In this recipe, you will learn how to monitor and suppress rogue access points (APs). A rogue AP is an unauthorized AP connected to your wired network (“on-wire”).
Before suppressing any AP, confirm that Rogue Suppression is compliant with the applicable laws and regulations of your region.
Discovered access points are listed in Monitor > Rogue AP Monitor. You can mark them as either Accepted or Rogue APs. While these designations help you track APs, they do not stop anyone from using these APs.
Other APs that are available in the same area as your APs are not necessarily rogues. A neighboring AP that has no connection to your network might cause interference, but it is not a security threat. In general, you would only Mark as rogue the unauthorized APs that are on-wire.
For more information, refer to the FortiWiFi and FortiAP Configuration Guide.
PREP 1 mins COOK 10 min TOTAL 11 mins
1. Configuring rogue scanning |
|
|
On the FortiGate, go to WiFi & Switch Controller > WIDS Profiles and edit the default profile. Enable Rogue AP Detection as shown. |
|
2. Monitoring rogue APs |
|
|
Go to Monitor > Rogue AP Monitor and view the table of APs found during scanning. |
 |
|
You can identify interfering APs in the Signal Interference column, indicated by the |
 |
3. Suppressing rogue APs |
|
|
To suppress a rogue AP, you must first mark the AP as rogue. Right-click the desired entry and select Mark as rogue. |
 |
| Once the AP is marked, suppress it by highlighting the entry and selecting Suppress AP. |  |
4. Reverting a suppressed AP |
|
|
To revert a suppressed AP, highlight its entry and select Unsuppress AP as shown. The AP will remain identified as rogue. |
 |
| To revert the rogue designation, right-click the entry and select Mark as unclassified. |  |
An unclassified AP should appear with the  icon in the State column. |
 |
5. Exempting an AP from rogue scanning |
|
| Go to WiFi & Switch Controller > WIDS Profiles and create a new WIDS profile that does not Enable Rogue AP Detection. |  |
|
Go to WiFi & Switch Controller > FortiAP Profiles and select the desired FortiAP Profile. Enable WIDS Profile, select the profile you just created, and click OK. |
 |
Rogue AP Monitor icons
The icons in the Rogue AP Monitor table are defined below:
To see accepted APs in the list, select Show Accepted.
The post Monitoring and suppressing rogue APs appeared first on Fortinet Cookbook.