Chapter 7 – PCI DSS Compliance


Viewing the results of rogue AP scanning

Go to Monitor > Rogue AP Monitor to view information about detected rogue wireless access points.


Logging the results of rogue AP scanning

To ensure that detection of rogue access points is logged, go to Log & Report > Log Settings, enable Event

Logging and select WiFi activity event.

Securing a CDE network wireless access point

If your wireless network is within PCI DSS scope, it must meet the following requirements:

  • Default settings such as SSID and passphrases must be changed.
  • Use WPA/WPA2 security.
  • Log wireless activity.


Setting wireless security

On FortiGate units, go to WiFi & Switch Controller > SSID to configure wireless security settings for either a new or existing virtual access point.

The default SSID for the FortiAP is “fortinet”. You must change this.

The Security Mode must be set to one of the WPA2 modes. Both WPA or WPA2 clients can be served. In the CLI, you can optionally select exclusively WPA or WPA2 operation.

WPA/WPA2-Enterprise Authentication uses separate logon credentials for each user. Either FortiGate user group security or an external RADIUS server performs the authentication. Optionally, certificate-based security can also be applied. WPA/WPA2-Personal authentication requires a single pre-shared key that is used by all clients and is thus less secure.

For detailed information about wireless access points, see the Deploying Wireless Networks chapter of the FortiOS Handbook.


Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!

Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos

Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos