Fortinet black logo

CLI Reference

config wireless-controller wids-profile

config wireless-controller wids-profile

Configure wireless intrusion detection system (WIDS) profiles.

config wireless-controller wids-profile

Description: Configure wireless intrusion detection system (WIDS) profiles.

edit <name>

set comment {string}

set sensor-mode [disable|foreign|...]

set ap-scan [disable|enable]

set ap-bgscan-period {integer}

set ap-bgscan-intv {integer}

set ap-bgscan-duration {integer}

set ap-bgscan-idle {integer}

set ap-bgscan-report-intv {integer}

set ap-bgscan-disable-schedules <name1>, <name2>, ...

set ap-fgscan-report-intv {integer}

set ap-scan-passive [enable|disable]

set ap-scan-threshold {string}

set ap-auto-suppress [enable|disable]

set wireless-bridge [enable|disable]

set deauth-broadcast [enable|disable]

set null-ssid-probe-resp [enable|disable]

set long-duration-attack [enable|disable]

set long-duration-thresh {integer}

set invalid-mac-oui [enable|disable]

set weak-wep-iv [enable|disable]

set auth-frame-flood [enable|disable]

set auth-flood-time {integer}

set auth-flood-thresh {integer}

set assoc-frame-flood [enable|disable]

set assoc-flood-time {integer}

set assoc-flood-thresh {integer}

set spoofed-deauth [enable|disable]

set asleap-attack [enable|disable]

set eapol-start-flood [enable|disable]

set eapol-start-thresh {integer}

set eapol-start-intv {integer}

set eapol-logoff-flood [enable|disable]

set eapol-logoff-thresh {integer}

set eapol-logoff-intv {integer}

set eapol-succ-flood [enable|disable]

set eapol-succ-thresh {integer}

set eapol-succ-intv {integer}

set eapol-fail-flood [enable|disable]

set eapol-fail-thresh {integer}

set eapol-fail-intv {integer}

set eapol-pre-succ-flood [enable|disable]

set eapol-pre-succ-thresh {integer}

set eapol-pre-succ-intv {integer}

set eapol-pre-fail-flood [enable|disable]

set eapol-pre-fail-thresh {integer}

set eapol-pre-fail-intv {integer}

set deauth-unknown-src-thresh {integer}

next

end

config wireless-controller wids-profile

Parameter

Description

Type

Size

comment

Comment.

string

Maximum length: 63

sensor-mode

Scan nearby WiFi stations .

option

-

Option

Description

disable

Disable the scan.

foreign

Enable the scan and monitor foreign channels. Foreign channels are all other available channels than the current operating channel.

both

Enable the scan and monitor both foreign and home channels. Select this option to monitor all WiFi channels.

ap-scan

Enable/disable rogue AP detection.

option

-

Option

Description

disable

Disable rogue AP detection.

enable

Enable rogue AP detection.

ap-bgscan-period

Period of time between background scans .

integer

Minimum value: 60 Maximum value: 3600

ap-bgscan-intv

Period of time between scanning two channels .

integer

Minimum value: 1 Maximum value: 600

ap-bgscan-duration

Listening time on a scanning channel .

integer

Minimum value: 10 Maximum value: 1000

ap-bgscan-idle

Waiting time for channel inactivity before scanning this channel .

integer

Minimum value: 0 Maximum value: 1000

ap-bgscan-report-intv

Period of time between background scan reports .

integer

Minimum value: 15 Maximum value: 600

ap-bgscan-disable-schedules <name>

Firewall schedules for turning off FortiAP radio background scan. Background scan will be disabled when at least one of the schedules is valid. Separate multiple schedule names with a space.

Schedule name.

string

Maximum length: 35

ap-fgscan-report-intv

Period of time between foreground scan reports .

integer

Minimum value: 15 Maximum value: 600

ap-scan-passive

Enable/disable passive scanning. Enable means do not send probe request on any channels .

option

-

Option

Description

enable

Passive scanning on all channels.

disable

Passive scanning only on DFS channels.

ap-scan-threshold

Minimum signal level/threshold in dBm required for the AP to report detected rogue AP .

string

Maximum length: 7

ap-auto-suppress

Enable/disable on-wire rogue AP auto-suppression .

option

-

Option

Description

enable

Enable on-wire rogue AP auto-suppression.

disable

Disable on-wire rogue AP auto-suppression.

wireless-bridge

Enable/disable wireless bridge detection .

option

-

Option

Description

enable

Enable wireless bridge detection.

disable

Disable wireless bridge detection.

deauth-broadcast

Enable/disable broadcasting de-authentication detection .

option

-

Option

Description

enable

Enable broadcast de-authentication detection.

disable

Disable broadcast de-authentication detection.

null-ssid-probe-resp

Enable/disable null SSID probe response detection .

option

-

Option

Description

enable

Enable null SSID probe resp detection.

disable

Disable null SSID probe resp detection.

long-duration-attack

Enable/disable long duration attack detection based on user configured threshold .

option

-

Option

Description

enable

Enable long duration attack detection.

disable

Disable long duration attack detection.

long-duration-thresh

Threshold value for long duration attack detection .

integer

Minimum value: 1000 Maximum value: 32767

invalid-mac-oui

Enable/disable invalid MAC OUI detection.

option

-

Option

Description

enable

Enable invalid MAC OUI detection.

disable

Disable invalid MAC OUI detection.

weak-wep-iv

Enable/disable weak WEP IV .

option

-

Option

Description

enable

Enable weak WEP IV detection.

disable

Disable weak WEP IV detection.

auth-frame-flood

Enable/disable authentication frame flooding detection .

option

-

Option

Description

enable

Enable authentication frame flooding detection.

disable

Disable authentication frame flooding detection.

auth-flood-time

Number of seconds after which a station is considered not connected.

integer

Minimum value: 5 Maximum value: 120

auth-flood-thresh

The threshold value for authentication frame flooding.

integer

Minimum value: 1 Maximum value: 100

assoc-frame-flood

Enable/disable association frame flooding detection .

option

-

Option

Description

enable

Enable association frame flooding detection.

disable

Disable association frame flooding detection.

assoc-flood-time

Number of seconds after which a station is considered not connected.

integer

Minimum value: 5 Maximum value: 120

assoc-flood-thresh

The threshold value for association frame flooding.

integer

Minimum value: 1 Maximum value: 100

spoofed-deauth

Enable/disable spoofed de-authentication attack detection .

option

-

Option

Description

enable

Enable spoofed de-authentication attack detection.

disable

Disable spoofed de-authentication attack detection.

asleap-attack

Enable/disable asleap attack detection .

option

-

Option

Description

enable

Enable asleap attack detection.

disable

Disable asleap attack detection.

eapol-start-flood

Enable/disable EAPOL-Start flooding .

option

-

Option

Description

enable

Enable EAPOL-Start flooding detection.

disable

Disable EAPOL-Start flooding detection.

eapol-start-thresh

The threshold value for EAPOL-Start flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

eapol-start-intv

The detection interval for EAPOL-Start flooding .

integer

Minimum value: 1 Maximum value: 3600

eapol-logoff-flood

Enable/disable EAPOL-Logoff flooding .

option

-

Option

Description

enable

Enable EAPOL-Logoff flooding detection.

disable

Disable EAPOL-Logoff flooding detection.

eapol-logoff-thresh

The threshold value for EAPOL-Logoff flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

eapol-logoff-intv

The detection interval for EAPOL-Logoff flooding .

integer

Minimum value: 1 Maximum value: 3600

eapol-succ-flood

Enable/disable EAPOL-Success flooding .

option

-

Option

Description

enable

Enable EAPOL-Success flooding detection.

disable

Disable EAPOL-Success flooding detection.

eapol-succ-thresh

The threshold value for EAPOL-Success flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

eapol-succ-intv

The detection interval for EAPOL-Success flooding .

integer

Minimum value: 1 Maximum value: 3600

eapol-fail-flood

Enable/disable EAPOL-Failure flooding .

option

-

Option

Description

enable

Enable EAPOL-Failure flooding detection.

disable

Disable EAPOL-Failure flooding detection.

eapol-fail-thresh

The threshold value for EAPOL-Failure flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

eapol-fail-intv

The detection interval for EAPOL-Failure flooding .

integer

Minimum value: 1 Maximum value: 3600

eapol-pre-succ-flood

Enable/disable premature EAPOL-Success flooding .

option

-

Option

Description

enable

Enable premature EAPOL-Success flooding detection.

disable

Disable premature EAPOL-Success flooding detection.

eapol-pre-succ-thresh

The threshold value for premature EAPOL-Success flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

eapol-pre-succ-intv

The detection interval for premature EAPOL-Success flooding .

integer

Minimum value: 1 Maximum value: 3600

eapol-pre-fail-flood

Enable/disable premature EAPOL-Failure flooding .

option

-

Option

Description

enable

Enable premature EAPOL-Failure flooding detection.

disable

Disable premature EAPOL-Failure flooding detection.

eapol-pre-fail-thresh

The threshold value for premature EAPOL-Failure flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

eapol-pre-fail-intv

The detection interval for premature EAPOL-Failure flooding .

integer

Minimum value: 1 Maximum value: 3600

deauth-unknown-src-thresh

Threshold value per second to deauth unknown src for DoS attack (0: no limit).

integer

Minimum value: 0 Maximum value: 65535

config wireless-controller wids-profile

Configure wireless intrusion detection system (WIDS) profiles.

config wireless-controller wids-profile

Description: Configure wireless intrusion detection system (WIDS) profiles.

edit <name>

set comment {string}

set sensor-mode [disable|foreign|...]

set ap-scan [disable|enable]

set ap-bgscan-period {integer}

set ap-bgscan-intv {integer}

set ap-bgscan-duration {integer}

set ap-bgscan-idle {integer}

set ap-bgscan-report-intv {integer}

set ap-bgscan-disable-schedules <name1>, <name2>, ...

set ap-fgscan-report-intv {integer}

set ap-scan-passive [enable|disable]

set ap-scan-threshold {string}

set ap-auto-suppress [enable|disable]

set wireless-bridge [enable|disable]

set deauth-broadcast [enable|disable]

set null-ssid-probe-resp [enable|disable]

set long-duration-attack [enable|disable]

set long-duration-thresh {integer}

set invalid-mac-oui [enable|disable]

set weak-wep-iv [enable|disable]

set auth-frame-flood [enable|disable]

set auth-flood-time {integer}

set auth-flood-thresh {integer}

set assoc-frame-flood [enable|disable]

set assoc-flood-time {integer}

set assoc-flood-thresh {integer}

set spoofed-deauth [enable|disable]

set asleap-attack [enable|disable]

set eapol-start-flood [enable|disable]

set eapol-start-thresh {integer}

set eapol-start-intv {integer}

set eapol-logoff-flood [enable|disable]

set eapol-logoff-thresh {integer}

set eapol-logoff-intv {integer}

set eapol-succ-flood [enable|disable]

set eapol-succ-thresh {integer}

set eapol-succ-intv {integer}

set eapol-fail-flood [enable|disable]

set eapol-fail-thresh {integer}

set eapol-fail-intv {integer}

set eapol-pre-succ-flood [enable|disable]

set eapol-pre-succ-thresh {integer}

set eapol-pre-succ-intv {integer}

set eapol-pre-fail-flood [enable|disable]

set eapol-pre-fail-thresh {integer}

set eapol-pre-fail-intv {integer}

set deauth-unknown-src-thresh {integer}

next

end

config wireless-controller wids-profile

Parameter

Description

Type

Size

comment

Comment.

string

Maximum length: 63

sensor-mode

Scan nearby WiFi stations .

option

-

Option

Description

disable

Disable the scan.

foreign

Enable the scan and monitor foreign channels. Foreign channels are all other available channels than the current operating channel.

both

Enable the scan and monitor both foreign and home channels. Select this option to monitor all WiFi channels.

ap-scan

Enable/disable rogue AP detection.

option

-

Option

Description

disable

Disable rogue AP detection.

enable

Enable rogue AP detection.

ap-bgscan-period

Period of time between background scans .

integer

Minimum value: 60 Maximum value: 3600

ap-bgscan-intv

Period of time between scanning two channels .

integer

Minimum value: 1 Maximum value: 600

ap-bgscan-duration

Listening time on a scanning channel .

integer

Minimum value: 10 Maximum value: 1000

ap-bgscan-idle

Waiting time for channel inactivity before scanning this channel .

integer

Minimum value: 0 Maximum value: 1000

ap-bgscan-report-intv

Period of time between background scan reports .

integer

Minimum value: 15 Maximum value: 600

ap-bgscan-disable-schedules <name>

Firewall schedules for turning off FortiAP radio background scan. Background scan will be disabled when at least one of the schedules is valid. Separate multiple schedule names with a space.

Schedule name.

string

Maximum length: 35

ap-fgscan-report-intv

Period of time between foreground scan reports .

integer

Minimum value: 15 Maximum value: 600

ap-scan-passive

Enable/disable passive scanning. Enable means do not send probe request on any channels .

option

-

Option

Description

enable

Passive scanning on all channels.

disable

Passive scanning only on DFS channels.

ap-scan-threshold

Minimum signal level/threshold in dBm required for the AP to report detected rogue AP .

string

Maximum length: 7

ap-auto-suppress

Enable/disable on-wire rogue AP auto-suppression .

option

-

Option

Description

enable

Enable on-wire rogue AP auto-suppression.

disable

Disable on-wire rogue AP auto-suppression.

wireless-bridge

Enable/disable wireless bridge detection .

option

-

Option

Description

enable

Enable wireless bridge detection.

disable

Disable wireless bridge detection.

deauth-broadcast

Enable/disable broadcasting de-authentication detection .

option

-

Option

Description

enable

Enable broadcast de-authentication detection.

disable

Disable broadcast de-authentication detection.

null-ssid-probe-resp

Enable/disable null SSID probe response detection .

option

-

Option

Description

enable

Enable null SSID probe resp detection.

disable

Disable null SSID probe resp detection.

long-duration-attack

Enable/disable long duration attack detection based on user configured threshold .

option

-

Option

Description

enable

Enable long duration attack detection.

disable

Disable long duration attack detection.

long-duration-thresh

Threshold value for long duration attack detection .

integer

Minimum value: 1000 Maximum value: 32767

invalid-mac-oui

Enable/disable invalid MAC OUI detection.

option

-

Option

Description

enable

Enable invalid MAC OUI detection.

disable

Disable invalid MAC OUI detection.

weak-wep-iv

Enable/disable weak WEP IV .

option

-

Option

Description

enable

Enable weak WEP IV detection.

disable

Disable weak WEP IV detection.

auth-frame-flood

Enable/disable authentication frame flooding detection .

option

-

Option

Description

enable

Enable authentication frame flooding detection.

disable

Disable authentication frame flooding detection.

auth-flood-time

Number of seconds after which a station is considered not connected.

integer

Minimum value: 5 Maximum value: 120

auth-flood-thresh

The threshold value for authentication frame flooding.

integer

Minimum value: 1 Maximum value: 100

assoc-frame-flood

Enable/disable association frame flooding detection .

option

-

Option

Description

enable

Enable association frame flooding detection.

disable

Disable association frame flooding detection.

assoc-flood-time

Number of seconds after which a station is considered not connected.

integer

Minimum value: 5 Maximum value: 120

assoc-flood-thresh

The threshold value for association frame flooding.

integer

Minimum value: 1 Maximum value: 100

spoofed-deauth

Enable/disable spoofed de-authentication attack detection .

option

-

Option

Description

enable

Enable spoofed de-authentication attack detection.

disable

Disable spoofed de-authentication attack detection.

asleap-attack

Enable/disable asleap attack detection .

option

-

Option

Description

enable

Enable asleap attack detection.

disable

Disable asleap attack detection.

eapol-start-flood

Enable/disable EAPOL-Start flooding .

option

-

Option

Description

enable

Enable EAPOL-Start flooding detection.

disable

Disable EAPOL-Start flooding detection.

eapol-start-thresh

The threshold value for EAPOL-Start flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

eapol-start-intv

The detection interval for EAPOL-Start flooding .

integer

Minimum value: 1 Maximum value: 3600

eapol-logoff-flood

Enable/disable EAPOL-Logoff flooding .

option

-

Option

Description

enable

Enable EAPOL-Logoff flooding detection.

disable

Disable EAPOL-Logoff flooding detection.

eapol-logoff-thresh

The threshold value for EAPOL-Logoff flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

eapol-logoff-intv

The detection interval for EAPOL-Logoff flooding .

integer

Minimum value: 1 Maximum value: 3600

eapol-succ-flood

Enable/disable EAPOL-Success flooding .

option

-

Option

Description

enable

Enable EAPOL-Success flooding detection.

disable

Disable EAPOL-Success flooding detection.

eapol-succ-thresh

The threshold value for EAPOL-Success flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

eapol-succ-intv

The detection interval for EAPOL-Success flooding .

integer

Minimum value: 1 Maximum value: 3600

eapol-fail-flood

Enable/disable EAPOL-Failure flooding .

option

-

Option

Description

enable

Enable EAPOL-Failure flooding detection.

disable

Disable EAPOL-Failure flooding detection.

eapol-fail-thresh

The threshold value for EAPOL-Failure flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

eapol-fail-intv

The detection interval for EAPOL-Failure flooding .

integer

Minimum value: 1 Maximum value: 3600

eapol-pre-succ-flood

Enable/disable premature EAPOL-Success flooding .

option

-

Option

Description

enable

Enable premature EAPOL-Success flooding detection.

disable

Disable premature EAPOL-Success flooding detection.

eapol-pre-succ-thresh

The threshold value for premature EAPOL-Success flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

eapol-pre-succ-intv

The detection interval for premature EAPOL-Success flooding .

integer

Minimum value: 1 Maximum value: 3600

eapol-pre-fail-flood

Enable/disable premature EAPOL-Failure flooding .

option

-

Option

Description

enable

Enable premature EAPOL-Failure flooding detection.

disable

Disable premature EAPOL-Failure flooding detection.

eapol-pre-fail-thresh

The threshold value for premature EAPOL-Failure flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

eapol-pre-fail-intv

The detection interval for premature EAPOL-Failure flooding .

integer

Minimum value: 1 Maximum value: 3600

deauth-unknown-src-thresh

Threshold value per second to deauth unknown src for DoS attack (0: no limit).

integer

Minimum value: 0 Maximum value: 65535