Enabling rogue AP suppression
The guide provides simple configuration instructions for suppressing rogue APs on FortiAP. The steps include creating a WIDS profile and suppressing rogue APs.
To enable rogue AP suppression on the FortiWiFi and FortiAP GUI:
- Create a WIDS profile:
- In FortiWiFi and FortiAP, go to WiFi & Switch Controller > WIDS Profiles. Click Create New.
- For Sensor Mode, select Foreign and Home Channels.
- Enable Enable Rogue AP Detection.
- Complete the configuration, then click OK.
- Select the WIDS profile for the managed FortiAP. The monitoring radio must be in Dedicated Monitor mode:
- Go to WiFi & Switch Controller > FortiAP Profiles.
- Select the FortiAP profile applied to the managed FortiAP, then click Edit.
- Select Dedicated Monitor on Radio 1 or Radio 2.
- Enable WIDS Profile. Select the profile created in step 1. Click OK.
- Suppress FortiAP:
- Go to Dashboard > WiFi > Rogue APs.
- Select the desired SSID, then hover over the State column and click the Edit icon.
- From the drop-down menu, select Suppressed Rogue AP.
- Click Apply.
To enable rogue AP scan using the FortiWiFi and FortiAP CLI:
- Create a WIDS profile:
config wireless-controller wids-profile
edit "example-wids-profile"
set sensor-mode both
set ap-scan enable
next
end
- Select the WIDS profile for the managed FortiAP:
config wireless-controller wtp-profile
edit "example-FAP-profile"
config platform
set type <FAP-model-number>
end
config radio-1
set mode monitor
set wids-profile "example-wids-profile"
end
next
end
- Suppress FortiAP:
config wireless-controller ap-status
edit 1
set bssid 90:6c:ac:da:a7:f1
set ssid "example-SSID"
set status suppressed
next
end