Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
VicAndr
New Contributor III

FortiOS v5.2.5: Windows XP cannot connect to WPA2 Enterprise WiFi

We have WiFi networks with WPA2 Enterprise security successfully working in our environment. After recent firmware upgrade from v.5.2.3 to v.5.2.5 on all our FortiGate and FortiWifi boxes, old computers with Windows XP on them cannot connect to the wireless networks any longer.

 

Although we do not have many Windows XP installations left - none of them cannot connect to WPA2 Enterprise wireless networks. There was no such a problem before the upgrade.

 

All our FortiAPs units (FAP 220B, 320C, 321C) have the latest (v5.2.4 build 0245) on them.

 

Does anyone experience the same issue?

 

Thank you for any thoughts and ideas.

1 Solution
localhost

VicAndr wrote:

 

Now, could someone explain (or, perhaps, point to some document or KB article) how a certificate being used in the course of WPA2-Enterprise client connection negotiation, and why disabling certificate validation on the client side still doesn't "fix" WiFi connectivity issue (in case of XP)?

This will just accept certificates which are not signed by a know ceritificate authority.

But the certificate will still be used to create an encrypted channel to exchange the authentication information.

View solution in original post

22 REPLIES 22
VicAndr
New Contributor III

localhost wrote:

the certificate will still be used to create an encrypted channel to exchange the authentication information.

 

I think this answer put a final dot to the conversation.

 

Thank you localhost and all for the input.

Bromont_FTNT

Vic, turns out the root cause of your issue is that the RC4 cipher was removed in 5.2.5

VicAndr
New Contributor III

Bromont wrote:

Vic, turns out the root cause of your issue is that the RC4 cipher was removed in 5.2.5

Whether Fortinet is going to fix it (I mean putting RC4 cipher back into next maintenance release) or not - that is not so critical now (at least for me ). What is important - that explains the issue. Thank you, Bromont.

 

BTW, I received a similar response from TAC:

[strike][/strike]

Development has reproduced this issue and opened a bug for further investigation.  Bug ID 0306827,Windows XP client failed to associate to FAP with local user group and remote Radius server

[strike][/strike]

 

If they don't have plans to support XP any longer though, then, to avoid confusion, they should reflect that fact on Release Notes, and remove examples of how set Windows XP for WPA-Enterprise WiFi network from WiFi documentation.

Labels
Top Kudoed Authors