You can enhance the security of communication between a FortiGate wireless controller and a FortiAP unit by applying DTLS encryption to the data channel.

There are data channel encryption settings on both the FortiGate unit and the FortiAP unit. At both ends, you can enable Clear Text, DTLS encryption or both. The settings must agree or the FortiAP unit will not be able to join the WiFi network. By default, both Clear Text and DTLS-encrypted communication are enabled on the FortiAP unit, allowing the FortiGate setting to determine whether data channel encryption is used. If the FortiGate unit also enables both Clear Text and DTLS, Clear Text is used.

Data channel encryption settings are located in the Custom AP profile. If you use Automatic profile, only Clear Text is supported.