Fortinet black logo

Version:

Version:


Table of Contents

New Features

Download PDF
Copy Link

WPA3 enhancements to support H2E only and SAE-PK 7.2.1

This release supports WiFi 6 Release 2 security enhancements by adding support for Hash-to-Element (H2E) only and Simultaneous Authentication of Equals Public Key (SAE-PK) for FortiAP models that support WPA3-SAE security modes.

When the security mode is set to WPA3-SAE or WPA3-SAE-Transition, the following options are available:

  • Hash-to-Element (H2E) only: Use hash-to-element-only mechanism for PWE derivation.
  • Simultaneous Authentication of Equals Public Key (SAE-PK):  Enable or disable WPA3 SAE-PK.
    • When SAE-PK authentication is enabled, you are required to set an SAE-PK private-key.
To enable H2E only - GUI:
  1. From the FortiGate GUI, navigate to WiFi & Switch Controller > SSIDs and click Create New > SSID.
  2. In Security mode, select either WPA3-SAE or WPA3-SAE-Transition.
  3. In SAE password, enter a password.

  4. Enable Hash-to-Element (H2E) only.

  5. When you are finished, click OK.

To enable SAE-PK - GUI:
  1. From the FortiGate GUI, navigate to WiFi & Switch Controller > SSIDs and click Create New > SSID.
  2. In Security mode, select either WPA3-SAE or WPA3-SAE-Transition.
  3. In SAE password, enter a password.

  4. Enable SAE-PK authentication.

  5. In SAE-PK private key, enter a private key.

  6. When you are finished, click OK.

To enable H2E only - CLI:
config wireless-controller vap
  edit "wifi"
    set ssid "Example_SSID"
    set security wpa3-sae
    set pmf enable
    set sae-h2e-only enable
    set schedule "always"
    set sae-password ENC *
  next
end
To enable SAE-PK - CLI:
config wireless-controller vap
  edit "wifi"
    set ssid "Example_SSID"
    set security wpa3-sae
    set pmf enable
    set sae-pk enable
    set sae-private-key "11"
    set schedule "always"
    set sae-password ENC *
  next
end

WPA3 enhancements to support H2E only and SAE-PK 7.2.1

This release supports WiFi 6 Release 2 security enhancements by adding support for Hash-to-Element (H2E) only and Simultaneous Authentication of Equals Public Key (SAE-PK) for FortiAP models that support WPA3-SAE security modes.

When the security mode is set to WPA3-SAE or WPA3-SAE-Transition, the following options are available:

  • Hash-to-Element (H2E) only: Use hash-to-element-only mechanism for PWE derivation.
  • Simultaneous Authentication of Equals Public Key (SAE-PK):  Enable or disable WPA3 SAE-PK.
    • When SAE-PK authentication is enabled, you are required to set an SAE-PK private-key.
To enable H2E only - GUI:
  1. From the FortiGate GUI, navigate to WiFi & Switch Controller > SSIDs and click Create New > SSID.
  2. In Security mode, select either WPA3-SAE or WPA3-SAE-Transition.
  3. In SAE password, enter a password.

  4. Enable Hash-to-Element (H2E) only.

  5. When you are finished, click OK.

To enable SAE-PK - GUI:
  1. From the FortiGate GUI, navigate to WiFi & Switch Controller > SSIDs and click Create New > SSID.
  2. In Security mode, select either WPA3-SAE or WPA3-SAE-Transition.
  3. In SAE password, enter a password.

  4. Enable SAE-PK authentication.

  5. In SAE-PK private key, enter a private key.

  6. When you are finished, click OK.

To enable H2E only - CLI:
config wireless-controller vap
  edit "wifi"
    set ssid "Example_SSID"
    set security wpa3-sae
    set pmf enable
    set sae-h2e-only enable
    set schedule "always"
    set sae-password ENC *
  next
end
To enable SAE-PK - CLI:
config wireless-controller vap
  edit "wifi"
    set ssid "Example_SSID"
    set security wpa3-sae
    set pmf enable
    set sae-pk enable
    set sae-private-key "11"
    set schedule "always"
    set sae-password ENC *
  next
end