We have WiFi networks with WPA2 Enterprise security successfully working in our environment. After recent firmware upgrade from v.5.2.3 to v.5.2.5 on all our FortiGate and FortiWifi boxes, old computers with Windows XP on them cannot connect to the wireless networks any longer.
Although we do not have many Windows XP installations left - none of them cannot connect to WPA2 Enterprise wireless networks. There was no such a problem before the upgrade.
All our FortiAPs units (FAP 220B, 320C, 321C) have the latest (v5.2.4 build 0245) on them.
Does anyone experience the same issue?
Thank you for any thoughts and ideas.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
VicAndr wrote:
Now, could someone explain (or, perhaps, point to some document or KB article) how a certificate being used in the course of WPA2-Enterprise client connection negotiation, and why disabling certificate validation on the client side still doesn't "fix" WiFi connectivity issue (in case of XP)?
This will just accept certificates which are not signed by a know ceritificate authority.
But the certificate will still be used to create an encrypted channel to exchange the authentication information.
localhost wrote:the certificate will still be used to create an encrypted channel to exchange the authentication information.
I think this answer put a final dot to the conversation.
Thank you localhost and all for the input.
Vic, turns out the root cause of your issue is that the RC4 cipher was removed in 5.2.5
Bromont wrote:Vic, turns out the root cause of your issue is that the RC4 cipher was removed in 5.2.5
Whether Fortinet is going to fix it (I mean putting RC4 cipher back into next maintenance release) or not - that is not so critical now (at least for me ). What is important - that explains the issue. Thank you, Bromont.
BTW, I received a similar response from TAC:
[strike][/strike][strike][/strike]Development has reproduced this issue and opened a bug for further investigation. Bug ID 0306827,Windows XP client failed to associate to FAP with local user group and remote Radius server
If they don't have plans to support XP any longer though, then, to avoid confusion, they should reflect that fact on Release Notes, and remove examples of how set Windows XP for WPA-Enterprise WiFi network from WiFi documentation.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.