Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Toshi_Esumi
Esteemed Contributor II

No "wpa3-sae+captive-portal"?

Not sure if this is because WPA3 SAE's spec is not allowing or making this combination useless/meaningless. But with our 6.4.10 wireless-controller on a FGT, I don't seem to have an option for wpa3-sae+captive-portal in the VAP's security setting, while it's available with wpa2-personal.
Can someone explain why it's not there?

 

Thanks,

 

Toshi

5 REPLIES 5
Jean-Philippe_P
Moderator
Moderator

Hello Toshi_Esumi!

 

Thanks for posting on the Fortinet Community Forum!

 

I found this documentation, can you tell me if it helped you please :

 

https://docs.fortinet.com/document/fortiap/7.2.0/fortiwifi-and-fortiap-configuration-guide/233803/wp...

 

Kindest regards,

Jean-Philippe - Fortinet Community Team
Toshi_Esumi
Esteemed Contributor II

This just explain what you can configure. It doesn't say why "wpa3-sae+captive-portal" can NOT be configured.

 

Toshi

Jean-Philippe_P

Hello Toshi_Esumi, 

 

Sorry that it can not help you. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks, 

Jean-Philippe - Fortinet Community Team
vpatil
Staff
Staff

@Toshi_Esumi 

 

Per FGT v7.2.x docs - The following WPA3 security modes are supported by FortiGate devices running FortiOS 6.2.0 and later, and FortiAP-S and FortiAP-W2 device running 6.2.0 and later:

 

  • WPA3-Enterprise
  • WPA3-Simultaneous Authentication of Equals (SAE)
  • WPA3-SAE Transition
  • Opportunistic Wireless Encryption (OWE)
  • OWE Transition

https://docs.fortinet.com/document/fortiap/7.2.0/fortiwifi-and-fortiap-configuration-guide/233803/wp...

 

Please log a FortiAP ticket with the Support to check if WPA3+captive-portal feature is supported or should this be a new Feature Request.

 

 

vpatil
Toshi_Esumi
Esteemed Contributor II

@vpatil

 

Do you know why WPA3-SAE with captive portal was not included?

My main concern is currently the way to redirect user to a specific landing page with WPA2 is to set WPA2-personal + captive portal, which we can't do with WPA3-SAE w/o captive portal. Is there a way around?

 

Toshi