Fortinet Community

nbctcp · ‎01-17-2020

GOALS:

1. Block user sharing their Internet connection using other AP

In Mikrotik is using this

http://www.mikrotik.co.id/artikel_lihat.php?id=281

QUESTIONS:

1. how to achieve that in Fortigate Eval VM 6.2.3

tq

http://goo.gl/lhQjmU
http://nbctcp.wordpress.com

Yurisk · ‎01-17-2020

You can use Rogue AP detection & suppression:

https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/882431/suppressing-rogue-aps

Yuri
https://yurisk.info/ blog: All things Fortinet, no ads.

All opinions are mine only.

Dave_Hall · ‎01-17-2020

@Nawir.

From the looks of it - the mikrotik solution provided (in the link posted) basically sets the TTL hop count to 1 on down stream packets, so anything pass the next down steam hop (connected client) is decremented to zero and so should drop. Unfortunately, as far as I am aware, there is nothing like that on the Fortigate side - you likely need to do rouge AP detection (and suppression) or some other solutions.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

emnoc · ‎01-17-2020

iptables had --ttl-set that did the same thing but in fortiOS this is not an option.If the AP is doing a layer3 SNAT I highly doubt you can fully mitigate this fwiw

PCNSE

NSE

StrongSwan

Fortinet Community

Block LAN Internet Sharing