Help
FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
rain
Staff
Staff

Created on ‎08-12-2025 09:57 AM

Article Id 405046

Troubleshooting Tip: How to protect an SSID against a DoS – Deauth / Disassoc attack

Description This article describes how to protect against a DoS Auth attack using the Broadcast Suppression features over the SSID configuration.
Scope FortiGate, FortiAP.
Solution

There are scenarios where a bad actor wants to stop the service over an SSID or wireless service, and one of the attacks to do it is using a method of flooding the channel and attacking a direct BSSID with a flood of Auth/DeAuth packets in order to stop the service and/or take out the users over that SSID.

 

In order to detect if the SSID is under an attack of this nature, go to Log and Report -> System Events -> Wifi Events.

 

KB_01.png

 

In the next example, the SSID 'grimreaper' will be shown as a target of the DoS attack with multiple packets being sent to it in order to stop the services with packets of 'Disassoc' and 'Deauth'.

 

KB_02.png

 

In order to stop this kind of attack, enable over the SSID the feature 'Broadcast Suppression' with the next options:

  • ARP poison.
  • ARPs for known clients.
  • ARPs for unknown clients.
  • All other broadcast.
  • All other multicast.

 

KB_03.png

 

After enabling this, the attack should not result in the stop of the services.
192
0 Kudos
Suggest New Article
Article Feedback
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.