Suppressing rogue APs
In addition to monitoring rogue APs, you can actively prevent your users from connecting to them. When suppression is activated against an AP, the FortiGate WiFi controller sends deauthentication messages to the rogue AP’s clients, posing as the rogue AP, and also sends deauthentication messages to the rogue AP, posing as its clients. This is done using the monitoring radio.
To enable rogue AP suppression, you must enable monitoring of rogue APs with the on-wire detection technique. See “Monitoring rogue APs”. The monitoring radio must be in the Dedicated Monitor mode.
To activate AP suppression against a rogue AP
- Go to Monitor > Rogue AP Monitor.
- When you see an AP listed that is a rogue detected “on-wire”, select it and then select Mark > Mark Rogue.
- To suppress an AP that is marked as a rogue, select it and then select Suppress AP.
To deactivate AP suppression
- Go to Monitor > Rogue AP Monitor.
- Select the suppressed rogue AP and then select Suppress AP > Unsuppress AP.