Enable Rogue Access Point Detection with the Gateway Wireless Controller

You can use the Wireless Deployment Maps to scan your network for all external wireless access points that operate within range of your managed APs. Some of these external access points could be rogue access points.

A rogue access point is any wireless access point within range of your network that is not recognized as an authorized paired access point or configured exception in your wireless deployment. A rogue access point can be an unauthorized AP connected to your network by someone inside your organization without consent. These access points are security risks to your wireless and wired networks if they do not have proper security features enabled. A rogue access point can also be an AP external to your wireless network that is within your network range. This includes Honeypot or Evil Twin rogue access points that impersonate legitimate APs by broadcasting the same network SSID as your authorized APs.

For more information on how to find rogue access points with wireless maps, go to View Wireless Deployment Maps.

Screenshot of wireless map with rogue access point identified

The Rogue Access Point Detection feature for the Gateway Wireless Controller and managed WatchGuard APs is different than the Rogue Access Point Detection feature designed for Firebox wireless devices with built-in wireless capabilities.

For information on the differences between Firebox wireless devices and WatchGuard APs, go to WatchGuard Wireless Solutions. For information on Rogue Access Point Detection for Firebox wireless devices, go to Rogue Access Point Detection.

Enable Rogue Access Point Detection

  1. Select Network > Gateway Wireless Controller.
  2. Select the SSID tab.
  3. Select an SSID and click Edit.
  4. Select the Enable rogue access point detection check box.

Screen shot of Gateway Wireless Controller - SSID configuration

  1. Select Network > Gateway Wireless Controller.
  2. Select the SSID tab.
  3. Select an SSID and click Edit.
  4. Select the Rogue Access Point Detection tab.
  5. Select the Enable rogue access point detection check box.

Screen shot of SSID - Rogue Access Point Detection dialog box in Policy Manager

Rogue Access Point Exceptions List

To add a known access point to the Rogue Access Point Exceptions list:

  1. Click Add.
  2. In the BSSID (MAC Address) text box, type the MAC address of the known access point.
  3. Click Add.

For more information on how to configure an SSID, go to Configure WatchGuard AP SSIDs.

Related Topics

Use Gateway Wireless Controller Maps

Monitor AP Status

Monitor Wireless Clients