FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Solution Once the mpsk local-bridge SSID with local-standalone is created on the fortigate and added to the FortiAP. The FortiAPis receiving the MPSK ssid configuration like mpsk key, concurrent client count etc.
To verify whether the FortiAP received the MPSK configuration, follow the below steps. From the FortiAP CLI (enable SSH on WTP-profile).
By direct SSH to the FortiAP or SSH from the FortiGate as below.
FGT# exec ssh admin@xxx.xxx.xxx.xxx <----- xxx IP address of the FortiAP. FortiAP-W2 # h_diag mpsk-info SSID config (001/002): SSID(mpsk-xxx) VAP(wlan16) refcnt(1) Password name (001/001): test, simple00000 mac-binding: 00:00:00:00:00:00 sta cnt(0) type (0) max sta cnt(unlimited) vlan_type(0) vlan_id(0) schedule_cnt(1) schedules :SMTWTFS 00:00->00:00, PMK: cxxxxxxxxxx0b8ff9bf2f79c37de84 SSID config (002/002): SSID(mpsk-xxx) VAP(wlan03) refcnt(1) Password name (001/001): test, simple00000 mac-binding: 00:00:00:00:00:00 sta cnt(0) type (0) max sta cnt(unlimited) vlan_type(0) vlan_id(0) schedule_cnt(1) schedules :SMTWTFS 00:00->00:00, PMK: cxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxb8ff9bf2f79c37de84
MPSK information will be pushed to FortiAP only for the local-bridge SSID with local-standalone enabled. Hence this output will be available only those FortiAP which has this SSID mapped.
For Local-bridge SSID with standalone enabled but MPSK disabled, then the same output will look as below.
FortiAP # h_diag mpsk-info SSID config (001/002): SSID(ssid) VAP(wlan16) refcnt(1) MPSK is disabled on this SSID. SSID config (002/002): SSID(ssid) VAP(wlan03) refcnt(1) MPSK is disabled on this SSID.
