Fortigate/FortiAP: device based authentication using certificates
I wan to secure my Wifi at home with 802.1x authentication.
In general using 802.1x authentication there are two methods:
- User based authentication
- Device based authentication
I just want to authenticate devices I do NOT want to authenticate users.
The goal is that only devices which have a certificate installed can connect to my wifi network. If the device does not have a certificate access should be denied.
This has to work without a windows domain as the device could be a linux machine, an iphone, android device, windows machine, etc.
Note: if required I have a Microsoft CA which can issue certficates, an AD Domain Controller and a Radius server (Microsoft NPS) which can be used.
If there is a way just using a certificate which is installed on the Fortigate that would be fine enough.
I went through the manuals and the KB and there are some guides how to configure e.g. AD based user authentication but there is almost no information regarding certificates in general and especially device based authentication using certificates.
I asked support and they said I should use the cli commands
config system global
Unfortunately the manual doesn' t describe what exactly this does and how it is used :-(
Does anybody know how device based authentication using certificates is configured?