Fortinet black logo

FortiWLC Release Notes

Home Wireless Controller 8.6.0 FortiWLC Release Notes
8.6.0
8.6.7
8.6.6
8.6.5
8.6.4
8.6.3
8.6.2
8.6.1
8.6.0
8.5.5
8.5.4
8.5.3
8.5.2
8.5.1
8.5.0

WIPS - Rogue Access Point Classification

WIPS - Rogue Access Point Classification

The access points detected by the controller are categorized as rogue and friendly based on specific rules that you configure. You can configure multiple rules; these rules are assigned different priorities. When a rogue access point is detected its attributes (ESSID, RSSI, Security mode, and discovered by APs count) are matched against the configured rules and its classification type is defined by the matching rule with highest priority.

You can configure the following detection mechanisms for rogue APs.

  • SSID Spoof Detection - SSID spoofing involves rogue access points beaconing same SSID name as a FortiWLC managed AP.
  • MAC Spoof Detection - In a MAC spoofing attack, rogue access points beacon same BSSID as a known managed AP, attracting clients and resources to connect to the fake network/SSID for exploiting data.
    In the case of SSID and MAC spoofing events, clients connected to the rogue APs are de-authenticated and valid notifications are raised about the presence of rogue APs.
    Note: SSID and MAC spoofing detection is only for wireless clients.
  • Wired Rogue Detection - Classified Rogue APs detected on the wired network.

The classification of APs as rogue and friendly is aided through the configuration of a unique token string. This token is broadcast as part of the beacons.

Navigate to Configuration > Wireless Intrusion > WIPS > Rogue APs > Global Settings.

Navigate to Configuration > Wireless Intrusion > WIPS > Rogue APs > Classification Settings.

All devices classified as Rogue APs, Suspected Rogue APs, Friendly APs, and Rogue Stations, based on the configured classification settings are displayed on this page.

Navigate to Configuration > Wireless Intrusion > WIPS > Rogue Classification.

Previous
Next

WIPS - Rogue Access Point Classification

The access points detected by the controller are categorized as rogue and friendly based on specific rules that you configure. You can configure multiple rules; these rules are assigned different priorities. When a rogue access point is detected its attributes (ESSID, RSSI, Security mode, and discovered by APs count) are matched against the configured rules and its classification type is defined by the matching rule with highest priority.

You can configure the following detection mechanisms for rogue APs.

  • SSID Spoof Detection - SSID spoofing involves rogue access points beaconing same SSID name as a FortiWLC managed AP.
  • MAC Spoof Detection - In a MAC spoofing attack, rogue access points beacon same BSSID as a known managed AP, attracting clients and resources to connect to the fake network/SSID for exploiting data.
    In the case of SSID and MAC spoofing events, clients connected to the rogue APs are de-authenticated and valid notifications are raised about the presence of rogue APs.
    Note: SSID and MAC spoofing detection is only for wireless clients.
  • Wired Rogue Detection - Classified Rogue APs detected on the wired network.

The classification of APs as rogue and friendly is aided through the configuration of a unique token string. This token is broadcast as part of the beacons.

Navigate to Configuration > Wireless Intrusion > WIPS > Rogue APs > Global Settings.

Navigate to Configuration > Wireless Intrusion > WIPS > Rogue APs > Classification Settings.

All devices classified as Rogue APs, Suspected Rogue APs, Friendly APs, and Rogue Stations, based on the configured classification settings are displayed on this page.

Navigate to Configuration > Wireless Intrusion > WIPS > Rogue Classification.

Previous
Next