Wireless network monitoring

Leave a reply

To enable rogue AP scanning with on-wire detection – web-based manager

1. Go to WiFi & Switch Controller > WIDS Profiles.

On some models, the menu is WiFi & Switch Controller.

2. Select an existing WIDS Profile and edit it, or select Create New.

3. Make sure that Enable Rogue AP Detection is selected.

4. Select Enable On-Wire Rogue AP Detection.

5. Optionally, enable Auto Suppress Rogue APs in Foreground Scan.

6. Select OK.

 

 

To enable the rogue AP scanning feature in a custom AP profile – CLI

config wireless-controller wids-profile edit FAP220B-default

set ap-scan enable

set rogue-scan enable end

 

Exempting an AP from rogue scanning

By default, if Rogue AP Detection is enabled, it is enabled on all managed FortiAP units. Optionally, you can exempt an AP from scanning. You should be careful about doing this if your organization must perform scanning to meet PCI-DSS requirements.

 

To exempt an AP from rogue scanning – web-based manager

1. Go to WiFi & Switch Controller > Managed FortiAPs.

2. Select which AP to edit.

3. In Wireless Settings, enable Override Settings.

4. Select Do not participate in Rogue AP Scanning and then select OK.

 

To exempt an AP from rogue scanning – CLI

This example shows how to exempt access point AP1 from rogue scanning.

 

config wireless-controller wtp edit AP1

set override-profile enable set ap-scan disable

end

 

MAC adjacency

You can adjust the maximum WiFi to Ethernet MAC difference used when determining whether an suspect AP is a rogue.

 

To adjust MAC adjacency

For example, to change the adjacency to 8, enter

config wireless-controller global set rogue-scan-mac-adjacency 8

end

 

 

Using the Rogue AP Monitor

Go to Monitor > Rogue AP Monitor to view the list of other wireless access points that are receivable at your location.

 

Information Columns

Actual columns displayed depends on Column Settings.

Rogue AP — Use this status for unauthorized APs that Onwire status indicates are attached to your wired networks.

 

State

Accepted AP — Use this status for APs that are an authorized part of your network or are neighboring APs that are not a security threat. To see accepted APs in the list, select Show Accepted.

 

Unclassified — This is the initial status of a discovered AP. You can change an AP back to unclassified if you have mistakenly marked it as Rogue or Accepted.

Online

Status

Active AP

Inactive AP

Active ad-hoc WiFi device

Inactive ad-hoc WiFi device

SSID               The wireless service set identifier (SSID) or network name for the wireless interface.

Security

Type

The type of security currently being used.

 

Channel         The wireless radio channel that the access point uses.

MAC Address

Vendor

Info

The MAC address of the Wireless interface.

 

The name of the vendor.

Signal

Strength

Detected

By

The relative signal strength of the AP. Mouse over the symbol to view the signal-to-noise ratio.

The name or serial number of the AP unit that detected the signal.

Onwire         A green up-arrow indicates a suspected rogue, based on the on-wire detection technique. A

red down-arrow indicates AP is not a suspected rogue.

First Seen      How long ago this AP was first detected.

Last Seen      How long ago this AP was last detected.

Rate               Data rate in bps.

 

To change the Online Status of an AP, right-click it and select Mark Accepted or Mark Rogue.

 

Suppressing rogue APs

In addition to monitoring rogue APs, you can actively prevent your users from connecting to them. When suppression is activated against an AP, the FortiGate WiFi controller sends deauthentication messages to the rogue AP’s clients, posing as the rogue AP, and also sends deauthentication messages to the rogue AP, posing as its clients. This is done using the monitoring radio.

Before enabling this feature, verify that operation of Rogue Suppression is compliant with the applicable laws and regulations of your region.

To enable rogue AP suppression, you must enable monitoring of rogue APs with the on-wire detection technique. See “Monitoring rogue APs”. The monitoring radio must be in the Dedicated Monitor mode.

 

To activate AP suppression against a rogue AP

1. Go to Monitor > Rogue AP Monitor.

2. When you see an AP listed that is a rogue detected “on-wire”, select it and then select Mark > Mark Rogue.

3. To suppress an AP that is marked as a rogue, select it and then select Suppress AP.

 

To deactivate AP suppression

1. Go to Monitor > Rogue AP Monitor.

2. Select the suppressed rogue AP and then select Suppress AP > Unsuppress AP.

 

Monitoring wireless network health

The Wireless Health Dashboard provides a comprehensive view of the health of your network’s wireless infrastructure. The dashboard includes widgets to display

  • AP Status – Active, Down or missing, up for over 24 hours, rebooted in past 24 hours
  • Client Count Over Time – viewable for past hour, day, or 30 days
  • Top Client Count Per-AP – separate widgets for 2.4GHz and 5GHz bands
  • Top Wireless Interference – separate widgets for 2.4GHz and 5GHz bands, requires spectrum analysis to be enabled on the radios
  • Login Failures Information

 

To view the Wireless Health dashboard, go to Monitor > Wireless Health Monitor.

 


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Pages: 1 2 3

Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.