Hello there!
related link:
wpa3-enhancements-to-support-h2e-only-and-sae-pk-7-2-1
I have recently purchased Fortigate 40F together with FortiAP 231F, to set up a WLAN environment in my laboratory to test iot equipments. What I am interested in is "SAE public key" as introduced as part of WPA3 R3 spec, and it is introduced as a new feature since FortiOS 7.2.0.
My question is:
Has anyone ever tried to associate a SAE-PK-capable STA with a FortiAP(7.2.1 or newer) that support SAE-PK? If so, is there any tutorial simple enough to guide us through the first integration with regard to this SAE-PK authentication. For example, how to configure wpa_supplicant and what is the wireless sniffer capture like?
P.S:
Whenever I unclick the local standalone option, the SSID turns OFF automatically.
Somehow there is a rule between the "SAE-PK authentication" and "local standalone" parameter?
However, it can be found nowhere in any document.
Thank you very much, experts.
Solved! Go to Solution.
Through days of debugging and testing, it comes to a happy ending.
The story can be told in brief:
1. the latest fortiOS 7.2.4 has newly introduced a feature to check your SAE password and SAE-PK private Key at runtime, YOU SHALL NOT PASS unless you input the valid SAE password and SAE-PK private key PAIR.
Unfortunately, there's no such check and remind mechanism back in 7.2.3, so that
a wrong configuration will be activated down to FortiAp, leading to the FortiAP ending up
with malfunctional BSS. That's why I have seen radio LED OFF.
2. How to generate these two attributes? Please refer to the github page https://github.com/vanhoefm/hostap-wpa3/
3. TAC fella said there will be updates in documents to deal with this stuff.
Cheers, Experts!
WPA3-SAE is just a PSK. You should only need to configure that PSK on the WPA3 capable device.
Sorry, It's "SAE-PK" or "SAE public key" , not PSK, as known as pre shared key.
But it still uses a PSK, and, if I understand correctly, happens automatically through the WPA3 spec: https://www.wi-fi.org/beacon/thomas-derham-nehru-bhandaru/wi-fi-certified-wpa3-december-2020-update-...
Whatever so-called "PSK" understanding is, WPA3 spec tells, that's it.
Anyone had a go with SAE-PK? Yes or no? Of course, transition disabled.
And whenever I unclick the "local standalone" option while SAE-PK is enabled under SSID setting, the FortiAP radio LED is sure to go off with this radio turned off.
Do you know what is the trick here? Is there any documents carrying this fact?
update.
Through days of debugging and testing, it comes to a happy ending.
The story can be told in brief:
1. the latest fortiOS 7.2.4 has newly introduced a feature to check your SAE password and SAE-PK private Key at runtime, YOU SHALL NOT PASS unless you input the valid SAE password and SAE-PK private key PAIR.
Unfortunately, there's no such check and remind mechanism back in 7.2.3, so that
a wrong configuration will be activated down to FortiAp, leading to the FortiAP ending up
with malfunctional BSS. That's why I have seen radio LED OFF.
2. How to generate these two attributes? Please refer to the github page https://github.com/vanhoefm/hostap-wpa3/
3. TAC fella said there will be updates in documents to deal with this stuff.
Cheers, Experts!
So how is this done in the Windows world? I'm pretty new to all of this and haven't been able to figure out how to generate a password out of a private key. Thank you!
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1740 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.