Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
nbctcp
New Contributor III

Created on ‎01-17-2020 05:22 AM

Block LAN Internet Sharing

GOALS:

1. Block user sharing their Internet connection using other AP

 

In Mikrotik is using this

http://www.mikrotik.co.id/artikel_lihat.php?id=281

 

QUESTIONS:

1. how to achieve that in Fortigate Eval VM 6.2.3

 

tq

http://goo.gl/lhQjmU
http://nbctcp.wordpress.com

 

http://goo.gl/lhQjmUhttp://nbctcp.wordpress.com
Labels:
6851
0 Kudos
4 REPLIES 4
Yurisk
SuperUser
SuperUser

Created on ‎01-17-2020 05:42 AM

You can use Rogue AP detection & suppression:  

https://docs.fortinet.com/document/fortigate/5.6.0/cookbook/882431/suppressing-rogue-aps

 

https://yurisk.info
https://yurisk.info
5621
0 Kudos
Dave_Hall
Honored Contributor
In response to Yurisk

Created on ‎01-17-2020 10:51 AM

@Nawir.

 

From the looks of it - the mikrotik solution provided (in the link posted) basically sets the TTL hop count to 1 on down stream packets, so anything pass the next down steam hop (connected client) is decremented to zero and so should drop.  Unfortunately, as far as I am aware, there is nothing like that on the Fortigate side - you likely need to do rouge AP detection (and suppression) or some other solutions.

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
5621
0 Kudos
emnoc
Esteemed Contributor III
In response to Dave_Hall

Created on ‎01-17-2020 11:47 AM

iptables had --ttl-set that did the same thing but in fortiOS this is not an option.If the AP is doing a layer3 SNAT I highly doubt you can fully mitigate this fwiw

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
5621
0 Kudos
carlosaat
New Contributor

Created on ‎01-18-2024 08:54 AM

Still no update on this? i have the same problem :(

2240
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.