Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
TMA
New Contributor

Pre-load SSID authentication type and password

Hello!

I'm replacing our Cisco Wi-Fi 2504 wireless controller and 2600 series APs with a Fortinet solution (431F & 433F APs paired with a FortiGate 600E internal wireless controller).

 

I am intending to use WPA3 with our WiFi6 compatible laptops and WPA2 with our WiFi5 laptops. The SSIDs are set to WAP3 SAE Transition.

 

The good news:

-Both WiFi6 & WiFi5 laptops are connecting with the intended authentication method and speed.

 

The question:

-How can I push the passphrase for a SSID to multiple laptops so that users will not need to enter the passphrase manually?

 

I did find an article that showed me how to use 'netsh' to export the SSID and passphrase to an XML file.  Then I created a batch file to use netsh to add the SSID to target computers.  It seemed to work, however, when the test user clicked on the SSID name in the Windows network list, the user was still asked to enter the passphrase.  Below are the basic commands.

-netsh wlan export profile key=clear folder="C:\stage\wifi6"

-netsh wlan add profile filename="C:/stage\wifi6\Wi-Fi-Corp.xml" user=current

I am guessing netsh was not the answer because the pre-shared key is not in the XML file?

 

I also tried to use group policy to push the SSID information, but WPA3 was not supported.

Just to see if it would work, I then tried to push the SSID configured with WPA2 authentication; however, I never came to a setting where I could enter the actual passphrase.

 

My next thought is to use PowerShell, but before spending time on that, I thought I might be wise to ask.  Has anyone found a method to pre-configure a SSID passphrase on a Windows 10 laptop?

 

Peace be with you...
Peace be with you...
1 Solution
TMA
New Contributor

Craig Beck on Experts Exchange gave me a suggestion that will help me complete the depolyment today. I will still bring up a RADIUS server and also update the ADMX for AD so that I can select WPA3.

The solution was to take away user=current from the netsh import command.

Peace be with you...

View solution in original post

Peace be with you...
2 REPLIES 2
Stephen_G
Moderator
Moderator

Hello TMA, 

 

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible. 

 

Thanks,

Stephen - Fortinet Community Team
TMA
New Contributor

Craig Beck on Experts Exchange gave me a suggestion that will help me complete the depolyment today. I will still bring up a RADIUS server and also update the ADMX for AD so that I can select WPA3.

The solution was to take away user=current from the netsh import command.

Peace be with you...
Peace be with you...
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors