Suppressing rogue APs

Suppressing rogue APs

In addition to monitoring rogue APs, you can actively prevent your users from connecting to them. When suppression is activated against an AP, the FortiGate WiFi controller sends deauthentication messages to the rogue AP’s clients, posing as the rogue AP, and also sends deauthentication messages to the rogue AP, posing as its clients. This is done using the monitoring radio.

To enable rogue AP suppression, you must enable monitoring of rogue APs with the on-wire detection technique. See “Monitoring rogue APs”. The monitoring radio must be in the Dedicated Monitor mode.

To activate AP suppression against a rogue AP

  1. Go to Monitor > Rogue AP Monitor.
  2. When you see an AP listed that is a rogue detected “on-wire”, select it and then select Mark > Mark Rogue.
  3. To suppress an AP that is marked as a rogue, select it and then select Suppress AP.

To deactivate AP suppression

  1. Go to Monitor > Rogue AP Monitor.
  2. Select the suppressed rogue AP and then select Suppress AP > Unsuppress AP.
This entry was posted in Administration Guides, FortiAP, FortiOS 5.6 on by .

About Mike

Michael Pruett, CISSP has a wide range of cyber-security and network engineering expertise. The plethora of vendors that resell hardware but have zero engineering knowledge resulting in the wrong hardware or configuration being deployed is a major pet peeve of Michael's. This site was started in an effort to spread information while providing the option of quality consulting services at a much lower price than Fortinet Professional Services. Owns PacketLlama.Com (Fortinet Hardware Sales) and Office Of The CISO, LLC (Cybersecurity consulting firm).

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.