Fortinet Wireless, NPS & Called-Station-ID – can’t connect to SSID

Image not my own, I pinched it from Amazon

We’ve created a new SSID at work for our IT staff on our Fortinet (previously Meru) wireless network. Using Radius (through Microsoft Network Policy Server) we couldn’t connect even though it was set up in the same way as an existing, working network. It took us a while to figure out the issue once we thought we had everything configured correctly, but the TL;DR is, essentially, if you use the “Called Station ID” field (not “Calling”!) on the NPS box to specify which SSID the user is connecting with on a Fortinet wireless network, it doesn’t actually use the SSID of the wireless network, it uses the profile name of the ESS profile on the controller.

On the Fortinet box, we have an ESS Profile called “TECHS” within which sits the configuration for the “ITWIFI” SSID. In NPS, setting the “Called Station ID” to “.*:ITWIFI$” doesn’t let you log in, however setting it to “.*:TECHS$” does. This goes against any documentation I could find online.

We ended up just changing the SSID to match the ESS profile name.