FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
This article describes a scenario where FortiAP 231C running FortiAP firmware 6.0.4 and managed by FortiGate 900D on FortiOS 7.2.8 may fail to start the 802.11 4-way handshake, preventing clients from completing the WPA2/WPA3 association process.
Scope
FortiOS 7.2.8, FortiAP 231C version: 6.0.4.
Solution
The issue is resolved by adjusting the Data Channel Security between the FortiGate and the FortiAP to DTLS.
In FortiOS 7.2.x, the Data Channel Security parameter can operate in the following modes:
Clear Text
IPsec VPN
DTLS (recommended for this combination of versions and models)
Legacy models such as the FortiAP-C series may exhibit compatibility issues when using Clear Text or IPsec, leading to failures in the WPA/WPA2/WPA3 key exchange process and preventing the 4-way handshake from starting.
