Professional Documents
Culture Documents
0 wireless features
update
July 2019
Integrated Wireless 6.2
Key features
• Enhanced Diagnostics & Logs - Deep state • API and SNMP on FAP • Customize certs from GUI
analysis
• WPA3/OWE support • VLAN Probe Tool
• Wireless Client Health Dashboard
• Suppress Phishing SSID • WFA Voice Certification
• WiFi Location Maps
• Airtime Fairness •…
• Wireless Fabric Security Rating checks
•…
CONFIDENTIAL
Integrated Wireless 6.2
Complete list of changes
• Wireless Fabric Security Rating checks • Wireless controller event log filtering
CONFIDENTIAL
Enhanced Diagnostics & Logs
Background
5- DHCP
4- 4-way handshake
3- Association
2- Authentication
1- Probe
• Invalid PSK
• Once an AP is deployed
• It is very difficult to find the SN
• Requires diligent numbering/naming of the Aps
• FAP Positioning
1. Unlock Map
2. Click to place FAP
3. Drag and drop on the map
Radio-1 Health
Radio-2 Health
CONFIDENTIAL
Report
Concept
and Suppress Phishing SSID
• Feature is detecting
• Same SSID as defined on FortiGate, but broadcasted from an uncontrolled AP
• This is considered as Fake SSID
• User-defined matching criteria
• For example, any SSID containing the word Fortinet or FTNT
• This is considered as Offending SSID
3- AP reported
as Offending
2- User configured
the AP as Rogue
1- Offending AP
Detected
(from Offending list)
4- Fake AP
Automatically
Suppressed
3- Fake AP
reporting
2- Fake AP
classification
1- Rogue AP
detected
10%
Staff
40%
VoIP
30%
Guest
IoT
20%
Non WI-FI
Total usable air time WI-FI Interferences
Interferences
Management
Data Frames Control Frames
Frames
Total air time Total mgmt air time Total control air time
CONFIDENTIAL
Wireless Fabric Security Rating
CONFIDENTIAL
VLAN
Concept
probe tool It’s not always the Wi-Fi!
• Misconfigured
• Down
• Out of leases
FortiGate
• Failing due to relay helper
FortiSwitch • …
FortiAP
802.1Q • VLAN
• Wrong VLAN on port
• Missing VLAN on port / Trunk
Staff VLAN
IoT VLAN • …
Client
Guests VLAN
Sending VLAN probe command to PS221E3X17000090: action=start wan-port=1 vlan=[1,4095] retries=3 timeout=10
Sending VLAN probe command to PS221E3X17000090: action=start wan-port=2 vlan=[1,4095] retries=3 timeout=10
• From FAP
# cw_diag -c vlan-probe-cmd action(0:start 1:stop 2:clear) intf [start-vlan end-vlan retries timeout]
• VLAN probing
VLAN probing report
status canDone
on eth1: be obtained from FAP with
# cw_diag -c vlan-probe-rpt
Probe started