Protecting the WiFi Network

Configuring encryption on the FortiGate unit

You can use the CLI to configure data channel encryption.

 

 

Enabling encryption

In the CLI, the wireless wtp-profile command contains a new field, dtls-policy, with options clear-text and dtls-enabled. To enable encryption in profile1 for example, enter:

config wireless-controller wtp-profile edit profile1

set dtls-policy dtls-enabled end

 

Configuring encryption on the FortiAP unit

The FortiAP unit has its own settings for data channel encryption.

 

 

Enabling CAPWAP encryption – FortiAP web-based manager

1. On the System Information page, in WTP Configuration > AC Data Channel Security, select one of:

  • Clear Text
  • DTLS Enabled
  • Clear Text or DTLS Enabled (default)

2. Select Apply.

 

Enabling encryption – FortiAP CLI

You can set the data channel encryption using the AC_DATA_CHAN_SEC variable: 0 is Clear Text, 1 is DTLS Enabled, 2 (the default) is Clear Text or DTLS Enabled.

For example, to set security to DTLS and then save the setting, enter

cfg -a AC_DATA_CHAN_SEC=1 cfg -c


Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Leave a Reply

Name *
Email *
Website

This site uses Akismet to reduce spam. Learn how your comment data is processed.