802.1x authentication for wifi users

GauravPandya · ‎04-17-2024

Hello Everyone,

I want to implement 802.1x authentication on wifi users. We have FortiAPs managed by fortigate. I want to use device based authentication with certificate. If certificate exist in laptop/MAC then only users can connect to wifi.
I have gone through some admin guides and threads but it is not clear. Can somebody please reply with steps or document how I can achieve this requirement?
Thanks in advance.

AEK · ‎04-17-2024

Hello

If I'm not wrong FG can be in this case a basic RADIUS server (I see it in my SSID config) but it seems it is so basic so it doesn't support certificate authentication. In this case you may need an external RADIUS server, you will then configure it on FG (User & Device > RADIUS Servers) and use it as RADIUS server in your SSID as authentication server.

AEK

ndumaj · ‎04-17-2024

Hello @GauravPandya

Please find the guide from Microsoft for host configuration:
https://learn.microsoft.com/en-us/windows-server/networking/technologies/extensible-authentication-p...

Also this article that might help you:

https://community.fortinet.com/t5/FortiAP/Technical-Note-EAP-TLS-wireless-LAN-deployment-on-Android-...

BR

- Happy to help, hit like and accept the solution -

GauravPandya · ‎04-17-2024

Thanks. It really helps.

We have OKTA server so we will use OKTA as Radius server.

ndumaj · ‎04-17-2024

Great,
Happy to help you!

- Happy to help, hit like and accept the solution -

802.1x authentication for wifi users

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website