Skip to main content
nbctcp
nbctcp
New Member
January 17, 2020
Question

Block LAN Internet Sharing

  • January 17, 2020
  • 2 replies
  • 8098 views

GOALS:

1. Block user sharing their Internet connection using other AP

 

In Mikrotik is using this

http://www.mikrotik.co.id/artikel_lihat.php?id=281

 

QUESTIONS:

1. how to achieve that in Fortigate Eval VM 6.2.3

 

tq

2 replies

Yurisk
SuperUser
Yurisk
SuperUser
January 17, 2020

You can use Rogue AP detection & suppression:  

https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/882431/suppressing-rogue-aps

 

Dave_Hall
Dave_Hall
New Member
January 17, 2020

@Nawir.

 

From the looks of it - the mikrotik solution provided (in the link posted) basically sets the TTL hop count to 1 on down stream packets, so anything pass the next down steam hop (connected client) is decremented to zero and so should drop.  Unfortunately, as far as I am aware, there is nothing like that on the Fortigate side - you likely need to do rouge AP detection (and suppression) or some other solutions.

emnoc
emnoc
New Member
January 17, 2020

iptables had --ttl-set that did the same thing but in fortiOS this is not an option.If the AP is doing a layer3 SNAT I highly doubt you can fully mitigate this fwiw

carlosaat
carlosaat
New Member
January 18, 2024

Still no update on this? i have the same problem :(

Terms & ConditionsAccessibility statement