Using the web-based manager, you can configure Open Portal security or Wi-Fi Protected Access (WPA) security modes WPA-Personal and WPA-Enterprise. The WPA options support both WPA and WPA2, which has additional security improvements. Using the CLI, you can also choose WPA-only and WPA2-only modes.

Using the CLI, you can also choose Wireless Equivalent Privacy (WEP) modes. WEP modes are much less secure and are provided for legacy support only. Wherever possible, use WPA security.

WPA security with a preshared key for authentication is called WPA-Personal. This can work well for one person a small group of trusted people. But, as the number of users increases, it is difficult to distribute new keys securely and there is increased risk that the key could fall into the wrong hands.

A more secure form of WPA security is WPA-Enterprise. Users each have their own authentication credentials, verified through an authentication server, usually RADIUS. FortiOS can also authenticate WPA-Enterprise users through its built-in user group functionality. FortiGate user groups can include RADIUS servers and can select users by RADIUS user group. This makes possible Role-Based Access Control (RBAC).

WPA security can encrypt communication with either Temporal Key Integrity Protocol (TKIP) or Advanced Encryption Standard (AES). AES is the preferred encryption, but some older wireless clients do not support it. You can select the encryption during setup.

Captive Portal security connects users to an open web portal defined in replacement messages. To navigate to any location beyond the web portal, the user must pass FortiGate user authentication.