Fortinet black logo

Administration Guide

Rogue APs

You can use Rogue AP detection to scan for and identify unauthorized wireless access points in the area. Detected APs are displayed in the View Rogue APs table where you can view details about the AP, including the SSID and network status. Rogue APs connected to your wired network can be identified using the On-Wire column in the table.

For more information about Rogue AP detection, see the FortiAP/FortiWiFi Configuration Guide.

To view Rogue APs:
  1. Go to AP Manager > Managed FortiAPs..
  2. In the toolbar, click More > View Rogue APs. The rogue AP list is displayed.

    The following options are available:

    Mark As

    Mark a rogue AP as:

    • Accepted: for APs that are an authorized part of your network or are neighboring APs that are not a security threat.
    • Rogue: for unauthorized APs that On-wire status indicates are attached to your wired networks.
    • Unclassified: the initial status of a discovered AP. You can change an AP back to unclassified if you have mistakenly marked it as Rogue or Accepted.

    Suppress AP

    Suppress the selected APs. This will prevent users from connecting to the AP. When suppression is activated against an AP, the controller sends deauthentication messages to the rogue AP’s clients posing as the rogue AP, and also sends deauthentication messages to the rogue AP posing as its clients.

    Before enabling this feature, verify that operation of Rogue Suppression is compliant with the applicable laws and regulations of your region.

    Unsuppress AP

    Turn of suppression for the selected rogue APs.

    Refresh

    Refresh the rogue AP list.

    Column Settings

    Click to select which columns to display or select Reset to Default to display the default columns.

    The following columns are available:

    State

    The state of the AP:

    • Suppressed: red suppressed icon
    • Rogue: orange rogue icon
    • Accepted: green wireless signal mark
    • Unclassified: gray question mark

    Status

    Whether the AP is active (green) or inactive (orange).

    SSID

    The wireless service set identifier (SSID) or network name for the wireless interface.

    Security Type

    The type of security currently being used.

    Channel

    The wireless radio channel that the access point uses.

    MAC Address

    The MAC address of the wireless interface.

    Vendor Info

    The name of the vendor.

    Signal Strength

    The relative signal strength of the AP.

    Detected By

    The name or serial number of the AP unit that detected the signal.

    On-Wire

    A green up-arrow indicates a suspected rogue, based on the on-wire detection technique. An orange down-arrow indicates AP is not a suspected rogue.

    First Seen

    How long ago this AP was first detected. This column is not visible by default.

    Last Seen

    How long ago this AP was last detected. This column is not visible by default.

    Rate

    The data rate in, bps. This column is not visible by default.

You can use Rogue AP detection to scan for and identify unauthorized wireless access points in the area. Detected APs are displayed in the View Rogue APs table where you can view details about the AP, including the SSID and network status. Rogue APs connected to your wired network can be identified using the On-Wire column in the table.

For more information about Rogue AP detection, see the FortiAP/FortiWiFi Configuration Guide.

To view Rogue APs:
  1. Go to AP Manager > Managed FortiAPs..
  2. In the toolbar, click More > View Rogue APs. The rogue AP list is displayed.

    The following options are available:

    Mark As

    Mark a rogue AP as:

    • Accepted: for APs that are an authorized part of your network or are neighboring APs that are not a security threat.
    • Rogue: for unauthorized APs that On-wire status indicates are attached to your wired networks.
    • Unclassified: the initial status of a discovered AP. You can change an AP back to unclassified if you have mistakenly marked it as Rogue or Accepted.

    Suppress AP

    Suppress the selected APs. This will prevent users from connecting to the AP. When suppression is activated against an AP, the controller sends deauthentication messages to the rogue AP’s clients posing as the rogue AP, and also sends deauthentication messages to the rogue AP posing as its clients.

    Before enabling this feature, verify that operation of Rogue Suppression is compliant with the applicable laws and regulations of your region.

    Unsuppress AP

    Turn of suppression for the selected rogue APs.

    Refresh

    Refresh the rogue AP list.

    Column Settings

    Click to select which columns to display or select Reset to Default to display the default columns.

    The following columns are available:

    State

    The state of the AP:

    • Suppressed: red suppressed icon
    • Rogue: orange rogue icon
    • Accepted: green wireless signal mark
    • Unclassified: gray question mark

    Status

    Whether the AP is active (green) or inactive (orange).

    SSID

    The wireless service set identifier (SSID) or network name for the wireless interface.

    Security Type

    The type of security currently being used.

    Channel

    The wireless radio channel that the access point uses.

    MAC Address

    The MAC address of the wireless interface.

    Vendor Info

    The name of the vendor.

    Signal Strength

    The relative signal strength of the AP.

    Detected By

    The name or serial number of the AP unit that detected the signal.

    On-Wire

    A green up-arrow indicates a suspected rogue, based on the on-wire detection technique. An orange down-arrow indicates AP is not a suspected rogue.

    First Seen

    How long ago this AP was first detected. This column is not visible by default.

    Last Seen

    How long ago this AP was last detected. This column is not visible by default.

    Rate

    The data rate in, bps. This column is not visible by default.