Fortinet black logo

New Features

Home FortiManager 6.2.1 New Features

AP Manager support for WPA3 and phishing SSIDs

6.2.1
7.4.0
7.2.0
7.0.0
6.4.0
6.2.7
6.2.3
6.2.2
6.2.1
6.2.0
Copy Link
Copy Doc ID 97ad1787-8bb4-11e9-81a4-00505692583a:222063
Download PDF

AP Manager support for WPA3 and phishing SSIDs

You can use AP Manager to set WPA3 options when AP Manager is used for central management and for per-device management. You can also use AP Manager to report and suppress phishing SSIDs.

This topic contains the following sections:

Selecting WPA3 options for central management

This section describes how to select WPA3 options with AP Manager when central management is enabled.

To select WPA3 options for central management:
  1. Ensure that central management is enabled for AP Manager.
    1. Go to System Settings > All ADOMs.
    2. Double-click the ADOM to open it for editing.
    3. Beside Central Management, select FortiAP, and click OK.

  2. Go to AP Manager > WiFi Profiles > SSID.
  3. Create a new or edit an existing SSID.
  4. Select one of the following options for WPA3, and click OK:
    • OWE
    • WPA3 Enterprise
    • WPA3 SAE
    • WPA3 SAE Transition

    For example, select WPA3 SAE, and type a password in the SAE Password box.

  5. Assign the SSID to an AP profile.
    1. Click AP Profile.
    2. Create a new or edit an existing AP profile.
    3. Beside SSIDs, click Manual, and select the SSID.

    4. Click OK.
  6. Install the changes to FortiGate.

  7. Verify that the installation was successful.

Selecting WPA3 options for per-device management

This section describes how to select WPA3 options with AP Manager when central management is disabled and per-device management is enabled.

To select WPA3 options for per-device management:
  1. Ensure central management is disabled for AP Manager.
    1. Go to System Settings > All ADOMs.
    2. Double-click the ADOM to open it for editing.
    3. Beside Central Management, clear the FortiAP check box, and click OK.

  2. Go to AP Manager > WiFi Profiles.
  3. Select a FortiGate, and click the SSID tab.
  4. Create a new or edit an existing SSID.
  5. Select one of the following options for WPA3, and click OK:
    • OWE
    • WPA3 Enterprise
    • WPA3 SAE
    • WPA3 SAE Transition

    For example, select WPA3 SAE Transition.

  6. Install the changes to FortiGate.

  7. Verify the installation was successful.

Viewing rogue APs

When FortiManager is managing a FortiGate with phishing and fake SSID detection enabled, you can view the offending SSIDs in FortiManager.

To view rogue APs:
  1. Go to AP Manager > Managed APs.
  2. In the toolbar, click Rogue APs.

  3. Click Close.
Previous
Next

AP Manager support for WPA3 and phishing SSIDs

You can use AP Manager to set WPA3 options when AP Manager is used for central management and for per-device management. You can also use AP Manager to report and suppress phishing SSIDs.

This topic contains the following sections:

Selecting WPA3 options for central management

This section describes how to select WPA3 options with AP Manager when central management is enabled.

To select WPA3 options for central management:
  1. Ensure that central management is enabled for AP Manager.
    1. Go to System Settings > All ADOMs.
    2. Double-click the ADOM to open it for editing.
    3. Beside Central Management, select FortiAP, and click OK.

  2. Go to AP Manager > WiFi Profiles > SSID.
  3. Create a new or edit an existing SSID.
  4. Select one of the following options for WPA3, and click OK:
    • OWE
    • WPA3 Enterprise
    • WPA3 SAE
    • WPA3 SAE Transition

    For example, select WPA3 SAE, and type a password in the SAE Password box.

  5. Assign the SSID to an AP profile.
    1. Click AP Profile.
    2. Create a new or edit an existing AP profile.
    3. Beside SSIDs, click Manual, and select the SSID.

    4. Click OK.
  6. Install the changes to FortiGate.

  7. Verify that the installation was successful.

Selecting WPA3 options for per-device management

This section describes how to select WPA3 options with AP Manager when central management is disabled and per-device management is enabled.

To select WPA3 options for per-device management:
  1. Ensure central management is disabled for AP Manager.
    1. Go to System Settings > All ADOMs.
    2. Double-click the ADOM to open it for editing.
    3. Beside Central Management, clear the FortiAP check box, and click OK.

  2. Go to AP Manager > WiFi Profiles.
  3. Select a FortiGate, and click the SSID tab.
  4. Create a new or edit an existing SSID.
  5. Select one of the following options for WPA3, and click OK:
    • OWE
    • WPA3 Enterprise
    • WPA3 SAE
    • WPA3 SAE Transition

    For example, select WPA3 SAE Transition.

  6. Install the changes to FortiGate.

  7. Verify the installation was successful.

Viewing rogue APs

When FortiManager is managing a FortiGate with phishing and fake SSID detection enabled, you can view the offending SSIDs in FortiManager.

To view rogue APs:
  1. Go to AP Manager > Managed APs.
  2. In the toolbar, click Rogue APs.

  3. Click Close.
Previous
Next