Configuring encryption on the FortiGate unit
You can use the CLI to configure data channel encryption.
Enabling encryption
In the CLI, the wireless wtp-profile command contains a new field, dtls-policy, with options clear-text and dtls-enabled. To enable encryption in profile1 for example, enter:
config wireless-controller wtp-profile edit profile1
set dtls-policy dtls-enabled end
Configuring encryption on the FortiAP unit
The FortiAP unit has its own settings for data channel encryption.
Enabling CAPWAP encryption – FortiAP web-based manager
1. On the System Information page, in WTP Configuration > AC Data Channel Security, select one of:
- Clear Text
- DTLS Enabled
- Clear Text or DTLS Enabled (default)
2. Select Apply.
Enabling encryption – FortiAP CLI
You can set the data channel encryption using the AC_DATA_CHAN_SEC variable: 0 is Clear Text, 1 is DTLS Enabled, 2 (the default) is Clear Text or DTLS Enabled.
For example, to set security to DTLS and then save the setting, enter
cfg -a AC_DATA_CHAN_SEC=1 cfg -c
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!