Configuring rogue scanning

3 Replies

Configuring rogue scanning

All APs using the same FortiAP Profile share the same rogue scanning settings, unless override is configured.

To enable rogue AP scanning with on-wire detection – web-based manager

  1. Go to WiFi & Switch Controller > WIDS Profiles.

On some models, the menu is WiFi & Switch Controller.

  1. Select an existing WIDS Profile and edit it, or select Create New.
  2. Make sure that Enable Rogue AP Detection is selected.
  3. Select Enable On-Wire Rogue AP Detection.
  4. Optionally, enable Auto Suppress Rogue APs in Foreground Scan.
  5. Select OK.

To enable the rogue AP scanning feature in a custom AP profile – CLI

config wireless-controller wids-profile edit FAP220B-default set ap-scan enable set rogue-scan enable

end

Exempting an AP from rogue scanning

By default, if Rogue AP Detection is enabled, it is enabled on all managed FortiAP units. Optionally, you can exempt an AP from scanning. You should be careful about doing this if your organization must perform scanning to meet PCI-DSS requirements.

Monitoring

To exempt an AP from rogue scanning – web-based manager
  1. Go to WiFi & Switch Controller > Managed FortiAPs.
  2. Select which AP to edit.
  3. In Wireless Settings, enable Override Settings.
  4. Select Do not participate in Rogue AP Scanning and then select OK.
To exempt an AP from rogue scanning – CLI

This example shows how to exempt access point AP1 from rogue scanning.

config wireless-controller wtp edit AP1 set override-profile enable set ap-scan disable

end

MAC adjacency

You can adjust the maximum WiFi to Ethernet MAC difference used when determining whether an suspect AP is a rogue.

To adjust MAC adjacency

For example, to change the adjacency to 8, enter

config wireless-controller global set rogue-scan-mac-adjacency 8 end

Monitoring rogue APs                                                                                                  Wireless network monitoring

This entry was posted in Administration Guides, FortiAP, FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

3 thoughts on “Configuring rogue scanning

  1. Luis

    Hi,

    How many Rogue Ap´s can i suppress with this configuration??
    Because in my work, we are surrounded by AP´s and this is affecting my wireless network.

    Reply
      1. Luis

        Hi,

        Thanks for replying my question.
        But i am using right now an AP in Dedicated Monitor mode, and i am not feeling any difference and my wireless connection is slower than my wired connection. And this option, i don´t know the porpouse: (Enable Passive Scan Mode), i searched in Google but i don´t find anything about it.

        Thanks for your time.

        Reply

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.