- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Block LAN Internet Sharing
GOALS:
1. Block user sharing their Internet connection using other AP
In Mikrotik is using this
http://www.mikrotik.co.id/artikel_lihat.php?id=281
QUESTIONS:
1. how to achieve that in Fortigate Eval VM 6.2.3
tq
- Labels:
-
6.2
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You can use Rogue AP detection & suppression:
https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/882431/suppressing-rogue-aps
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Nawir.
From the looks of it - the mikrotik solution provided (in the link posted) basically sets the TTL hop count to 1 on down stream packets, so anything pass the next down steam hop (connected client) is decremented to zero and so should drop. Unfortunately, as far as I am aware, there is nothing like that on the Fortigate side - you likely need to do rouge AP detection (and suppression) or some other solutions.
NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
iptables had --ttl-set that did the same thing but in fortiOS this is not an option.If the AP is doing a layer3 SNAT I highly doubt you can fully mitigate this fwiw
PCNSE
NSE
StrongSwan
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Still no update on this? i have the same problem :(
