Fortinet black logo

FortiWiFi and FortiAP Cookbook

Home FortiAP / FortiWiFi 6.4.0 FortiWiFi and FortiAP Cookbook

Enabling rogue AP suppression

6.4.0
6.4.0
6.2.0
Copy Link
Copy Doc ID daf31b55-67cc-11ea-9384-00505692583a:181465
Download PDF

Enabling rogue AP suppression

The guide provides simple configuration instructions for suppressing rogue APs on FortiAP. The steps include creating a WIDS profile and suppressing rogue APs.

To enable rogue AP suppression on the FortiWiFi and FortiAP GUI:
  1. Create a WIDS profile:
    1. In FortiWiFi and FortiAP, go to WiFi & Switch Controller > WIDS Profiles. Click Create New.
    2. For Sensor Mode, select Foreign and Home Channels.
    3. Enable Enable Rogue AP Detection.
    4. Complete the configuration, then click OK.
  2. Select the WIDS profile for the managed FortiAP. The monitoring radio must be in Dedicated Monitor mode:
    1. Go to WiFi & Switch Controller > FortiAP Profiles.
    2. Select the FortiAP profile applied to the managed FortiAP, then click Edit.
    3. Select Dedicated Monitor on Radio 1 or Radio 2.
    4. Enable WIDS Profile. Select the profile created in step 1. Click OK.
  3. Suppress FortiAP:
    1. Go to Dashboard > WiFi > Rogue APs.
    2. Select the desired SSID, then hover over the State column and click the Edit icon.
    3. From the drop-down menu, select Suppressed Rogue AP.
    4. Click Apply.
To enable rogue AP scan using the FortiWiFi and FortiAP CLI:
  1. Create a WIDS profile:

    config wireless-controller wids-profile

    edit "example-wids-profile"

    set sensor-mode both

    set ap-scan enable

    next

    end

  2. Select the WIDS profile for the managed FortiAP:

    config wireless-controller wtp-profile

    edit "example-FAP-profile"

    config platform

    set type <FAP-model-number>

    end

    config radio-1

    set mode monitor

    set wids-profile "example-wids-profile"

    end

    next

    end

  3. Suppress FortiAP:

    config wireless-controller ap-status

    edit 1

    set bssid 90:6c:ac:da:a7:f1

    set ssid "example-SSID"

    set status suppressed

    next

    end

Previous
Next

Enabling rogue AP suppression

The guide provides simple configuration instructions for suppressing rogue APs on FortiAP. The steps include creating a WIDS profile and suppressing rogue APs.

To enable rogue AP suppression on the FortiWiFi and FortiAP GUI:
  1. Create a WIDS profile:
    1. In FortiWiFi and FortiAP, go to WiFi & Switch Controller > WIDS Profiles. Click Create New.
    2. For Sensor Mode, select Foreign and Home Channels.
    3. Enable Enable Rogue AP Detection.
    4. Complete the configuration, then click OK.
  2. Select the WIDS profile for the managed FortiAP. The monitoring radio must be in Dedicated Monitor mode:
    1. Go to WiFi & Switch Controller > FortiAP Profiles.
    2. Select the FortiAP profile applied to the managed FortiAP, then click Edit.
    3. Select Dedicated Monitor on Radio 1 or Radio 2.
    4. Enable WIDS Profile. Select the profile created in step 1. Click OK.
  3. Suppress FortiAP:
    1. Go to Dashboard > WiFi > Rogue APs.
    2. Select the desired SSID, then hover over the State column and click the Edit icon.
    3. From the drop-down menu, select Suppressed Rogue AP.
    4. Click Apply.
To enable rogue AP scan using the FortiWiFi and FortiAP CLI:
  1. Create a WIDS profile:

    config wireless-controller wids-profile

    edit "example-wids-profile"

    set sensor-mode both

    set ap-scan enable

    next

    end

  2. Select the WIDS profile for the managed FortiAP:

    config wireless-controller wtp-profile

    edit "example-FAP-profile"

    config platform

    set type <FAP-model-number>

    end

    config radio-1

    set mode monitor

    set wids-profile "example-wids-profile"

    end

    next

    end

  3. Suppress FortiAP:

    config wireless-controller ap-status

    edit 1

    set bssid 90:6c:ac:da:a7:f1

    set ssid "example-SSID"

    set status suppressed

    next

    end

Previous
Next