Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiNAC 8.8.0 Administration Guide
    8.8.0
    9.4.0
    9.2.0
    9.1.0
    8.8.0
    8.7.0
    8.6.0
    8.5.2
    8.3.0

    Add or modify a configuration

    Add or modify a configuration

    1. Select Policy > Policy Configuration.
    2. Expand Supplicant EasyConnect.
    3. Select Configuration.
    4. On the Supplicant Configurations window, click Add or select an existing configuration and click Modify.
    5. Click in the Name field and enter a name for this configuration.
    6. In the Security field, select a type from the drop-down list. Options include: Open, WEP, WPA, WPA2, WEP Enterprise, WPA Enterprise, WPA2 Enterprise.
    7. Click in the Password field to open the Password pop-up. This is the Pre-Shared Key. Enter the key twice to confirm that it is correct and click OK. The Password field does not display if Open, WPA2 Enterprise or WPA Enterprise is selected in the Security field.
    8. Click in the Cipher field and select AES, NONE or TKIP.
    9. In the EAP Type field, PEAP is the only option. EAP type does not display when Open, WEP or WPA is selected in the Security field.

    10. The Validate Server Certificate field applies only to Windows 7 and higher hosts.

      • If disabled, it disables the Validate Server certificate setting on the host and any certificate will be accepted.
      • If enabled, the host validates the certificate with the list of Trusted Root certificate Authorities listed in the host's certificate Manager. If the CA is not listed on the host, the user may have to connect to the secure SSID manually.
    11. If you have enabled WEP Enterprise, WPA Enterprise or WPA2 Enterprise the CA Certificate field is displayed. Browse to the CA or Root certificate from the CA that issued the SSL certificate used on your RADIUS server. Select the file and click Open.
    12. The CA Fingerprint field is displayed and automatically populated after a CA or Root certificate is uploaded and the supplicant configuration is saved.
    13. The Note field is optional.
    14. Click OK to save the configuration.
    Settings

    Field

    Definition

    Name

    User defined name for the configuration.

    SSID

    Name of the SSID being configured. This is not necessarily the SSID to which the host is connected. However, the agent will attempt to move the host to this SSID when the configuration is applied.

    A host can have supplicant configurations stored for multiple SSIDs.

    Security

    Indicates the type of encryption that will be used for connections to this SSID. Options include:

    • Open
    • WEP (PSK)
    • WPA (PSK)
    • WPA2 (PSK)
    • WEP Enterprise (PEAP)
    • WPA Enterprise (PEAP)
    • WPA2 Enterprise (PEAP)

    WPA Enterprise and WPA2 Enterprise are limited to PEAP-MSCHAPv2.

    Password

    Opens the Password pop-up. This is the Pre-Shared Key. Enter the key twice to confirm that it is correct and click OK. The Password field does not display if Open, WPA2 Enterprise or WPA Enterprise is selected in the Security field.

    The XML predefined characters ' " < > & are not supported.

    Cipher

    Encryption/decryption method used in conjunction with the information in the Security field to secure this connection. Options include:

    • AES
    • NONE
    • TKIP

    EAP Type

    Currently only PEAP is supported.

    Validate Server Certificate

    Applies only to Windows 7 and higher hosts. Default = Disabled.

    If disabled, it disables the Validate Server certificate setting on the host and any certificate will be accepted.

    If enabled, the host validates the certificate with the list of Trusted Root certificate Authorities listed in the host's certificate Manager. If the CA is not listed on the host, the user may have to connect to the secure SSID manually.

    CA Fingerprint

    Fingerprint parsed from the CA or Root certificate from the CA that issued the SSL certificate used to secure the RADIUS server. This field does not display until after the certificate has been uploaded and the supplicant configuration has been saved.

    CA Certificate

    This field is only displayed if you select WEP Enterprise, WPA Enterprise or WPA2 Enterprise in the Security field. Select Choose File to browse to and select the CA or Root certificate from the CA that issued the SSL certificate used to secure the RADIUS server. CA or Root certificates can be downloaded from the CA web site. Either PEM or binary format can be used.

    Note

    User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC.
    Previous
    Next

    Add or modify a configuration

    Add or modify a configuration

    1. Select Policy > Policy Configuration.
    2. Expand Supplicant EasyConnect.
    3. Select Configuration.
    4. On the Supplicant Configurations window, click Add or select an existing configuration and click Modify.
    5. Click in the Name field and enter a name for this configuration.
    6. In the Security field, select a type from the drop-down list. Options include: Open, WEP, WPA, WPA2, WEP Enterprise, WPA Enterprise, WPA2 Enterprise.
    7. Click in the Password field to open the Password pop-up. This is the Pre-Shared Key. Enter the key twice to confirm that it is correct and click OK. The Password field does not display if Open, WPA2 Enterprise or WPA Enterprise is selected in the Security field.
    8. Click in the Cipher field and select AES, NONE or TKIP.
    9. In the EAP Type field, PEAP is the only option. EAP type does not display when Open, WEP or WPA is selected in the Security field.

    10. The Validate Server Certificate field applies only to Windows 7 and higher hosts.

      • If disabled, it disables the Validate Server certificate setting on the host and any certificate will be accepted.
      • If enabled, the host validates the certificate with the list of Trusted Root certificate Authorities listed in the host's certificate Manager. If the CA is not listed on the host, the user may have to connect to the secure SSID manually.
    11. If you have enabled WEP Enterprise, WPA Enterprise or WPA2 Enterprise the CA Certificate field is displayed. Browse to the CA or Root certificate from the CA that issued the SSL certificate used on your RADIUS server. Select the file and click Open.
    12. The CA Fingerprint field is displayed and automatically populated after a CA or Root certificate is uploaded and the supplicant configuration is saved.
    13. The Note field is optional.
    14. Click OK to save the configuration.
    Settings

    Field

    Definition

    Name

    User defined name for the configuration.

    SSID

    Name of the SSID being configured. This is not necessarily the SSID to which the host is connected. However, the agent will attempt to move the host to this SSID when the configuration is applied.

    A host can have supplicant configurations stored for multiple SSIDs.

    Security

    Indicates the type of encryption that will be used for connections to this SSID. Options include:

    • Open
    • WEP (PSK)
    • WPA (PSK)
    • WPA2 (PSK)
    • WEP Enterprise (PEAP)
    • WPA Enterprise (PEAP)
    • WPA2 Enterprise (PEAP)

    WPA Enterprise and WPA2 Enterprise are limited to PEAP-MSCHAPv2.

    Password

    Opens the Password pop-up. This is the Pre-Shared Key. Enter the key twice to confirm that it is correct and click OK. The Password field does not display if Open, WPA2 Enterprise or WPA Enterprise is selected in the Security field.

    The XML predefined characters ' " < > & are not supported.

    Cipher

    Encryption/decryption method used in conjunction with the information in the Security field to secure this connection. Options include:

    • AES
    • NONE
    • TKIP

    EAP Type

    Currently only PEAP is supported.

    Validate Server Certificate

    Applies only to Windows 7 and higher hosts. Default = Disabled.

    If disabled, it disables the Validate Server certificate setting on the host and any certificate will be accepted.

    If enabled, the host validates the certificate with the list of Trusted Root certificate Authorities listed in the host's certificate Manager. If the CA is not listed on the host, the user may have to connect to the secure SSID manually.

    CA Fingerprint

    Fingerprint parsed from the CA or Root certificate from the CA that issued the SSL certificate used to secure the RADIUS server. This field does not display until after the certificate has been uploaded and the supplicant configuration has been saved.

    CA Certificate

    This field is only displayed if you select WEP Enterprise, WPA Enterprise or WPA2 Enterprise in the Security field. Select Choose File to browse to and select the CA or Root certificate from the CA that issued the SSL certificate used to secure the RADIUS server. CA or Root certificates can be downloaded from the CA web site. Either PEM or binary format can be used.

    Note

    User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC.
    Previous
    Next