Fortinet white logo
Fortinet white logo

Administration Guide

Rogue APs

Rogue APs

You can use Rogue AP detection to scan for and identify unauthorized wireless access points in the area. Detected APs are displayed in the View Rogue APs table where you can view details about the AP, including the SSID and network status. Rogue APs connected to your wired network can be identified using the On-Wire column in the table.

For more information about Rogue AP detection, see the FortiAP/FortiWiFi Configuration Guide.

The following options are available:

Mark As

Mark a rogue AP as:

  • Accepted: for APs that are an authorized part of your network or are neighboring APs that are not a security threat.
  • Rogue: for unauthorized APs that On-wire status indicates are attached to your wired networks.
  • Unclassified: the initial status of a discovered AP. You can change an AP back to unclassified if you have mistakenly marked it as Rogue or Accepted.

Suppress AP

Suppress the selected APs. This will prevent users from connecting to the AP. When suppression is activated against an AP, the controller sends deauthentication messages to the rogue AP’s clients posing as the rogue AP, and also sends deauthentication messages to the rogue AP posing as its clients.

Before enabling this feature, verify that operation of Rogue Suppression is compliant with the applicable laws and regulations of your region.

Unsuppress AP

Turn of suppression for the selected rogue APs.

Refresh

Refresh the rogue AP list.

Column Settings

Click to select which columns to display or select Reset to Default to display the default columns.

The following columns are available:

State

The state of the AP:

  • Suppressed: red suppressed icon
  • Rogue: orange rogue icon
  • Accepted: green wireless signal mark
  • Unclassified: gray question mark

Status

Whether the AP is active (green) or inactive (orange).

SSID

The wireless service set identifier (SSID) or network name for the wireless interface.

Security Type

The type of security currently being used.

Channel

The wireless radio channel that the access point uses.

MAC Address

The MAC address of the wireless interface.

Vendor Info

The name of the vendor.

Signal Strength

The relative signal strength of the AP.

Detected By

The name or serial number of the AP unit that detected the signal.

On-Wire

A green up-arrow indicates a suspected rogue, based on the on-wire detection technique. An orange down-arrow indicates AP is not a suspected rogue.

First Seen

How long ago this AP was first detected. This column is not visible by default.

Last Seen

How long ago this AP was last detected. This column is not visible by default.

Rate

The data rate in, bps. This column is not visible by default.

Rogue APs

Rogue APs

You can use Rogue AP detection to scan for and identify unauthorized wireless access points in the area. Detected APs are displayed in the View Rogue APs table where you can view details about the AP, including the SSID and network status. Rogue APs connected to your wired network can be identified using the On-Wire column in the table.

For more information about Rogue AP detection, see the FortiAP/FortiWiFi Configuration Guide.

The following options are available:

Mark As

Mark a rogue AP as:

  • Accepted: for APs that are an authorized part of your network or are neighboring APs that are not a security threat.
  • Rogue: for unauthorized APs that On-wire status indicates are attached to your wired networks.
  • Unclassified: the initial status of a discovered AP. You can change an AP back to unclassified if you have mistakenly marked it as Rogue or Accepted.

Suppress AP

Suppress the selected APs. This will prevent users from connecting to the AP. When suppression is activated against an AP, the controller sends deauthentication messages to the rogue AP’s clients posing as the rogue AP, and also sends deauthentication messages to the rogue AP posing as its clients.

Before enabling this feature, verify that operation of Rogue Suppression is compliant with the applicable laws and regulations of your region.

Unsuppress AP

Turn of suppression for the selected rogue APs.

Refresh

Refresh the rogue AP list.

Column Settings

Click to select which columns to display or select Reset to Default to display the default columns.

The following columns are available:

State

The state of the AP:

  • Suppressed: red suppressed icon
  • Rogue: orange rogue icon
  • Accepted: green wireless signal mark
  • Unclassified: gray question mark

Status

Whether the AP is active (green) or inactive (orange).

SSID

The wireless service set identifier (SSID) or network name for the wireless interface.

Security Type

The type of security currently being used.

Channel

The wireless radio channel that the access point uses.

MAC Address

The MAC address of the wireless interface.

Vendor Info

The name of the vendor.

Signal Strength

The relative signal strength of the AP.

Detected By

The name or serial number of the AP unit that detected the signal.

On-Wire

A green up-arrow indicates a suspected rogue, based on the on-wire detection technique. An orange down-arrow indicates AP is not a suspected rogue.

First Seen

How long ago this AP was first detected. This column is not visible by default.

Last Seen

How long ago this AP was last detected. This column is not visible by default.

Rate

The data rate in, bps. This column is not visible by default.