Add or modify a configuration
- Select Policy & Objects.
- Expand Supplicant EasyConnect.
- Select Configuration.
- On the Supplicant Configurations window, click Add or select an existing configuration and click Modify.
- Click in the Name field and enter a name for this configuration.
- In the Security field, select a type from the drop-down list. Options include: Open, WEP, WPA, WPA2, WEP Enterprise, WPA Enterprise, WPA2 Enterprise.
- Click in the Password field to open the Password pop-up. This is the Pre-Shared Key. Enter the key twice to confirm that it is correct and click OK. The Password field does not display if Open, WPA2 Enterprise or WPA Enterprise is selected in the Security field.
- Click in the Cipher field and select AES, NONE or TKIP.
- In the EAP Type field, PEAP is the only option. EAP type does not display when Open, WEP or WPA is selected in the Security field.
-
The Validate Server Certificate field applies only to Windows 7 and higher hosts.
- If disabled, it disables the Validate Server certificate setting on the host and any certificate will be accepted.
- If enabled, the host validates the certificate with the list of Trusted Root certificate Authorities listed in the host's certificate Manager. If the CA is not listed on the host, the user may have to connect to the secure SSID manually.
- If you have enabled WEP Enterprise, WPA Enterprise or WPA2 Enterprise the CA Certificate field is displayed. Browse to the CA or Root certificate from the CA that issued the SSL certificate used on your RADIUS server. Select the file and click Open.
- The CA Fingerprint field is displayed and automatically populated after a CA or Root certificate is uploaded and the supplicant configuration is saved.
- The Note field is optional.
- Click OK to save the configuration.
Settings
Field |
Definition |
---|---|
Name |
User defined name for the configuration. |
SSID |
Name of the SSID being configured. This is not necessarily the SSID to which the host is connected. However, the agent will attempt to move the host to this SSID when the configuration is applied. A host can have supplicant configurations stored for multiple SSIDs. |
Security |
Indicates the type of encryption that will be used for connections to this SSID. Options include:
WPA Enterprise and WPA2 Enterprise are limited to PEAP-MSCHAPv2. |
Password |
Opens the Password pop-up. This is the Pre-Shared Key. Enter the key twice to confirm that it is correct and click OK. The Password field does not display if Open, WPA2 Enterprise or WPA Enterprise is selected in the Security field. The XML predefined characters ' " < > & are not supported. |
Cipher |
Encryption/decryption method used in conjunction with the information in the Security field to secure this connection. Options include:
|
EAP Type |
Currently only PEAP is supported. |
Validate Server Certificate |
Applies only to Windows 7 and higher hosts. Default = Disabled. If disabled, it disables the Validate Server certificate setting on the host and any certificate will be accepted. If enabled, the host validates the certificate with the list of Trusted Root certificate Authorities listed in the host's certificate Manager. If the CA is not listed on the host, the user may have to connect to the secure SSID manually. |
CA Fingerprint |
Fingerprint parsed from the CA or Root certificate from the CA that issued the SSL certificate used to secure the RADIUS server. This field does not display until after the certificate has been uploaded and the supplicant configuration has been saved. |
CA Certificate |
This field is only displayed if you select WEP Enterprise, WPA Enterprise or WPA2 Enterprise in the Security field. Select Choose File to browse to and select the CA or Root certificate from the CA that issued the SSL certificate used to secure the RADIUS server. CA or Root certificates can be downloaded from the CA web site. Either PEM or binary format can be used. |
Note |
User specified note field. This field may contain notes regarding the conversion from a previous version of FortiNAC. |