On FortiGate units, go to WiFi Controller > WiFi Network > SSID to configure wireless security settings for either a new or existing virtual access point.

The default SSID for the FortiAP is “fortinet”. You must change this.

The Security Mode must be set to one of the WPA/WPA2 modes. Both WPA or WPA2 clients can be served. In the CLI, you can optionally select exclusively WPA or WPA2 operation.

AES is stronger Data Encryption than TKIP.

WPA/WPA2-Enterprise Authentication uses separate logon credentials for each user. Either FortiGate user group security or an external RADIUS server performs the authentication. Optionally, certificate-based security can also be applied. WPA/WPA2-Personal authentication requires a single pre-shared key that is used by all clients and is thus less secure.

For detailed information about wireless access points, see the Deploying Wireless Networks chapter of this FortiOS Handbook.