Fortinet Document Library

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

CLI Reference

config wireless-controller wids-profile

Configure wireless intrusion detection system (WIDS) profiles.

config wireless-controller wids-profile

Description: Configure wireless intrusion detection system (WIDS) profiles.

edit <name>

set comment {string}

set sensor-mode [disable|foreign|...]

set ap-scan [disable|enable]

set ap-bgscan-period {integer}

set ap-bgscan-intv {integer}

set ap-bgscan-duration {integer}

set ap-bgscan-idle {integer}

set ap-bgscan-report-intv {integer}

set ap-bgscan-disable-schedules <name1>, <name2>, ...

set ap-fgscan-report-intv {integer}

set ap-scan-passive [enable|disable]

set ap-scan-threshold {string}

set ap-auto-suppress [enable|disable]

set wireless-bridge [enable|disable]

set deauth-broadcast [enable|disable]

set null-ssid-probe-resp [enable|disable]

set long-duration-attack [enable|disable]

set long-duration-thresh {integer}

set invalid-mac-oui [enable|disable]

set weak-wep-iv [enable|disable]

set auth-frame-flood [enable|disable]

set auth-flood-time {integer}

set auth-flood-thresh {integer}

set assoc-frame-flood [enable|disable]

set assoc-flood-time {integer}

set assoc-flood-thresh {integer}

set spoofed-deauth [enable|disable]

set asleap-attack [enable|disable]

set eapol-start-flood [enable|disable]

set eapol-start-thresh {integer}

set eapol-start-intv {integer}

set eapol-logoff-flood [enable|disable]

set eapol-logoff-thresh {integer}

set eapol-logoff-intv {integer}

set eapol-succ-flood [enable|disable]

set eapol-succ-thresh {integer}

set eapol-succ-intv {integer}

set eapol-fail-flood [enable|disable]

set eapol-fail-thresh {integer}

set eapol-fail-intv {integer}

set eapol-pre-succ-flood [enable|disable]

set eapol-pre-succ-thresh {integer}

set eapol-pre-succ-intv {integer}

set eapol-pre-fail-flood [enable|disable]

set eapol-pre-fail-thresh {integer}

set eapol-pre-fail-intv {integer}

set deauth-unknown-src-thresh {integer}

next

end

config wireless-controller wids-profile

Parameter

Description

Type

Size

Default

comment

Comment.

string

Maximum length: 63

sensor-mode

Scan nearby WiFi stations (default = disable).

option

-

disable

 

Option

Description

disable

Disable the scan.

foreign

Enable the scan and monitor foreign channels. Foreign channels are all other available channels than the current operating channel.

both

Enable the scan and monitor both foreign and home channels. Select this option to monitor all WiFi channels.

ap-scan

Enable/disable rogue AP detection.

option

-

disable

 

Option

Description

disable

Disable rogue AP detection.

enable

Enable rogue AP detection.

ap-bgscan-period

Period of time between background scans (10 - 3600 sec, default = 600).

integer

Minimum value: 10 Maximum value: 3600

600

ap-bgscan-intv

Period of time between scanning two channels (1 - 600 sec, default = 1).

integer

Minimum value: 1 Maximum value: 600

1

ap-bgscan-duration

Listening time on a scanning channel (10 - 1000 msec, default = 20).

integer

Minimum value: 10 Maximum value: 1000

20

ap-bgscan-idle

Waiting time for channel inactivity before scanning this channel (0 - 1000 msec, default = 0).

integer

Minimum value: 0 Maximum value: 1000

0

ap-bgscan-report-intv

Period of time between background scan reports (15 - 600 sec, default = 30).

integer

Minimum value: 15 Maximum value: 600

30

ap-bgscan-disable-schedules <name>

Firewall schedules for turning off FortiAP radio background scan. Background scan will be disabled when at least one of the schedules is valid. Separate multiple schedule names with a space.

Schedule name.

string

Maximum length: 35

ap-fgscan-report-intv

Period of time between foreground scan reports (15 - 600 sec, default = 15).

integer

Minimum value: 15 Maximum value: 600

15

ap-scan-passive

Enable/disable passive scanning. Enable means do not send probe request on any channels (default = disable).

option

-

disable

 

Option

Description

enable

Passive scanning on all channels.

disable

Passive scanning only on DFS channels.

ap-scan-threshold

Minimum signal level/threshold in dBm required for the AP to report detected rogue AP (-95 to -20, default = -90).

string

Maximum length: 7

-90

ap-auto-suppress

Enable/disable on-wire rogue AP auto-suppression (default = disable).

option

-

disable

 

Option

Description

enable

Enable on-wire rogue AP auto-suppression.

disable

Disable on-wire rogue AP auto-suppression.

wireless-bridge

Enable/disable wireless bridge detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable wireless bridge detection.

disable

Disable wireless bridge detection.

deauth-broadcast

Enable/disable broadcasting de-authentication detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable broadcast de-authentication detection.

disable

Disable broadcast de-authentication detection.

null-ssid-probe-resp

Enable/disable null SSID probe response detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable null SSID probe resp detection.

disable

Disable null SSID probe resp detection.

long-duration-attack

Enable/disable long duration attack detection based on user configured threshold (default = disable).

option

-

disable

 

Option

Description

enable

Enable long duration attack detection.

disable

Disable long duration attack detection.

long-duration-thresh

Threshold value for long duration attack detection (1000 - 32767 usec, default = 8200).

integer

Minimum value: 1000 Maximum value: 32767

8200

invalid-mac-oui

Enable/disable invalid MAC OUI detection.

option

-

disable

 

Option

Description

enable

Enable invalid MAC OUI detection.

disable

Disable invalid MAC OUI detection.

weak-wep-iv

Enable/disable weak WEP IV (Initialization Vector) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable weak WEP IV detection.

disable

Disable weak WEP IV detection.

auth-frame-flood

Enable/disable authentication frame flooding detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable authentication frame flooding detection.

disable

Disable authentication frame flooding detection.

auth-flood-time

Number of seconds after which a station is considered not connected.

integer

Minimum value: 5 Maximum value: 120

10

auth-flood-thresh

The threshold value for authentication frame flooding.

integer

Minimum value: 1 Maximum value: 100

30

assoc-frame-flood

Enable/disable association frame flooding detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable association frame flooding detection.

disable

Disable association frame flooding detection.

assoc-flood-time

Number of seconds after which a station is considered not connected.

integer

Minimum value: 5 Maximum value: 120

10

assoc-flood-thresh

The threshold value for association frame flooding.

integer

Minimum value: 1 Maximum value: 100

30

spoofed-deauth

Enable/disable spoofed de-authentication attack detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable spoofed de-authentication attack detection.

disable

Disable spoofed de-authentication attack detection.

asleap-attack

Enable/disable asleap attack detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable asleap attack detection.

disable

Disable asleap attack detection.

eapol-start-flood

Enable/disable EAPOL-Start flooding (to AP) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable EAPOL-Start flooding detection.

disable

Disable EAPOL-Start flooding detection.

eapol-start-thresh

The threshold value for EAPOL-Start flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-start-intv

The detection interval for EAPOL-Start flooding (1 - 3600 sec).

integer

Minimum value: 1 Maximum value: 3600

1

eapol-logoff-flood

Enable/disable EAPOL-Logoff flooding (to AP) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable EAPOL-Logoff flooding detection.

disable

Disable EAPOL-Logoff flooding detection.

eapol-logoff-thresh

The threshold value for EAPOL-Logoff flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-logoff-intv

The detection interval for EAPOL-Logoff flooding (1 - 3600 sec).

integer

Minimum value: 1 Maximum value: 3600

1

eapol-succ-flood

Enable/disable EAPOL-Success flooding (to AP) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable EAPOL-Success flooding detection.

disable

Disable EAPOL-Success flooding detection.

eapol-succ-thresh

The threshold value for EAPOL-Success flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-succ-intv

The detection interval for EAPOL-Success flooding (1 - 3600 sec).

integer

Minimum value: 1 Maximum value: 3600

1

eapol-fail-flood

Enable/disable EAPOL-Failure flooding (to AP) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable EAPOL-Failure flooding detection.

disable

Disable EAPOL-Failure flooding detection.

eapol-fail-thresh

The threshold value for EAPOL-Failure flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-fail-intv

The detection interval for EAPOL-Failure flooding (1 - 3600 sec).

integer

Minimum value: 1 Maximum value: 3600

1

eapol-pre-succ-flood

Enable/disable premature EAPOL-Success flooding (to STA) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable premature EAPOL-Success flooding detection.

disable

Disable premature EAPOL-Success flooding detection.

eapol-pre-succ-thresh

The threshold value for premature EAPOL-Success flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-pre-succ-intv

The detection interval for premature EAPOL-Success flooding (1 - 3600 sec).

integer

Minimum value: 1 Maximum value: 3600

1

eapol-pre-fail-flood

Enable/disable premature EAPOL-Failure flooding (to STA) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable premature EAPOL-Failure flooding detection.

disable

Disable premature EAPOL-Failure flooding detection.

eapol-pre-fail-thresh

The threshold value for premature EAPOL-Failure flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-pre-fail-intv

The detection interval for premature EAPOL-Failure flooding (1 - 3600 sec).

integer

Minimum value: 1 Maximum value: 3600

1

deauth-unknown-src-thresh

Threshold value per second to deauth unknown src for DoS attack (0: no limit).

integer

Minimum value: 0 Maximum value: 65535

10

config wireless-controller wids-profile

Configure wireless intrusion detection system (WIDS) profiles.

config wireless-controller wids-profile

Description: Configure wireless intrusion detection system (WIDS) profiles.

edit <name>

set comment {string}

set sensor-mode [disable|foreign|...]

set ap-scan [disable|enable]

set ap-bgscan-period {integer}

set ap-bgscan-intv {integer}

set ap-bgscan-duration {integer}

set ap-bgscan-idle {integer}

set ap-bgscan-report-intv {integer}

set ap-bgscan-disable-schedules <name1>, <name2>, ...

set ap-fgscan-report-intv {integer}

set ap-scan-passive [enable|disable]

set ap-scan-threshold {string}

set ap-auto-suppress [enable|disable]

set wireless-bridge [enable|disable]

set deauth-broadcast [enable|disable]

set null-ssid-probe-resp [enable|disable]

set long-duration-attack [enable|disable]

set long-duration-thresh {integer}

set invalid-mac-oui [enable|disable]

set weak-wep-iv [enable|disable]

set auth-frame-flood [enable|disable]

set auth-flood-time {integer}

set auth-flood-thresh {integer}

set assoc-frame-flood [enable|disable]

set assoc-flood-time {integer}

set assoc-flood-thresh {integer}

set spoofed-deauth [enable|disable]

set asleap-attack [enable|disable]

set eapol-start-flood [enable|disable]

set eapol-start-thresh {integer}

set eapol-start-intv {integer}

set eapol-logoff-flood [enable|disable]

set eapol-logoff-thresh {integer}

set eapol-logoff-intv {integer}

set eapol-succ-flood [enable|disable]

set eapol-succ-thresh {integer}

set eapol-succ-intv {integer}

set eapol-fail-flood [enable|disable]

set eapol-fail-thresh {integer}

set eapol-fail-intv {integer}

set eapol-pre-succ-flood [enable|disable]

set eapol-pre-succ-thresh {integer}

set eapol-pre-succ-intv {integer}

set eapol-pre-fail-flood [enable|disable]

set eapol-pre-fail-thresh {integer}

set eapol-pre-fail-intv {integer}

set deauth-unknown-src-thresh {integer}

next

end

config wireless-controller wids-profile

Parameter

Description

Type

Size

Default

comment

Comment.

string

Maximum length: 63

sensor-mode

Scan nearby WiFi stations (default = disable).

option

-

disable

 

Option

Description

disable

Disable the scan.

foreign

Enable the scan and monitor foreign channels. Foreign channels are all other available channels than the current operating channel.

both

Enable the scan and monitor both foreign and home channels. Select this option to monitor all WiFi channels.

ap-scan

Enable/disable rogue AP detection.

option

-

disable

 

Option

Description

disable

Disable rogue AP detection.

enable

Enable rogue AP detection.

ap-bgscan-period

Period of time between background scans (10 - 3600 sec, default = 600).

integer

Minimum value: 10 Maximum value: 3600

600

ap-bgscan-intv

Period of time between scanning two channels (1 - 600 sec, default = 1).

integer

Minimum value: 1 Maximum value: 600

1

ap-bgscan-duration

Listening time on a scanning channel (10 - 1000 msec, default = 20).

integer

Minimum value: 10 Maximum value: 1000

20

ap-bgscan-idle

Waiting time for channel inactivity before scanning this channel (0 - 1000 msec, default = 0).

integer

Minimum value: 0 Maximum value: 1000

0

ap-bgscan-report-intv

Period of time between background scan reports (15 - 600 sec, default = 30).

integer

Minimum value: 15 Maximum value: 600

30

ap-bgscan-disable-schedules <name>

Firewall schedules for turning off FortiAP radio background scan. Background scan will be disabled when at least one of the schedules is valid. Separate multiple schedule names with a space.

Schedule name.

string

Maximum length: 35

ap-fgscan-report-intv

Period of time between foreground scan reports (15 - 600 sec, default = 15).

integer

Minimum value: 15 Maximum value: 600

15

ap-scan-passive

Enable/disable passive scanning. Enable means do not send probe request on any channels (default = disable).

option

-

disable

 

Option

Description

enable

Passive scanning on all channels.

disable

Passive scanning only on DFS channels.

ap-scan-threshold

Minimum signal level/threshold in dBm required for the AP to report detected rogue AP (-95 to -20, default = -90).

string

Maximum length: 7

-90

ap-auto-suppress

Enable/disable on-wire rogue AP auto-suppression (default = disable).

option

-

disable

 

Option

Description

enable

Enable on-wire rogue AP auto-suppression.

disable

Disable on-wire rogue AP auto-suppression.

wireless-bridge

Enable/disable wireless bridge detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable wireless bridge detection.

disable

Disable wireless bridge detection.

deauth-broadcast

Enable/disable broadcasting de-authentication detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable broadcast de-authentication detection.

disable

Disable broadcast de-authentication detection.

null-ssid-probe-resp

Enable/disable null SSID probe response detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable null SSID probe resp detection.

disable

Disable null SSID probe resp detection.

long-duration-attack

Enable/disable long duration attack detection based on user configured threshold (default = disable).

option

-

disable

 

Option

Description

enable

Enable long duration attack detection.

disable

Disable long duration attack detection.

long-duration-thresh

Threshold value for long duration attack detection (1000 - 32767 usec, default = 8200).

integer

Minimum value: 1000 Maximum value: 32767

8200

invalid-mac-oui

Enable/disable invalid MAC OUI detection.

option

-

disable

 

Option

Description

enable

Enable invalid MAC OUI detection.

disable

Disable invalid MAC OUI detection.

weak-wep-iv

Enable/disable weak WEP IV (Initialization Vector) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable weak WEP IV detection.

disable

Disable weak WEP IV detection.

auth-frame-flood

Enable/disable authentication frame flooding detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable authentication frame flooding detection.

disable

Disable authentication frame flooding detection.

auth-flood-time

Number of seconds after which a station is considered not connected.

integer

Minimum value: 5 Maximum value: 120

10

auth-flood-thresh

The threshold value for authentication frame flooding.

integer

Minimum value: 1 Maximum value: 100

30

assoc-frame-flood

Enable/disable association frame flooding detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable association frame flooding detection.

disable

Disable association frame flooding detection.

assoc-flood-time

Number of seconds after which a station is considered not connected.

integer

Minimum value: 5 Maximum value: 120

10

assoc-flood-thresh

The threshold value for association frame flooding.

integer

Minimum value: 1 Maximum value: 100

30

spoofed-deauth

Enable/disable spoofed de-authentication attack detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable spoofed de-authentication attack detection.

disable

Disable spoofed de-authentication attack detection.

asleap-attack

Enable/disable asleap attack detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable asleap attack detection.

disable

Disable asleap attack detection.

eapol-start-flood

Enable/disable EAPOL-Start flooding (to AP) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable EAPOL-Start flooding detection.

disable

Disable EAPOL-Start flooding detection.

eapol-start-thresh

The threshold value for EAPOL-Start flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-start-intv

The detection interval for EAPOL-Start flooding (1 - 3600 sec).

integer

Minimum value: 1 Maximum value: 3600

1

eapol-logoff-flood

Enable/disable EAPOL-Logoff flooding (to AP) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable EAPOL-Logoff flooding detection.

disable

Disable EAPOL-Logoff flooding detection.

eapol-logoff-thresh

The threshold value for EAPOL-Logoff flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-logoff-intv

The detection interval for EAPOL-Logoff flooding (1 - 3600 sec).

integer

Minimum value: 1 Maximum value: 3600

1

eapol-succ-flood

Enable/disable EAPOL-Success flooding (to AP) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable EAPOL-Success flooding detection.

disable

Disable EAPOL-Success flooding detection.

eapol-succ-thresh

The threshold value for EAPOL-Success flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-succ-intv

The detection interval for EAPOL-Success flooding (1 - 3600 sec).

integer

Minimum value: 1 Maximum value: 3600

1

eapol-fail-flood

Enable/disable EAPOL-Failure flooding (to AP) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable EAPOL-Failure flooding detection.

disable

Disable EAPOL-Failure flooding detection.

eapol-fail-thresh

The threshold value for EAPOL-Failure flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-fail-intv

The detection interval for EAPOL-Failure flooding (1 - 3600 sec).

integer

Minimum value: 1 Maximum value: 3600

1

eapol-pre-succ-flood

Enable/disable premature EAPOL-Success flooding (to STA) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable premature EAPOL-Success flooding detection.

disable

Disable premature EAPOL-Success flooding detection.

eapol-pre-succ-thresh

The threshold value for premature EAPOL-Success flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-pre-succ-intv

The detection interval for premature EAPOL-Success flooding (1 - 3600 sec).

integer

Minimum value: 1 Maximum value: 3600

1

eapol-pre-fail-flood

Enable/disable premature EAPOL-Failure flooding (to STA) detection (default = disable).

option

-

disable

 

Option

Description

enable

Enable premature EAPOL-Failure flooding detection.

disable

Disable premature EAPOL-Failure flooding detection.

eapol-pre-fail-thresh