Skip to main content
kliew
kliew
New Member
November 10, 2011
Question

WPA2-Enterprise

  • November 10, 2011
  • 5 replies
  • 8438 views
Hi Forum Users. Has anyone managed to get WPA2-Enterprise security working before with FortiAP220B, FortiOS 4.3.x using local firewall user group, with Windows 7 laptops ? I' ve tried adding the FortiWifi' s certificate' s onto the Trusted Root but it still doesn' t work

    5 replies

    VicAndr
    VicAndr
    New Member
    January 6, 2012
    Usually WPA2-Enterprise WiFi security is set to work in conjunction with RADIUS authentication. But if you configure local user group on firewall for the same security mode - it will work too. As long as wireless clients support WPA2-Enterprise (and Windows 7 certaintly does) - they would be able to logon to WLAN regardless whether you use RADIUS or local group on the firewall. There is one bug on a FortiGate to watch for though. The bug occurs when configuring the SSID and if you set an interface name longer than 12 Characters, the client fails to authenticate onto the wireless LAN. So make sure the wireless interface name is lower than 12 characters! Good luck, VA
    pcraponi
    pcraponi
    New Member
    January 6, 2012
    Hi, WPA2 enterprise need authenticate using mschap v2. If local firewall are clear text or PAP/CHAP, maybe this is the problem of your issue. I don' t know how is the local firewall user encryption, but this is why LDAP cannot be used with the FGT to authenticate wireless clients instead Radius Regards, Paulo Raponi
    bmekler
    bmekler
    New Member
    March 5, 2012
    Also, if you' re using Windows NPS to provide RADIUS authentication with PEAP, make sure you have a valid - i.e. not self-signed - certificate installed on the server, and that it' s not a wildcard certificate - anything with a name will work, doesn' t matter what that name is.
    xpoadmin
    xpoadmin
    New Member
    March 26, 2012
    We are trying to something similar and it isn' t working... Have Fortigate v4.0 MR3 Patch 5 and a FortiAP 220B access point and Windows 7 client. We are using LDAP authentication to a back-end AD Win2KR2 server. Trying to setup a hidden SSID and have users wireless connect to this hidden SSID and be prompted using their AD credentials. The key here is we are using LDAP and don' t have a RADIUS server. Can we make it work. We are using this fine for ipsec and ssl vpn client connections? Windows 7 client fails to make the connection and we aren' t sure why. We see no IP traffic logged on the Fortigate (diag deb sniffer)... Seems to be a negotiation issue between the client and the AP. In Monitoring, we see the client mac address and a " authenticating" state.
    Carl_Wallmark
    Carl_Wallmark
    New Member
    March 27, 2012
    I have both (LDAP and local firewall account) setups working correct. Take a look in this PDF, start at page 55, you will see how the clients should be configured. http://docs.fortinet.com/fgt/handbook/40mr3/fortigate-wireless-40-mr3.pdf
    Terms & ConditionsAccessibility statement