Description
This article describes how to add a threshold for Interfering AP’s in support of rogue AP detection.
Refer to WIDS, Rogue Suppression and other related information on the link: https://docs.fortinet.com/product/fortiap/6.4
Scope
For versions FAP-W2 6.2.3 and FortiOS 6.2.3.
Solution
Currently any interfering FortiAP's, no matter what signal level reported, are detected by FortiAP and reported together.
Much of the time users want the ability to identify something as genuinely interfering and set an RSSI threshold accordingly to reflect that.
This feature allows a user to set a different RSSI threshold value in order for the FortiAP to more accurately consider interfering FortiAPs.
The RSSI threshold value is configured within the WIDS profile.
The user needs to apply the WIDS profile to the radio in order to get the desired results.
Once the threshold value is changed, the FortiAP will not consider certain detected FortiAPs based on that new threshold value and report back to the FortiGate.
The FGT shall then remove/add the detected APs based on the new value.
Supported platforms: Only wave2 FortiAPs support this feature.
The feature needs both FortiOS and FortiAP support.
The feature is available from both FOS/FAPW2 6.2.3 release.
The default value for the RSSI threshold is -90.
The configure value range is -20 ~ -95.
On the FortiGate.
# config wireless-controller wids-profile
(wids-profile)edit sensor-mode
(sensor-mode)# show
# config wireless-controller wids-profile
edit "sensor-mode"
set sensor-mode both
set ap-scan enable
set ap-bgscan-period 75
next
end
(sensor-mode)set ap-scan-threshold
<integer> Threshold in dBm (-95 to -20, default = -90).
Store0423 (sensor-mode)set ap-scan-threshold -50
On the FortiAP: display the radio config by using the following command.
FortiAP-423E # rcfg
Resulting output includes the threshold value
ap scan thresh : -50 dBm *********************************** configured threshold value.
Rogue AP monitor GUI screenshot for reference.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.