WPA2 WiFi access control

Facebooktwittergoogle_plusredditpinterestlinkedinFacebooktwittergoogle_plusredditpinterestlinkedin

In this example, you will improve your WiFi security with WPA2 enterprise authentication.

In the Setting up WiFi with FortiAP recipe, you set up a WiFi network with a single pre-shared key. In this example, there is no longer a pre-shared key that could fall into the wrong hands, or that needs to be changed if someone leaves the company. Each user has an individual user account and password, and accounts can be added or removed later as needed.

This example shows how to authenticate local FortiGate users. You can also integrate WPA2 security with most 3rd party authentication solutions including RADIUS.

 1. Create user accounts 

 

Go to User & Device > User > User Definition and create a Local user.

Create additional users as needed. You can use any authentication method.

 

 2. Create a user group

 

Go to User & Device > User > User Groups.

Create a user group for employees and add the new user(s) to the group.

 

3. Create the SSID and enable the WiFi radio

Go to WiFi Controller > WiFi Network > SSID and configure your wireless network.  
Configure DHCP addressing for clients.  
Configure WPA2-Enterprise authentication using the employees user group.  

4. Create the security policy

Create an address for your SSID, using the same IP range that was set on the DHCP server.
Go to Policy & Objects > Policy > IPv4 and create a policy allowing WiFi users to connect to the Internet.   

Results

Users who are members of the employees group can log on to the WiFi network using their username and password.

Go to WiFi Controller > Monitor > Client Monitor to see connected users.

 

For further reading, check out Deploying Wireless Networks in the FortiOS 5.2 Handbook.

Jonathan Coles

Jonathan Coles

Technical Writer at Fortinet
Jonathan Coles is part of the FortiOS Technical Documentation team in Ottawa. He has a B.A. in English from the University of Waterloo and an Electronics Technologist diploma from Conestoga College. Long ago at another company he convinced a documentation manager that he could write. After writing about telephone PBXs, text search software, cell tower planning software, and some less memorable things, he joined Fortinet around the time that FortiOS 3.0 was released.
Jonathan Coles

Latest posts by Jonathan Coles (see all)

  • Was this helpful?
  • Yes   No
  • abdul razak k

    Is it possible to authenticate with LDAP server

  • chriskady

    since one thumbs up