Chapter 5 Compliance : Configuring FortiGate units for PCI DSS compliance : Wireless network security : Setting up rogue access point scanning
  
Setting up rogue access point scanning
A FortiGate unit with a connected FortiAP unit can perform wireless scanning. Each of the FortiAP radios can act as a dedicated monitor or can perform scanning in the background while acting as a wireless access point.
Radio 1 operates in the 2.4GHz band and Radio 2 operates in the 5GHz band. Both bands should be monitored. The FortiAP unit(s) used for scanning must be located within the coverage area that would result if an access point were added to the CDE.
To configure rogue AP scanning in a custom AP profile
1. Go to WiFi Controller > WiFi Network > Custom AP Profiles.
On some models, the menu is WiFi & Switch Controller.
2. Select an existing AP profile and edit it, or select Create New.
3. For each radio, select either Access Point or Dedicated Monitor, as required.
4. If you selected Access Point, enable Background Scan.
5. Select Rogue AP On-Wire Scan.
6. If needed, modify other settings.
7. Select OK.
To enable rogue AP scanning for the automatic AP profile
1. Go to WiFi Controller > WiFi Network > Rogue AP Settings.
2. Select Enable Rogue AP Detection.
3. Select Enable On-wire Rogue AP Detection Technique if you want to use that method of distinguishing rogues from neighbors.
4. Select Apply.