Fortinet – Automatically Suppress APs detected as on-wire

In v5 firmware you can automatically suppress APs that are detected as “on-wire”. This means that the Fortigate detects a wireless BSSID whose value is adjacent to a MAC ID detected on the wired network.

The following needs to be configure at CLI:

config wireless-controller setting
    set ap-scan enable
    set on-wire-scan enable
    set ap-auto-suppress enable
end

One of the radios in the AP should be set to monitor and auto suppression also needs to be configured in the AP profile:

config wireless-controller wtp-profile
edit 221B 
 config radio-1
                set mode monitor
                set rogue-scan enable
                set ap-auto-suppress enable
            end
end

Rogue APs that are detected on-wire should now be suppressed, note that they will not be shown as suppressed in the GUI:

Verify the AP will suppress by connecting to the AP and run the following command:

cw_diag -c ap-suppress

Suppressed AP list:

bssid            
08:5b:0e:0b:2a:23
00:1b:11:cc:80:4a   <--- this one is the D-Link as seen above

Stuff

Linux, Fortinet, Life

Fortinet – Automatically Suppress APs detected as on-wire

Leave a Reply Cancel reply