wireless-controller wids-profile (5.4)

Use this command to configured Wireless Intrusion Detection (WIDS) profiles.

comment [string]

Optional comments.


ap-scan {enable | disable}

Enable or disable (by default) rogue AP scanning. Once enabled, configure a series of AP scanning options (see entries below).


ap-bgscan-period <seconds>

Note: This entry is only available when ap-scan is set to enable.

Period of time in seconds between background scans. Set the value between 60-3600 (or one minute to one hour). The default is set to 600 (or ten minutes).


ap-bgscan-intv <seconds>

Note: This entry is only available when ap-scan is set to enable.

Period of time in seconds between two scanning channels. Set the range between 1-600 (or one seconds to ten minutes). The default is set to 1.


ap-bgscan-duration <milliseconds>

Note: This entry is only available when ap-scan is set to enable.

Listening time in milliseconds on a scanning channel. Set the value between 10-1000. The default is set to 20.


ap-bgscan-idle <milliseconds>

Note: This entry is only available when ap-scan is set to enable.

Period of idle-time in milliseconds before channel scanning. Set the value between 0-1000. The default is set to 0.


ap-bgscan-report-intv <seconds>

Note: This entry is only available when ap-scan is set to enable.

Period of time in seconds between background scan reports. Set the value between 15-600 (or 15 seconds to ten minutes). The default is set to 30.


ap-bgscan-disable-day {sunday | monday | tuesday | wednesday | thursday | friday | saturday}

Note: This entry is only available when ap-scan is set to enable.

Days of the week when background scanning is disabled. By default, no days are set.

When this entry is set (to any number of days), use the ap-bgscan-disable-start and ap-bgscan-disable-end entries to determine start and end times; the period between these two times is when background scanning is disabled.


ap-bgscan-disable-start <hh:mm>

Note: This entry is only available when ap-bgscan-disable-day is configured.

Start time, in the format of hh:mm, for disabling background scanning. The default is set to 00:00.


ap-bgscan-disable-end <hh:mm>

Note: This entry is only available when ap-bgscan-disable-day is configured.

End time, in the format of hh:mm, for disabling background scanning. The default is set to 00:00.


ap-fgscan-report-intv <seconds>

Note: This entry is only available when ap-scan is set to enable.

Period of time in seconds between foreground scan reports. Set the value between 15-600 (or 15 seconds to ten minutes). The default is set to 15.


ap-scan-passive {enable | disable}

Note: This entry is only available when ap-scan is set to enable.

Enable or disable (by default) passive scanning on all channels.


rogue-scan {enable | disable}

Note: This entry is only available when ap-scan is set to enable.

Enable or disable (by default) rogue AP on-wire scan.


wireless-bridge {enable | disable}

Enable or disable (by default)


deauth-broadcast {enable | disable}

Enable or disable (by default) detection of wireless bridge operation, used to raise awareness if your network doesn’t use a wireless bridge.


null-ssid-probe-resp {enable | disable}

Enable or disable (by default) null SSID probe response detection.


long-duration-attack {enable | disable}

Enable or disable (by default) long-duration attack detection. When enabled, use the long-duration-thresh entry to define the threshold.


long-duration-thresh <milliseconds>

Duration of time in milliseconds for long-duration attack detection. Set the value between 1000-32767 (or one second to over 32 seconds). The default is set to 8200 (or just over eight seconds).


invalid-mac-oui {enable | disable}

Enable or disable (by default) detection of spoofed MAC addresses. The first three bytes should indicate a known manufacturer.


weak-wep-iv {enable | disable}

Enable or disable (by default) detection of APs using weak WEP encryption.


auth-frame-flood {enable | disable}

Enable or disable (by default) detection of authentication frame flood attacks.


assoc-frame-flood {enable | disable}

Enable or disable (by default) detection of association frame flood attacks.


spoofed-deauth {enable | disable}

Enable or disable (by default) detection of spoofed deauthentication packets.


asleap-attack {enable | disable}

Enable or disable (by default) detection of asleap attacks, attempts to crack Lightweight Extensible Authentication Protocol (LEAP) security.

LEAP is a wireless LAN authentication method that allows clients to re-authenticate frequently, giving the client a new WEP key each time.


eapol-start-flood {enable | disable}

Enable or disable (by default) detection of Extensible Authentication Protocol (EAP) over LAN (EAPoL) START flood attacks.


eapol-logoff-flood {enable | disable}

Enable or disable (by default) detection of EAPoL LOGOFF flood attacks.


eapol-succ-flood {enable | disable}

Enable or disable (by default) detection of EAPoL SUCC flood attacks.


eapol-fail-flood {enable | disable}

Enable or disable (by default) detection of EAPoL FAIL flood attacks. When enabled, use the eapol-fail-intv entry to define the detection interval.


eapol-fail-thresh <threshold>

Note: This entry is only available when eapol-fail-flood is set to enable.

The EAPoL FAIL detection threshold interval. Set the value between 2-100. The default is set to 10.


eapol-fail-intv <seconds>

Note: This entry is only available when eapol-fail-flood is set to enable.

Interval of time in seconds between EAP FAIL detection. Set the value between 1-3600 (or one second to one hour). The default is set to 1.


eapol-pre-succ-flood {enable | disable}

Enable or disable (by default) detection of EAPoL premature SUCC flood attacks.


eapol-pre-fail-flood {enable | disable}

Enable or disable (by default) detection of EAPoL premature FAIL flood attacks.


deauth-unknown-src-thresh <seconds>

Threshold value per second to deauthenticate unknown sources for DoS attacks. The default is set to 10. Set to 0 for no limitation.

Share this page:
Facebooktwittergoogle_pluslinkedinmail

Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.