Support WPA3 on FortiWiFi F-series models 7.0.4
FortiWiFi F-series models support WPA3 encryption on local radio of all FortiWiFi F-series models. These models can create SSIDs with WPA3-SAE, WPA3-OWE, WPA3-Enterprise security modes, and broadcast it from the local radio.
To select a WPA3 security mode - GUI:
- Go to WiFi & Switch Controller > SSIDs and select edit or create a new SSID.
-
Locate Security mode and select one of the following WPA3 security modes:
- WPA3 SAE.
- Opportunistic Wireless Encryption (OWE).
- WPA3 Enterprise Only - You can select if you want a Local or Radius Server authentication type.
-
Click OK to save.
Once you've created the SSID, you can apply the SSID to a FortiAP profile, and then apply that profile to the Local WiFi Radio.
To select a WPA3 security mode - CLI:
-
Create WPA3 SSIDs:
config wireless-controller vap edit "wifi4" set ssid "FWF_61F_LR_WPA3_ENT_Group" set security wpa3-only-enterprise set pmf enable set auth usergroup set usergroup "group_local" set schedule "always" next end
|
Select a security mode:
|
|
Select an authentication type:
|
To apply a FortiAP profile to a Local WiFi Radio - GUI:
-
Go to WiFi & Switch Controller > Local WiFi Radio and select a FortiAP profile to apply.
-
Click Apply to save.
To apply a FortiAP profile to a Local WiFi Radio - CLI:
config wireless-controller wtp edit "FWF61F-WIFI0" set uuid 8026e538-47d2-51ec-c2b3-92e930027a18 set wtp-profile "11ac-only" config radio-1 end next end config wireless-controller wtp-profile edit "11ac-only" config platform set type FWF end set handoff-sta-thresh 30 config radio-1 set band 802.11ac set vap-all manual set vaps "wifi2" "wifi4" "wifi3" "wifi" set channel "40" "44" end next end
To verify the wireless station is connected to the Local Radio - GUI:
-
Go to WiFi & Switch Controller > WiFi Clients and ensure the client is connected with the correct Security mode.
To verify the wireless station is connected to the Local Radio - CLI:
vf=0 wtp=1 rId=1 wlan=wifi vlan_id=0 ip=10.10.80.106 ip6=:: mac=f8:e4:e3:d8:5e:af vci= host=WiFi-Client-2 user= group= signal=-21 noise=-95 idle=1 bw=0 use=6 chan=44 radio_type=11AC(wave2) security=wpa3_sae mpsk= encrypt=aes cp_authed=no online=yes mimo=2