Fortinet Document Library

Version:


Table of Contents

CLI Reference

6.2.1
Copy Link

Configure wireless intrusion detection system (WIDS) profiles.

  config wireless-controller wids-profile
      Description: Configure wireless intrusion detection system (WIDS) profiles.
      edit <name>
          set comment {string}
          set sensor-mode [disable|foreign|...]
          set ap-scan [disable|enable]
          set ap-bgscan-period {integer}
          set ap-bgscan-intv {integer}
          set ap-bgscan-duration {integer}
          set ap-bgscan-idle {integer}
          set ap-bgscan-report-intv {integer}
          set ap-bgscan-disable-schedules <name1>, <name2>, ...
          set ap-fgscan-report-intv {integer}
          set ap-scan-passive [enable|disable]
          set ap-auto-suppress [enable|disable]
          set wireless-bridge [enable|disable]
          set deauth-broadcast [enable|disable]
          set null-ssid-probe-resp [enable|disable]
          set long-duration-attack [enable|disable]
          set long-duration-thresh {integer}
          set invalid-mac-oui [enable|disable]
          set weak-wep-iv [enable|disable]
          set auth-frame-flood [enable|disable]
          set auth-flood-time {integer}
          set auth-flood-thresh {integer}
          set assoc-frame-flood [enable|disable]
          set assoc-flood-time {integer}
          set assoc-flood-thresh {integer}
          set spoofed-deauth [enable|disable]
          set asleap-attack [enable|disable]
          set eapol-start-flood [enable|disable]
          set eapol-start-thresh {integer}
          set eapol-start-intv {integer}
          set eapol-logoff-flood [enable|disable]
          set eapol-logoff-thresh {integer}
          set eapol-logoff-intv {integer}
          set eapol-succ-flood [enable|disable]
          set eapol-succ-thresh {integer}
          set eapol-succ-intv {integer}
          set eapol-fail-flood [enable|disable]
          set eapol-fail-thresh {integer}
          set eapol-fail-intv {integer}
          set eapol-pre-succ-flood [enable|disable]
          set eapol-pre-succ-thresh {integer}
          set eapol-pre-succ-intv {integer}
          set eapol-pre-fail-flood [enable|disable]
          set eapol-pre-fail-thresh {integer}
          set eapol-pre-fail-intv {integer}
          set deauth-unknown-src-thresh {integer}
      next
  end

config wireless-controller wids-profile

Parameter Name Description Type Size
comment Comment. string Maximum length: 63
sensor-mode Scan nearby WiFi stations (default = disable).
disable: Disable the scan.
foreign: Enable the scan and monitor foreign channels. Foreign channels are all other available channels than the current operating channel.
both: Enable the scan and monitor both foreign and home channels. Select this option to monitor all WiFi channels.
option -
ap-scan Enable/disable rogue AP detection.
disable: Disable rogue AP detection.
enable: Enable rogue AP detection.
option -
ap-bgscan-period Period of time between background scans (60 - 3600 sec, default = 600). integer Minimum value: 60 Maximum value: 3600
ap-bgscan-intv Period of time between scanning two channels (1 - 600 sec, default = 1). integer Minimum value: 1 Maximum value: 600
ap-bgscan-duration Listening time on a scanning channel (10 - 1000 msec, default = 20). integer Minimum value: 10 Maximum value: 1000
ap-bgscan-idle Waiting time for channel inactivity before scanning this channel (0 - 1000 msec, default = 0). integer Minimum value: 0 Maximum value: 1000
ap-bgscan-report-intv Period of time between background scan reports (15 - 600 sec, default = 30). integer Minimum value: 15 Maximum value: 600
ap-bgscan-disable-schedules <name> Firewall schedules for turning off FortiAP radio background scan. Background scan will be disabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
Schedule name.
string Maximum length: 35
ap-fgscan-report-intv Period of time between foreground scan reports (15 - 600 sec, default = 15). integer Minimum value: 15 Maximum value: 600
ap-scan-passive Enable/disable passive scanning. Enable means do not send probe request on any channels (default = disable).
enable: Passive scanning on all channels.
disable: Passive scanning only on DFS channels.
option -
ap-auto-suppress Enable/disable on-wire rogue AP auto-suppression (default = disable).
enable: Enable on-wire rogue AP auto-suppression.
disable: Disable on-wire rogue AP auto-suppression.
option -
wireless-bridge Enable/disable wireless bridge detection (default = disable).
enable: Enable wireless bridge detection.
disable: Disable wireless bridge detection.
option -
deauth-broadcast Enable/disable broadcasting de-authentication detection (default = disable).
enable: Enable broadcast de-authentication detection.
disable: Disable broadcast de-authentication detection.
option -
null-ssid-probe-resp Enable/disable null SSID probe response detection (default = disable).
enable: Enable null SSID probe resp detection.
disable: Disable null SSID probe resp detection.
option -
long-duration-attack Enable/disable long duration attack detection based on user configured threshold (default = disable).
enable: Enable long duration attack detection.
disable: Disable long duration attack detection.
option -
long-duration-thresh Threshold value for long duration attack detection (1000 - 32767 usec, default = 8200). integer Minimum value: 1000 Maximum value: 32767
invalid-mac-oui Enable/disable invalid MAC OUI detection.
enable: Enable invalid MAC OUI detection.
disable: Disable invalid MAC OUI detection.
option -
weak-wep-iv Enable/disable weak WEP IV (Initialization Vector) detection (default = disable).
enable: Enable weak WEP IV detection.
disable: Disable weak WEP IV detection.
option -
auth-frame-flood Enable/disable authentication frame flooding detection (default = disable).
enable: Enable authentication frame flooding detection.
disable: Disable authentication frame flooding detection.
option -
auth-flood-time Number of seconds after which a station is considered not connected. integer Minimum value: 5 Maximum value: 120
auth-flood-thresh The threshold value for authentication frame flooding. integer Minimum value: 1 Maximum value: 100
assoc-frame-flood Enable/disable association frame flooding detection (default = disable).
enable: Enable association frame flooding detection.
disable: Disable association frame flooding detection.
option -
assoc-flood-time Number of seconds after which a station is considered not connected. integer Minimum value: 5 Maximum value: 120
assoc-flood-thresh The threshold value for association frame flooding. integer Minimum value: 1 Maximum value: 100
spoofed-deauth Enable/disable spoofed de-authentication attack detection (default = disable).
enable: Enable spoofed de-authentication attack detection.
disable: Disable spoofed de-authentication attack detection.
option -
asleap-attack Enable/disable asleap attack detection (default = disable).
enable: Enable asleap attack detection.
disable: Disable asleap attack detection.
option -
eapol-start-flood Enable/disable EAPOL-Start flooding (to AP) detection (default = disable).
enable: Enable EAPOL-Start flooding detection.
disable: Disable EAPOL-Start flooding detection.
option -
eapol-start-thresh The threshold value for EAPOL-Start flooding in specified interval. integer Minimum value: 2 Maximum value: 100
eapol-start-intv The detection interval for EAPOL-Start flooding (1 - 3600 sec). integer Minimum value: 1 Maximum value: 3600
eapol-logoff-flood Enable/disable EAPOL-Logoff flooding (to AP) detection (default = disable).
enable: Enable EAPOL-Logoff flooding detection.
disable: Disable EAPOL-Logoff flooding detection.
option -
eapol-logoff-thresh The threshold value for EAPOL-Logoff flooding in specified interval. integer Minimum value: 2 Maximum value: 100
eapol-logoff-intv The detection interval for EAPOL-Logoff flooding (1 - 3600 sec). integer Minimum value: 1 Maximum value: 3600
eapol-succ-flood Enable/disable EAPOL-Success flooding (to AP) detection (default = disable).
enable: Enable EAPOL-Success flooding detection.
disable: Disable EAPOL-Success flooding detection.
option -
eapol-succ-thresh The threshold value for EAPOL-Success flooding in specified interval. integer Minimum value: 2 Maximum value: 100
eapol-succ-intv The detection interval for EAPOL-Success flooding (1 - 3600 sec). integer Minimum value: 1 Maximum value: 3600
eapol-fail-flood Enable/disable EAPOL-Failure flooding (to AP) detection (default = disable).
enable: Enable EAPOL-Failure flooding detection.
disable: Disable EAPOL-Failure flooding detection.
option -
eapol-fail-thresh The threshold value for EAPOL-Failure flooding in specified interval. integer Minimum value: 2 Maximum value: 100
eapol-fail-intv The detection interval for EAPOL-Failure flooding (1 - 3600 sec). integer Minimum value: 1 Maximum value: 3600
eapol-pre-succ-flood Enable/disable premature EAPOL-Success flooding (to STA) detection (default = disable).
enable: Enable premature EAPOL-Success flooding detection.
disable: Disable premature EAPOL-Success flooding detection.
option -
eapol-pre-succ-thresh The threshold value for premature EAPOL-Success flooding in specified interval. integer Minimum value: 2 Maximum value: 100
eapol-pre-succ-intv The detection interval for premature EAPOL-Success flooding (1 - 3600 sec). integer Minimum value: 1 Maximum value: 3600
eapol-pre-fail-flood Enable/disable premature EAPOL-Failure flooding (to STA) detection (default = disable).
enable: Enable premature EAPOL-Failure flooding detection.
disable: Disable premature EAPOL-Failure flooding detection.
option -
eapol-pre-fail-thresh The threshold value for premature EAPOL-Failure flooding in specified interval. integer Minimum value: 2 Maximum value: 100
eapol-pre-fail-intv The detection interval for premature EAPOL-Failure flooding (1 - 3600 sec). integer Minimum value: 1 Maximum value: 3600
deauth-unknown-src-thresh Threshold value per second to deauth unknown src for DoS attack (0: no limit). integer Minimum value: 0 Maximum value: 65535

Configure wireless intrusion detection system (WIDS) profiles.

  config wireless-controller wids-profile
      Description: Configure wireless intrusion detection system (WIDS) profiles.
      edit <name>
          set comment {string}
          set sensor-mode [disable|foreign|...]
          set ap-scan [disable|enable]
          set ap-bgscan-period {integer}
          set ap-bgscan-intv {integer}
          set ap-bgscan-duration {integer}
          set ap-bgscan-idle {integer}
          set ap-bgscan-report-intv {integer}
          set ap-bgscan-disable-schedules <name1>, <name2>, ...
          set ap-fgscan-report-intv {integer}
          set ap-scan-passive [enable|disable]
          set ap-auto-suppress [enable|disable]
          set wireless-bridge [enable|disable]
          set deauth-broadcast [enable|disable]
          set null-ssid-probe-resp [enable|disable]
          set long-duration-attack [enable|disable]
          set long-duration-thresh {integer}
          set invalid-mac-oui [enable|disable]
          set weak-wep-iv [enable|disable]
          set auth-frame-flood [enable|disable]
          set auth-flood-time {integer}
          set auth-flood-thresh {integer}
          set assoc-frame-flood [enable|disable]
          set assoc-flood-time {integer}
          set assoc-flood-thresh {integer}
          set spoofed-deauth [enable|disable]
          set asleap-attack [enable|disable]
          set eapol-start-flood [enable|disable]
          set eapol-start-thresh {integer}
          set eapol-start-intv {integer}
          set eapol-logoff-flood [enable|disable]
          set eapol-logoff-thresh {integer}
          set eapol-logoff-intv {integer}
          set eapol-succ-flood [enable|disable]
          set eapol-succ-thresh {integer}
          set eapol-succ-intv {integer}
          set eapol-fail-flood [enable|disable]
          set eapol-fail-thresh {integer}
          set eapol-fail-intv {integer}
          set eapol-pre-succ-flood [enable|disable]
          set eapol-pre-succ-thresh {integer}
          set eapol-pre-succ-intv {integer}
          set eapol-pre-fail-flood [enable|disable]
          set eapol-pre-fail-thresh {integer}
          set eapol-pre-fail-intv {integer}
          set deauth-unknown-src-thresh {integer}
      next
  end

config wireless-controller wids-profile

Parameter Name Description Type Size
comment Comment. string Maximum length: 63
sensor-mode Scan nearby WiFi stations (default = disable).
disable: Disable the scan.
foreign: Enable the scan and monitor foreign channels. Foreign channels are all other available channels than the current operating channel.
both: Enable the scan and monitor both foreign and home channels. Select this option to monitor all WiFi channels.
option -
ap-scan Enable/disable rogue AP detection.
disable: Disable rogue AP detection.
enable: Enable rogue AP detection.
option -
ap-bgscan-period Period of time between background scans (60 - 3600 sec, default = 600). integer Minimum value: 60 Maximum value: 3600
ap-bgscan-intv Period of time between scanning two channels (1 - 600 sec, default = 1). integer Minimum value: 1 Maximum value: 600
ap-bgscan-duration Listening time on a scanning channel (10 - 1000 msec, default = 20). integer Minimum value: 10 Maximum value: 1000
ap-bgscan-idle Waiting time for channel inactivity before scanning this channel (0 - 1000 msec, default = 0). integer Minimum value: 0 Maximum value: 1000
ap-bgscan-report-intv Period of time between background scan reports (15 - 600 sec, default = 30). integer Minimum value: 15 Maximum value: 600
ap-bgscan-disable-schedules <name> Firewall schedules for turning off FortiAP radio background scan. Background scan will be disabled when at least one of the schedules is valid. Separate multiple schedule names with a space.
Schedule name.
string Maximum length: 35
ap-fgscan-report-intv Period of time between foreground scan reports (15 - 600 sec, default = 15). integer Minimum value: 15 Maximum value: 600
ap-scan-passive Enable/disable passive scanning. Enable means do not send probe request on any channels (default = disable).
enable: Passive scanning on all channels.
disable: Passive scanning only on DFS channels.
option -
ap-auto-suppress Enable/disable on-wire rogue AP auto-suppression (default = disable).
enable: Enable on-wire rogue AP auto-suppression.
disable: Disable on-wire rogue AP auto-suppression.
option -
wireless-bridge Enable/disable wireless bridge detection (default = disable).
enable: Enable wireless bridge detection.
disable: Disable wireless bridge detection.
option -
deauth-broadcast Enable/disable broadcasting de-authentication detection (default = disable).
enable: Enable broadcast de-authentication detection.
disable: Disable broadcast de-authentication detection.
option -
null-ssid-probe-resp Enable/disable null SSID probe response detection (default = disable).
enable: Enable null SSID probe resp detection.
disable: Disable null SSID probe resp detection.
option -
long-duration-attack Enable/disable long duration attack detection based on user configured threshold (default = disable).
enable: Enable long duration attack detection.
disable: Disable long duration attack detection.
option -
long-duration-thresh Threshold value for long duration attack detection (1000 - 32767 usec, default = 8200). integer Minimum value: 1000 Maximum value: 32767
invalid-mac-oui Enable/disable invalid MAC OUI detection.
enable: Enable invalid MAC OUI detection.
disable: Disable invalid MAC OUI detection.
option -
weak-wep-iv Enable/disable weak WEP IV (Initialization Vector) detection (default = disable).
enable: Enable weak WEP IV detection.
disable: Disable weak WEP IV detection.
option -
auth-frame-flood Enable/disable authentication frame flooding detection (default = disable).
enable: Enable authentication frame flooding detection.
disable: Disable authentication frame flooding detection.
option -
auth-flood-time Number of seconds after which a station is considered not connected. integer Minimum value: 5 Maximum value: 120
auth-flood-thresh The threshold value for authentication frame flooding. integer Minimum value: 1 Maximum value: 100
assoc-frame-flood Enable/disable association frame flooding detection (default = disable).
enable: Enable association frame flooding detection.
disable: Disable association frame flooding detection.
option -
assoc-flood-time Number of seconds after which a station is considered not connected. integer Minimum value: 5 Maximum value: 120
assoc-flood-thresh The threshold value for association frame flooding. integer Minimum value: 1 Maximum value: 100
spoofed-deauth Enable/disable spoofed de-authentication attack detection (default = disable).
enable: Enable spoofed de-authentication attack detection.
disable: Disable spoofed de-authentication attack detection.
option -
asleap-attack Enable/disable asleap attack detection (default = disable).
enable: Enable asleap attack detection.
disable: Disable asleap attack detection.
option -
eapol-start-flood Enable/disable EAPOL-Start flooding (to AP) detection (default = disable).
enable: Enable EAPOL-Start flooding detection.
disable: Disable EAPOL-Start flooding detection.
option -
eapol-start-thresh The threshold value for EAPOL-Start flooding in specified interval. integer Minimum value: 2 Maximum value: 100
eapol-start-intv The detection interval for EAPOL-Start flooding (1 - 3600 sec). integer Minimum value: 1 Maximum value: 3600
eapol-logoff-flood Enable/disable EAPOL-Logoff flooding (to AP) detection (default = disable).
enable: Enable EAPOL-Logoff flooding detection.
disable: Disable EAPOL-Logoff flooding detection.
option -
eapol-logoff-thresh The threshold value for EAPOL-Logoff flooding in specified interval. integer Minimum value: 2 Maximum value: 100
eapol-logoff-intv The detection interval for EAPOL-Logoff flooding (1 - 3600 sec). integer Minimum value: 1 Maximum value: 3600
eapol-succ-flood Enable/disable EAPOL-Success flooding (to AP) detection (default = disable).
enable: Enable EAPOL-Success flooding detection.
disable: Disable EAPOL-Success flooding detection.
option -
eapol-succ-thresh The threshold value for EAPOL-Success flooding in specified interval. integer Minimum value: 2 Maximum value: 100
eapol-succ-intv The detection interval for EAPOL-Success flooding (1 - 3600 sec). integer Minimum value: 1 Maximum value: 3600
eapol-fail-flood Enable/disable EAPOL-Failure flooding (to AP) detection (default = disable).
enable: Enable EAPOL-Failure flooding detection.
disable: Disable EAPOL-Failure flooding detection.
option -
eapol-fail-thresh The threshold value for EAPOL-Failure flooding in specified interval. integer Minimum value: 2 Maximum value: 100
eapol-fail-intv The detection interval for EAPOL-Failure flooding (1 - 3600 sec). integer Minimum value: 1 Maximum value: 3600
eapol-pre-succ-flood Enable/disable premature EAPOL-Success flooding (to STA) detection (default = disable).
enable: Enable premature EAPOL-Success flooding detection.
disable: Disable premature EAPOL-Success flooding detection.
option -
eapol-pre-succ-thresh The threshold value for premature EAPOL-Success flooding in specified interval. integer Minimum value: 2 Maximum value: 100
eapol-pre-succ-intv The detection interval for premature EAPOL-Success flooding (1 - 3600 sec). integer Minimum value: 1 Maximum value: 3600
eapol-pre-fail-flood Enable/disable premature EAPOL-Failure flooding (to STA) detection (default = disable).
enable: Enable premature EAPOL-Failure flooding detection.
disable: Disable premature EAPOL-Failure flooding detection.
option -
eapol-pre-fail-thresh The threshold value for premature EAPOL-Failure flooding in specified interval. integer Minimum value: 2 Maximum value: 100
eapol-pre-fail-intv The detection interval for premature EAPOL-Failure flooding (1 - 3600 sec). integer Minimum value: 1 Maximum value: 3600
deauth-unknown-src-thresh Threshold value per second to deauth unknown src for DoS attack (0: no limit). integer Minimum value: 0 Maximum value: 65535