"
        set schedule "always"
      next
    end

set security

Select a security mode:

  • wpa3-sae: WPA3-SAE

  • owe: WPA3-OWE

  • wpa3: WPA3-Enterprise-Only

set auth

Select an authentication type:

  • radius: Radius Server
  • usergroup: Local User Group
To apply a FortiAP profile to a Local WiFi Radio - GUI:
  1. Go to WiFi & Switch Controller > Local WiFi Radio and select a FortiAP profile to apply.

  2. Click Apply to save.

To apply a FortiAP profile to a Local WiFi Radio - CLI:
config wireless-controller wtp
  edit "FWF61F-WIFI0"
    set uuid 8026e538-47d2-51ec-c2b3-92e930027a18
    set wtp-profile "11ac-only"
    config radio-1
    end
  next
end

config wireless-controller wtp-profile
  edit "11ac-only"
    config platform
      set type FWF
    end
    set handoff-sta-thresh 30
    config radio-1
      set band 802.11ac
      set vap-all manual
      set vaps "wifi2" "wifi4" "wifi3" "wifi"
      set channel "40" "44"
    end
  next
end
To verify the wireless station is connected to the Local Radio - GUI:
  1. Go to WiFi & Switch Controller > WiFi Clients and ensure the client is connected with the correct Security mode.

To verify the wireless station is connected to the Local Radio - CLI:
vf=0 wtp=1 rId=1 wlan=wifi vlan_id=0 ip=10.10.80.106 ip6=:: mac=f8:e4:e3:d8:5e:af vci= host=WiFi-Client-2 user= group= signal=-21 noise=-95 idle=1 bw=0 use=6 chan=44 radio_type=11AC(wave2) security=wpa3_sae mpsk= encrypt=aes cp_authed=no online=yes mimo=2

Support WPA3 on FortiWiFi F-series models 7.0.4

FortiWiFi F-series models support WPA3 encryption on local radio of all FortiWiFi F-series models. These models can create SSIDs with WPA3-SAE, WPA3-OWE, WPA3-Enterprise security modes, and broadcast it from the local radio.

To select a WPA3 security mode - GUI:
  1. Go to WiFi & Switch Controller > SSIDs and select edit or create a new SSID.
  2. Locate Security mode and select one of the following WPA3 security modes:

    • WPA3 SAE.
    • Opportunistic Wireless Encryption (OWE).
    • WPA3 Enterprise Only - You can select if you want a Local or Radius Server authentication type.
  3. Click OK to save.

Once you've created the SSID, you can apply the SSID to a FortiAP profile, and then apply that profile to the Local WiFi Radio.

To select a WPA3 security mode - CLI:
  1. Create WPA3 SSIDs:

    config wireless-controller vap
      edit "wifi4"
        set ssid "FWF_61F_LR_WPA3_ENT_Group"
        set security wpa3-only-enterprise
        set pmf enable
        set auth usergroup
        set usergroup "group_local"
        set schedule "always"
      next
    end

set security

Select a security mode:

  • wpa3-sae: WPA3-SAE

  • owe: WPA3-OWE

  • wpa3: WPA3-Enterprise-Only

set auth

Select an authentication type:

  • radius: Radius Server
  • usergroup: Local User Group
To apply a FortiAP profile to a Local WiFi Radio - GUI:
  1. Go to WiFi & Switch Controller > Local WiFi Radio and select a FortiAP profile to apply.

  2. Click Apply to save.

To apply a FortiAP profile to a Local WiFi Radio - CLI:
config wireless-controller wtp
  edit "FWF61F-WIFI0"
    set uuid 8026e538-47d2-51ec-c2b3-92e930027a18
    set wtp-profile "11ac-only"
    config radio-1
    end
  next
end

config wireless-controller wtp-profile
  edit "11ac-only"
    config platform
      set type FWF
    end
    set handoff-sta-thresh 30
    config radio-1
      set band 802.11ac
      set vap-all manual
      set vaps "wifi2" "wifi4" "wifi3" "wifi"
      set channel "40" "44"
    end
  next
end
To verify the wireless station is connected to the Local Radio - GUI:
  1. Go to WiFi & Switch Controller > WiFi Clients and ensure the client is connected with the correct Security mode.

To verify the wireless station is connected to the Local Radio - CLI:
vf=0 wtp=1 rId=1 wlan=wifi vlan_id=0 ip=10.10.80.106 ip6=:: mac=f8:e4:e3:d8:5e:af vci= host=WiFi-Client-2 user= group= signal=-21 noise=-95 idle=1 bw=0 use=6 chan=44 radio_type=11AC(wave2) security=wpa3_sae mpsk= encrypt=aes cp_authed=no online=yes mimo=2