Chapter 6 Deploying Wireless Networks for FortiOS 5.0 : Configuring a WiFi LAN : Defining a wireless network interface (SSID) : Configuring security : WPA-Enterprise security
  
WPA-Enterprise security
If you will use FortiOS user groups for authentication, go to User & Device > User > User Group and create those groups first. The groups should be Firewall groups.
If you will use a RADIUS server to authenticate wireless clients, you must first configure the FortiGate unit to access the RADIUS server.
To configure FortiGate unit access to the RADIUS server - web-based manager
1. Go to User & Device > Authentication > RADIUS Server and select Create New.
2. Enter a Name for the server.
3. In Primary Server Name/IP, enter the network name or IP address for the server.
4. In Primary Server Secret, enter the shared secret used to access the server.
5. Optionally, enter the information for a secondary or backup RADIUS server.
6. Select OK.
To configure the FortiGate unit to access the RADIUS server - CLI
config user radius
edit exampleRADIUS
set auth-type auto
set server 10.11.102.100
set secret aoewmntiasf
end
To configure WPA-Enterprise security - web-based manager
1. Go to WiFi Controller > WiFi Network > SSID and edit your SSID entry.
2. In Security Mode, select WPA/WPA2-Enterprise.
3. In Data Encryption, select AES.
If some of your wireless clients do not support AES, select TKIP.
4. In Authentication, do one of the following:
If you will use a RADIUS server for authentication, select RADIUS Server and then select the RADIUS server.
If you will use a local user group for authentication, select Usergroup and then select the user group that is permitted to use the wireless network.
5. Select OK.
To configure WPA-Enterprise security - CLI
config wireless-controller vap
edit example_wlan
set security wpa-enterprise
set encrypt AES
set auth radius
set radius-server exampleRADIUS
end