Protecting the WiFi Network

Leave a reply

Configuring encryption on the FortiGate unit

You can use the CLI to configure data channel encryption.

 

 

Enabling encryption

In the CLI, the wireless wtp-profile command contains a new field, dtls-policy, with options clear-text and dtls-enabled. To enable encryption in profile1 for example, enter:

config wireless-controller wtp-profile edit profile1

set dtls-policy dtls-enabled end

 

Configuring encryption on the FortiAP unit

The FortiAP unit has its own settings for data channel encryption.

 

 

Enabling CAPWAP encryption – FortiAP web-based manager

1. On the System Information page, in WTP Configuration > AC Data Channel Security, select one of:

  • Clear Text
  • DTLS Enabled
  • Clear Text or DTLS Enabled (default)

2. Select Apply.

 

Enabling encryption – FortiAP CLI

You can set the data channel encryption using the AC_DATA_CHAN_SEC variable: 0 is Clear Text, 1 is DTLS Enabled, 2 (the default) is Clear Text or DTLS Enabled.

For example, to set security to DTLS and then save the setting, enter

cfg -a AC_DATA_CHAN_SEC=1 cfg -c

Pages: 1 2 3

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.