Fortinet white logo
Fortinet white logo

Administration Guide

Add/modify a configuration

Add/modify a configuration

  1. Select Policy > Policy Configuration.
  2. In the menu on the left click the + sign next to Supplicant EasyConnect.
  3. From the menu on the left select Configuration.
  4. On the Supplicant Configurations window, click the Add button or select an existing configuration and click Modify.
  5. Click in the Name field and enter a name for this configuration.
  6. In the Security field, select a type from the drop-down list. Options include: Open, WEP, WPA, WPA2, WEP Enterprise, WPA Enterprise, WPA2 Enterprise.
  7. Click in the Password field to open the Password pop-up. This is the Pre-Shared Key. Enter the key twice to confirm that it is correct and click OK. The Password field does not display if Open, WPA2 Enterprise or WPA Enterprise is selected in the Security field.
  8. Click in the Cipher field and select AES, NONE or TKIP.
  9. In the EAP Type field, PEAP is the only option. EAP type does not display when Open, WEP or WPA is selected in the Security field.
  10. The Validate Server Certificate field applies only to Windows 7 and higher hosts.

    • If disabled, it disables the Validate Server Certificate setting on the host and any certificate will be accepted.
    • If enabled, the host validates the Certificate with the list of Trusted Root Certificate Authorities listed in the host's Certificate Manager. If the Certificate Authority is not listed on the host, the user may have to connect to the secure SSID manually.
  11. If you have enabled WEP Enterprise, WPA Enterprise or WPA2 Enterprise the CA Certificate field is displayed. Browse to the CA or Root Certificate from the certificate authority that issued the SSL Certificate used on your RADIUS server. Select the file and click Open.
  12. The CA Fingerprint field is displayed and automatically populated after a CA or Root Certificate is uploaded and the Supplicant Configuration is saved.
  13. The Note field is optional.
  14. Click OK to save the configuration.
Settings

Field

Definition

Name

User defined name for the Configuration.

SSID

Name of the SSID being configured. This is not necessarily the SSID to which the host is connected. However, the agent will attempt to move the host to this SSID when the configuration is applied.

Note

A host can have Supplicant Configurations stored for multiple SSIDs.

Security

Indicates the type of encryption that will be used for connections to this SSID. Options include:

  • Open
  • WEP (PSK)
  • WPA (PSK)
  • WPA2 (PSK)
  • WEP Enterprise (PEAP)
  • WPA Enterprise (PEAP)
  • WPA2 Enterprise (PEAP)
Note

WPA Enterprise and WPA2 Enterprise are limited to PEAP-MSCHAPv2.

Password

Opens the Password pop-up. This is the Pre-Shared Key. Enter the key twice to confirm that it is correct and click OK. The Password field does not display if Open, WPA2 Enterprise or WPA Enterprise is selected in the Security field.

Note

The XML predefined characters ' " < > & are not supported.

Cipher

Encryption/decryption method used in conjunction with the information in the Security field to secure this connection. Options include:

  • AES
  • NONE
  • TKIP

EAP Type

Currently only PEAP is supported.

Validate Server Certificate

Applies only to Windows 7 and higher hosts. Default = Disabled.

If disabled, it disables the Validate Server Certificate setting on the host and any certificate will be accepted.

If enabled, the host validates the Certificate with the list of Trusted Root Certificate Authorities listed in the host's Certificate Manager. If the Certificate Authority is not listed on the host, the user may have to connect to the secure SSID manually.

CA Fingerprint

Fingerprint parsed from the CA or Root Certificate from the certificate authority that issued the SSL Certificate used to secure the RADIUS server. This field does not display until after the certificate has been uploaded and the Supplicant Configuration has been saved.

CA Certificate

This field is only displayed if you select WEP Enterprise, WPA Enterprise or WPA2 Enterprise in the Security field. Use the Choose File button to browse to and select the CA or Root certificate from the certificate authority that issued the SSL Certificate used to secure the RADIUS server. CA or Root certificates can be downloaded from the certificate authority web site. Either PEM or binary format can be used.

Note

User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC.

Add/modify a configuration

Add/modify a configuration

  1. Select Policy > Policy Configuration.
  2. In the menu on the left click the + sign next to Supplicant EasyConnect.
  3. From the menu on the left select Configuration.
  4. On the Supplicant Configurations window, click the Add button or select an existing configuration and click Modify.
  5. Click in the Name field and enter a name for this configuration.
  6. In the Security field, select a type from the drop-down list. Options include: Open, WEP, WPA, WPA2, WEP Enterprise, WPA Enterprise, WPA2 Enterprise.
  7. Click in the Password field to open the Password pop-up. This is the Pre-Shared Key. Enter the key twice to confirm that it is correct and click OK. The Password field does not display if Open, WPA2 Enterprise or WPA Enterprise is selected in the Security field.
  8. Click in the Cipher field and select AES, NONE or TKIP.
  9. In the EAP Type field, PEAP is the only option. EAP type does not display when Open, WEP or WPA is selected in the Security field.
  10. The Validate Server Certificate field applies only to Windows 7 and higher hosts.

    • If disabled, it disables the Validate Server Certificate setting on the host and any certificate will be accepted.
    • If enabled, the host validates the Certificate with the list of Trusted Root Certificate Authorities listed in the host's Certificate Manager. If the Certificate Authority is not listed on the host, the user may have to connect to the secure SSID manually.
  11. If you have enabled WEP Enterprise, WPA Enterprise or WPA2 Enterprise the CA Certificate field is displayed. Browse to the CA or Root Certificate from the certificate authority that issued the SSL Certificate used on your RADIUS server. Select the file and click Open.
  12. The CA Fingerprint field is displayed and automatically populated after a CA or Root Certificate is uploaded and the Supplicant Configuration is saved.
  13. The Note field is optional.
  14. Click OK to save the configuration.
Settings

Field

Definition

Name

User defined name for the Configuration.

SSID

Name of the SSID being configured. This is not necessarily the SSID to which the host is connected. However, the agent will attempt to move the host to this SSID when the configuration is applied.

Note

A host can have Supplicant Configurations stored for multiple SSIDs.

Security

Indicates the type of encryption that will be used for connections to this SSID. Options include:

  • Open
  • WEP (PSK)
  • WPA (PSK)
  • WPA2 (PSK)
  • WEP Enterprise (PEAP)
  • WPA Enterprise (PEAP)
  • WPA2 Enterprise (PEAP)
Note

WPA Enterprise and WPA2 Enterprise are limited to PEAP-MSCHAPv2.

Password

Opens the Password pop-up. This is the Pre-Shared Key. Enter the key twice to confirm that it is correct and click OK. The Password field does not display if Open, WPA2 Enterprise or WPA Enterprise is selected in the Security field.

Note

The XML predefined characters ' " < > & are not supported.

Cipher

Encryption/decryption method used in conjunction with the information in the Security field to secure this connection. Options include:

  • AES
  • NONE
  • TKIP

EAP Type

Currently only PEAP is supported.

Validate Server Certificate

Applies only to Windows 7 and higher hosts. Default = Disabled.

If disabled, it disables the Validate Server Certificate setting on the host and any certificate will be accepted.

If enabled, the host validates the Certificate with the list of Trusted Root Certificate Authorities listed in the host's Certificate Manager. If the Certificate Authority is not listed on the host, the user may have to connect to the secure SSID manually.

CA Fingerprint

Fingerprint parsed from the CA or Root Certificate from the certificate authority that issued the SSL Certificate used to secure the RADIUS server. This field does not display until after the certificate has been uploaded and the Supplicant Configuration has been saved.

CA Certificate

This field is only displayed if you select WEP Enterprise, WPA Enterprise or WPA2 Enterprise in the Security field. Use the Choose File button to browse to and select the CA or Root certificate from the certificate authority that issued the SSL Certificate used to secure the RADIUS server. CA or Root certificates can be downloaded from the certificate authority web site. Either PEM or binary format can be used.

Note

User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC.