Fortinet black logo

CLI Reference

config wireless-controller wids-profile

config wireless-controller wids-profile

Configure wireless intrusion detection system (WIDS) profiles.

config wireless-controller wids-profile
    Description: Configure wireless intrusion detection system (WIDS) profiles.
    edit <name>
        set ap-auto-suppress [enable|disable]
        set ap-bgscan-disable-schedules <name1>, <name2>, ...
        set ap-bgscan-duration {integer}
        set ap-bgscan-idle {integer}
        set ap-bgscan-intv {integer}
        set ap-bgscan-period {integer}
        set ap-bgscan-report-intv {integer}
        set ap-fgscan-report-intv {integer}
        set ap-scan [disable|enable]
        set ap-scan-passive [enable|disable]
        set ap-scan-threshold {string}
        set asleap-attack [enable|disable]
        set assoc-flood-thresh {integer}
        set assoc-flood-time {integer}
        set assoc-frame-flood [enable|disable]
        set auth-flood-thresh {integer}
        set auth-flood-time {integer}
        set auth-frame-flood [enable|disable]
        set comment {string}
        set deauth-broadcast [enable|disable]
        set deauth-unknown-src-thresh {integer}
        set eapol-fail-flood [enable|disable]
        set eapol-fail-intv {integer}
        set eapol-fail-thresh {integer}
        set eapol-logoff-flood [enable|disable]
        set eapol-logoff-intv {integer}
        set eapol-logoff-thresh {integer}
        set eapol-pre-fail-flood [enable|disable]
        set eapol-pre-fail-intv {integer}
        set eapol-pre-fail-thresh {integer}
        set eapol-pre-succ-flood [enable|disable]
        set eapol-pre-succ-intv {integer}
        set eapol-pre-succ-thresh {integer}
        set eapol-start-flood [enable|disable]
        set eapol-start-intv {integer}
        set eapol-start-thresh {integer}
        set eapol-succ-flood [enable|disable]
        set eapol-succ-intv {integer}
        set eapol-succ-thresh {integer}
        set invalid-mac-oui [enable|disable]
        set long-duration-attack [enable|disable]
        set long-duration-thresh {integer}
        set null-ssid-probe-resp [enable|disable]
        set sensor-mode [disable|foreign|...]
        set spoofed-deauth [enable|disable]
        set weak-wep-iv [enable|disable]
        set wireless-bridge [enable|disable]
    next
end

config wireless-controller wids-profile

Parameter

Description

Type

Size

Default

ap-auto-suppress

Enable/disable on-wire rogue AP auto-suppression.

option

-

disable

Option

Description

enable

Enable on-wire rogue AP auto-suppression.

disable

Disable on-wire rogue AP auto-suppression.

ap-bgscan-disable-schedules <name>

Firewall schedules for turning off FortiAP radio background scan. Background scan will be disabled when at least one of the schedules is valid. Separate multiple schedule names with a space.

Schedule name.

string

Maximum length: 35

ap-bgscan-duration

Listen time on scanning a channel.

integer

Minimum value: 10 Maximum value: 1000

30

ap-bgscan-idle

Wait time for channel inactivity before scanning this channel.

integer

Minimum value: 0 Maximum value: 1000

20

ap-bgscan-intv

Period between successive channel scans.

integer

Minimum value: 1 Maximum value: 600

3

ap-bgscan-period

Period between background scans.

integer

Minimum value: 10 Maximum value: 3600

600

ap-bgscan-report-intv

Period between background scan reports.

integer

Minimum value: 15 Maximum value: 600

30

ap-fgscan-report-intv

Period between foreground scan reports.

integer

Minimum value: 15 Maximum value: 600

15

ap-scan

Enable/disable rogue AP detection.

option

-

disable

Option

Description

disable

Disable rogue AP detection.

enable

Enable rogue AP detection.

ap-scan-passive

Enable/disable passive scanning. Enable means do not send probe request on any channels.

option

-

disable

Option

Description

enable

Passive scanning on all channels.

disable

Passive scanning only on DFS channels.

ap-scan-threshold

Minimum signal level/threshold in dBm required for the AP to report detected rogue AP.

string

Maximum length: 7

-90

asleap-attack

Enable/disable asleap attack detection.

option

-

disable

Option

Description

enable

Enable asleap attack detection.

disable

Disable asleap attack detection.

assoc-flood-thresh

The threshold value for association frame flooding.

integer

Minimum value: 1 Maximum value: 100

30

assoc-flood-time

Number of seconds after which a station is considered not connected.

integer

Minimum value: 5 Maximum value: 120

10

assoc-frame-flood

Enable/disable association frame flooding detection.

option

-

disable

Option

Description

enable

Enable association frame flooding detection.

disable

Disable association frame flooding detection.

auth-flood-thresh

The threshold value for authentication frame flooding.

integer

Minimum value: 1 Maximum value: 100

30

auth-flood-time

Number of seconds after which a station is considered not connected.

integer

Minimum value: 5 Maximum value: 120

10

auth-frame-flood

Enable/disable authentication frame flooding detection.

option

-

disable

Option

Description

enable

Enable authentication frame flooding detection.

disable

Disable authentication frame flooding detection.

comment

Comment.

string

Maximum length: 63

deauth-broadcast

Enable/disable broadcasting de-authentication detection.

option

-

disable

Option

Description

enable

Enable broadcast de-authentication detection.

disable

Disable broadcast de-authentication detection.

deauth-unknown-src-thresh

Threshold value per second to deauth unknown src for DoS attack (0: no limit).

integer

Minimum value: 0 Maximum value: 65535

10

eapol-fail-flood

Enable/disable EAPOL-Failure flooding.

option

-

disable

Option

Description

enable

Enable EAPOL-Failure flooding detection.

disable

Disable EAPOL-Failure flooding detection.

eapol-fail-intv

The detection interval for EAPOL-Failure flooding.

integer

Minimum value: 1 Maximum value: 3600

1

eapol-fail-thresh

The threshold value for EAPOL-Failure flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-logoff-flood

Enable/disable EAPOL-Logoff flooding.

option

-

disable

Option

Description

enable

Enable EAPOL-Logoff flooding detection.

disable

Disable EAPOL-Logoff flooding detection.

eapol-logoff-intv

The detection interval for EAPOL-Logoff flooding.

integer

Minimum value: 1 Maximum value: 3600

1

eapol-logoff-thresh

The threshold value for EAPOL-Logoff flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-pre-fail-flood

Enable/disable premature EAPOL-Failure flooding.

option

-

disable

Option

Description

enable

Enable premature EAPOL-Failure flooding detection.

disable

Disable premature EAPOL-Failure flooding detection.

eapol-pre-fail-intv

The detection interval for premature EAPOL-Failure flooding.

integer

Minimum value: 1 Maximum value: 3600

1

eapol-pre-fail-thresh

The threshold value for premature EAPOL-Failure flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-pre-succ-flood

Enable/disable premature EAPOL-Success flooding.

option

-

disable

Option

Description

enable

Enable premature EAPOL-Success flooding detection.

disable

Disable premature EAPOL-Success flooding detection.

eapol-pre-succ-intv

The detection interval for premature EAPOL-Success flooding.

integer

Minimum value: 1 Maximum value: 3600

1

eapol-pre-succ-thresh

The threshold value for premature EAPOL-Success flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-start-flood

Enable/disable EAPOL-Start flooding.

option

-

disable

Option

Description

enable

Enable EAPOL-Start flooding detection.

disable

Disable EAPOL-Start flooding detection.

eapol-start-intv

The detection interval for EAPOL-Start flooding.

integer

Minimum value: 1 Maximum value: 3600

1

eapol-start-thresh

The threshold value for EAPOL-Start flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-succ-flood

Enable/disable EAPOL-Success flooding.

option

-

disable

Option

Description

enable

Enable EAPOL-Success flooding detection.

disable

Disable EAPOL-Success flooding detection.

eapol-succ-intv

The detection interval for EAPOL-Success flooding.

integer

Minimum value: 1 Maximum value: 3600

1

eapol-succ-thresh

The threshold value for EAPOL-Success flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

invalid-mac-oui

Enable/disable invalid MAC OUI detection.

option

-

disable

Option

Description

enable

Enable invalid MAC OUI detection.

disable

Disable invalid MAC OUI detection.

long-duration-attack

Enable/disable long duration attack detection based on user configured threshold.

option

-

disable

Option

Description

enable

Enable long duration attack detection.

disable

Disable long duration attack detection.

long-duration-thresh

Threshold value for long duration attack detection.

integer

Minimum value: 1000 Maximum value: 32767

8200

name

WIDS profile name.

string

Maximum length: 35

null-ssid-probe-resp

Enable/disable null SSID probe response detection.

option

-

disable

Option

Description

enable

Enable null SSID probe resp detection.

disable

Disable null SSID probe resp detection.

sensor-mode

Scan nearby WiFi stations.

option

-

disable

Option

Description

disable

Disable the scan.

foreign

Enable the scan and monitor foreign channels. Foreign channels are all other available channels than the current operating channel.

both

Enable the scan and monitor both foreign and home channels. Select this option to monitor all WiFi channels.

spoofed-deauth

Enable/disable spoofed de-authentication attack detection.

option

-

disable

Option

Description

enable

Enable spoofed de-authentication attack detection.

disable

Disable spoofed de-authentication attack detection.

weak-wep-iv

Enable/disable weak WEP IV.

option

-

disable

Option

Description

enable

Enable weak WEP IV detection.

disable

Disable weak WEP IV detection.

wireless-bridge

Enable/disable wireless bridge detection.

option

-

disable

Option

Description

enable

Enable wireless bridge detection.

disable

Disable wireless bridge detection.

config wireless-controller wids-profile

Configure wireless intrusion detection system (WIDS) profiles.

config wireless-controller wids-profile
    Description: Configure wireless intrusion detection system (WIDS) profiles.
    edit <name>
        set ap-auto-suppress [enable|disable]
        set ap-bgscan-disable-schedules <name1>, <name2>, ...
        set ap-bgscan-duration {integer}
        set ap-bgscan-idle {integer}
        set ap-bgscan-intv {integer}
        set ap-bgscan-period {integer}
        set ap-bgscan-report-intv {integer}
        set ap-fgscan-report-intv {integer}
        set ap-scan [disable|enable]
        set ap-scan-passive [enable|disable]
        set ap-scan-threshold {string}
        set asleap-attack [enable|disable]
        set assoc-flood-thresh {integer}
        set assoc-flood-time {integer}
        set assoc-frame-flood [enable|disable]
        set auth-flood-thresh {integer}
        set auth-flood-time {integer}
        set auth-frame-flood [enable|disable]
        set comment {string}
        set deauth-broadcast [enable|disable]
        set deauth-unknown-src-thresh {integer}
        set eapol-fail-flood [enable|disable]
        set eapol-fail-intv {integer}
        set eapol-fail-thresh {integer}
        set eapol-logoff-flood [enable|disable]
        set eapol-logoff-intv {integer}
        set eapol-logoff-thresh {integer}
        set eapol-pre-fail-flood [enable|disable]
        set eapol-pre-fail-intv {integer}
        set eapol-pre-fail-thresh {integer}
        set eapol-pre-succ-flood [enable|disable]
        set eapol-pre-succ-intv {integer}
        set eapol-pre-succ-thresh {integer}
        set eapol-start-flood [enable|disable]
        set eapol-start-intv {integer}
        set eapol-start-thresh {integer}
        set eapol-succ-flood [enable|disable]
        set eapol-succ-intv {integer}
        set eapol-succ-thresh {integer}
        set invalid-mac-oui [enable|disable]
        set long-duration-attack [enable|disable]
        set long-duration-thresh {integer}
        set null-ssid-probe-resp [enable|disable]
        set sensor-mode [disable|foreign|...]
        set spoofed-deauth [enable|disable]
        set weak-wep-iv [enable|disable]
        set wireless-bridge [enable|disable]
    next
end

config wireless-controller wids-profile

Parameter

Description

Type

Size

Default

ap-auto-suppress

Enable/disable on-wire rogue AP auto-suppression.

option

-

disable

Option

Description

enable

Enable on-wire rogue AP auto-suppression.

disable

Disable on-wire rogue AP auto-suppression.

ap-bgscan-disable-schedules <name>

Firewall schedules for turning off FortiAP radio background scan. Background scan will be disabled when at least one of the schedules is valid. Separate multiple schedule names with a space.

Schedule name.

string

Maximum length: 35

ap-bgscan-duration

Listen time on scanning a channel.

integer

Minimum value: 10 Maximum value: 1000

30

ap-bgscan-idle

Wait time for channel inactivity before scanning this channel.

integer

Minimum value: 0 Maximum value: 1000

20

ap-bgscan-intv

Period between successive channel scans.

integer

Minimum value: 1 Maximum value: 600

3

ap-bgscan-period

Period between background scans.

integer

Minimum value: 10 Maximum value: 3600

600

ap-bgscan-report-intv

Period between background scan reports.

integer

Minimum value: 15 Maximum value: 600

30

ap-fgscan-report-intv

Period between foreground scan reports.

integer

Minimum value: 15 Maximum value: 600

15

ap-scan

Enable/disable rogue AP detection.

option

-

disable

Option

Description

disable

Disable rogue AP detection.

enable

Enable rogue AP detection.

ap-scan-passive

Enable/disable passive scanning. Enable means do not send probe request on any channels.

option

-

disable

Option

Description

enable

Passive scanning on all channels.

disable

Passive scanning only on DFS channels.

ap-scan-threshold

Minimum signal level/threshold in dBm required for the AP to report detected rogue AP.

string

Maximum length: 7

-90

asleap-attack

Enable/disable asleap attack detection.

option

-

disable

Option

Description

enable

Enable asleap attack detection.

disable

Disable asleap attack detection.

assoc-flood-thresh

The threshold value for association frame flooding.

integer

Minimum value: 1 Maximum value: 100

30

assoc-flood-time

Number of seconds after which a station is considered not connected.

integer

Minimum value: 5 Maximum value: 120

10

assoc-frame-flood

Enable/disable association frame flooding detection.

option

-

disable

Option

Description

enable

Enable association frame flooding detection.

disable

Disable association frame flooding detection.

auth-flood-thresh

The threshold value for authentication frame flooding.

integer

Minimum value: 1 Maximum value: 100

30

auth-flood-time

Number of seconds after which a station is considered not connected.

integer

Minimum value: 5 Maximum value: 120

10

auth-frame-flood

Enable/disable authentication frame flooding detection.

option

-

disable

Option

Description

enable

Enable authentication frame flooding detection.

disable

Disable authentication frame flooding detection.

comment

Comment.

string

Maximum length: 63

deauth-broadcast

Enable/disable broadcasting de-authentication detection.

option

-

disable

Option

Description

enable

Enable broadcast de-authentication detection.

disable

Disable broadcast de-authentication detection.

deauth-unknown-src-thresh

Threshold value per second to deauth unknown src for DoS attack (0: no limit).

integer

Minimum value: 0 Maximum value: 65535

10

eapol-fail-flood

Enable/disable EAPOL-Failure flooding.

option

-

disable

Option

Description

enable

Enable EAPOL-Failure flooding detection.

disable

Disable EAPOL-Failure flooding detection.

eapol-fail-intv

The detection interval for EAPOL-Failure flooding.

integer

Minimum value: 1 Maximum value: 3600

1

eapol-fail-thresh

The threshold value for EAPOL-Failure flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-logoff-flood

Enable/disable EAPOL-Logoff flooding.

option

-

disable

Option

Description

enable

Enable EAPOL-Logoff flooding detection.

disable

Disable EAPOL-Logoff flooding detection.

eapol-logoff-intv

The detection interval for EAPOL-Logoff flooding.

integer

Minimum value: 1 Maximum value: 3600

1

eapol-logoff-thresh

The threshold value for EAPOL-Logoff flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-pre-fail-flood

Enable/disable premature EAPOL-Failure flooding.

option

-

disable

Option

Description

enable

Enable premature EAPOL-Failure flooding detection.

disable

Disable premature EAPOL-Failure flooding detection.

eapol-pre-fail-intv

The detection interval for premature EAPOL-Failure flooding.

integer

Minimum value: 1 Maximum value: 3600

1

eapol-pre-fail-thresh

The threshold value for premature EAPOL-Failure flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-pre-succ-flood

Enable/disable premature EAPOL-Success flooding.

option

-

disable

Option

Description

enable

Enable premature EAPOL-Success flooding detection.

disable

Disable premature EAPOL-Success flooding detection.

eapol-pre-succ-intv

The detection interval for premature EAPOL-Success flooding.

integer

Minimum value: 1 Maximum value: 3600

1

eapol-pre-succ-thresh

The threshold value for premature EAPOL-Success flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-start-flood

Enable/disable EAPOL-Start flooding.

option

-

disable

Option

Description

enable

Enable EAPOL-Start flooding detection.

disable

Disable EAPOL-Start flooding detection.

eapol-start-intv

The detection interval for EAPOL-Start flooding.

integer

Minimum value: 1 Maximum value: 3600

1

eapol-start-thresh

The threshold value for EAPOL-Start flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

eapol-succ-flood

Enable/disable EAPOL-Success flooding.

option

-

disable

Option

Description

enable

Enable EAPOL-Success flooding detection.

disable

Disable EAPOL-Success flooding detection.

eapol-succ-intv

The detection interval for EAPOL-Success flooding.

integer

Minimum value: 1 Maximum value: 3600

1

eapol-succ-thresh

The threshold value for EAPOL-Success flooding in specified interval.

integer

Minimum value: 2 Maximum value: 100

10

invalid-mac-oui

Enable/disable invalid MAC OUI detection.

option

-

disable

Option

Description

enable

Enable invalid MAC OUI detection.

disable

Disable invalid MAC OUI detection.

long-duration-attack

Enable/disable long duration attack detection based on user configured threshold.

option

-

disable

Option

Description

enable

Enable long duration attack detection.

disable

Disable long duration attack detection.

long-duration-thresh

Threshold value for long duration attack detection.

integer

Minimum value: 1000 Maximum value: 32767

8200

name

WIDS profile name.

string

Maximum length: 35

null-ssid-probe-resp

Enable/disable null SSID probe response detection.

option

-

disable

Option

Description

enable

Enable null SSID probe resp detection.

disable

Disable null SSID probe resp detection.

sensor-mode

Scan nearby WiFi stations.

option

-

disable

Option

Description

disable

Disable the scan.

foreign

Enable the scan and monitor foreign channels. Foreign channels are all other available channels than the current operating channel.

both

Enable the scan and monitor both foreign and home channels. Select this option to monitor all WiFi channels.

spoofed-deauth

Enable/disable spoofed de-authentication attack detection.

option

-

disable

Option

Description

enable

Enable spoofed de-authentication attack detection.

disable

Disable spoofed de-authentication attack detection.

weak-wep-iv

Enable/disable weak WEP IV.

option

-

disable

Option

Description

enable

Enable weak WEP IV detection.

disable

Disable weak WEP IV detection.

wireless-bridge

Enable/disable wireless bridge detection.

option

-

disable

Option

Description

enable

Enable wireless bridge detection.

disable

Disable wireless bridge detection.