Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sreddi
Staff
Staff

Created on ‎10-09-2020 08:37 AM Edited on ‎07-02-2025 11:46 PM By Community Manager

Article Id 193513

Technical Tip: How to set minimum 8 characters for configuring pre-shared key for WPA/WPA2-Personal SSID

Description


This article describes that starting from v6.2.1, the minimum length constraints for WPA/WPA2 SSID are set to 12. This article describes the way to set it to 8 characters.

 

Scope

 

FortiGate.


Solution


With the wfa-compatibility command for compatibility with previous WiFi specifications, the command only controls the minimum length of PSK in WPA/WPA2-Personal SSID.

When disabled, the Pre-Shared Key (PSK) has to contain 12 or more characters. By default it is disabled for security enforcement.

Users will get the below error if they try to give any password less than 12 characters.
The current passphrase is invalid. Has to be 12 to 63 characters long or 64 hex digits

To overcome this, enable the 'wfa-compatibility' so that minimum length is set to 8 characters.

 

config wireless-controller setting
    set wfa-compatibility enable
end

 

From FortiManager, it is possible to follow under Manage device, choose FortiGate, go to CLI configuration, search wireless-controller -> Settings, find wfa-compatibility, enable, and select 'OK'.

 

Screenshot 2025-07-03 082939.png

4826
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.