• SonicOS7.0
• About Access Points
• Settings
  • Synchronize Access Points
  • Provisioning Overview
  • Creating/Modifying Provisioning Profiles
    • Adding/Editing a Provisioning Profile - Getting Started
    • General Settings for Provisioning Profiles
    • 5GHz/2.4GHz Radio Basic Settings for Provisioning Profiles
      • Radio Settings
      • Wireless Security
      • Protected Management Frames (PMF Option)
      • About Local Radius Servers and EAP Authentication Balancing
      • Configuring Radius Server Settings
      • ACL Enforcement
      • Remote MAC Address Access Control Settings
    • 5GHz/2.4GHz Radio Advanced Settings for Provisioning Profiles
      • Configuring the RSSI Threshold
      • Configuring IEEE802.11r Settings for Secure Fast Roaming
      • Configuring IEEE802.11k Settings for Dynamic Radio Management
      • Configuring IEEE802.11v Settings for Dynamic Environment Management
    • Sensor Settings for WIDP in Provisioning Profiles
    • Mesh Network Settings for Provisioning Profiles
      • Setting Up a Mesh Network
      • Enabling a Multi-hop Mesh Network
      • Active/Active Clustering Full Mesh
    • 3G/4G/LTE WWAN Settings for Provisioning Profiles
      • Manually Configuring the 3G/4G/LTE WWAN Profile
      • Configuring Load Balancing among Multiple USB Modems
    • Bluetooth LE Settings for Provisioning Profiles
    • Deleting Access Point Profiles
    • Product Specific Configuration Notes
  • Managing Access Point Objects
    • Deleting Access Point Objects
    • Rebooting Access Point Objects
    • Modifying Access Point Objects
• Firmware Management
  • About Firmware Management
  • Obtaining the Latest SonicWall Firmware
  • Downloading Firmware from a Specific URL
  • Uploading Firmware to an Access Point
• Floor Plan View
  • Managing the Floor Plans
    • Selecting a Floor Plan
    • Creating a Floor Plan
    • Editing a Floor Plan
  • Managing Access Points
    • Available Devices
    • Added Access Points
    • Removing Access Points
    • Export Image
    • Context Menu
• Station Status
• Intrusion Detection Services
  • Scanning Access Points
  • Authorizing Access Points
• Advanced IDP
  • Enabling Wireless IDP on a Profile
  • Configuring Wireless IDP Settings
  • Viewing KRACK Sniffer Packets
• Packet Capture
• Virtual Access Points
  • Before Configuring VAPs
    • Determining Your VAP Needs
    • Determining Security Configurations
    • Sample Network Definitions
    • Prerequisites
    • VAP Configuration Worksheet
  • Access Point VAP Configuration Task List
  • Virtual Access Point Groups
  • Virtual Access Point Objects
    • General Tab
    • Advanced Tab
  • Virtual Access Point Profiles
    • Virtual Access Point Schedule Settings
    • Virtual Access Point Profile Settings
    • Remote MAC Address Access Control Settings
    • ACL Enforcement
    • IEEE802.11R Settings
    • IEEE802.11K Settings
    • IEEE802.11V Settings
    • Agile Multiband Settings
• RF Monitoring
  • Prerequisites
  • RF Monitoring Summary
  • 802.11 General Frame Setting
  • 802.11 Management Frame Setting
  • 802.11 Data Frame Setting
  • Discovered RF Threat Stations
  • Adding a Threat Station to the Watch List
  • Practical RF Monitoring Field Applications
    • Using Sensor ID to Determine RF Threat Location
    • Using RSSI to Determine RF Threat Proximity
• RF Analysis
  • Using RF Analysis on SonicWall Access Points
    • Understanding the RF Score
    • Channel Utilization Graphs and Information
    • Viewing Overloaded Channels
    • RFA Highly Interfered Channels
• RF Spectrum
• FairNet
  • Supported Platforms
  • FairNet Features
  • Management Interface Overview
  • Configuring FairNet
• Wi-Fi Multimedia
  • WMM Access Categories
  • Assigning Traffic to Access Categories
  • Configuring Wi-Fi Multimedia Parameters
    • Configuring WMM
    • Creating a WMM Profile for an Access Point
• 3G/4G/LTE WWAN
• Bluetooth LE Devices
  • Viewing BLE Scanned Data
• Radio Management
  • Configuring Radio Management
  • Configuring Dynamic Channel Selection Settings
• SonicWall Support
  • About This Document

Configuring Wireless IDP Settings

To configure Wireless IDP settings

1. Navigate to the DEVICE | Access Points > Advanced IDP page.

   

2. Select Enable Wireless Intrusion Detection and Prevention to enable the appliance to search for rogue access points, including KRACK Man-in-the-Middle access points. This option is not selected by default, so when selected, the other options become active.

   All detected access points are displayed in the Discovered Access Points table on the DEVICE | Access Points > IDS page, and you can authorize any allowed access points.

3. For Authorized Access Points, select the Address Object Group to which authorized Access Points are assigned. By default, this is set to All Authorized Access Points.

   For SonicPoint Ns, no access point mode Virtual Access Point (VAP) is created. One station mode VAP is created, which is used to do IDS scans, and to connect to and send probes to unsecured access points.

4. For Rogue Access Points, select the Address Object Group to which unauthorized Access Points are assigned. By default, this is set to All Rogue Access Points.

5. Select one of the following two options to determine which access points are considered rogue (only one can be enabled at a time):

   • Add any unauthorized AP into Rogue AP list automatically assigns all detected unauthorized access points—regardless if they are connected to your network—to the Rogue list.
   • Add connected unauthorized AP into Rogue AP list assigns unauthorized devices to the Rogue list only if they are connected to your network. The following options determine how IDP detects connected rogue devices; both can be selected:
     • Enable ARP cache search to detect connected rogue AP – Advanced IDP searches the ARP cache for clients’ MAC addresses. When one is found and the AP it is connected to is not authorized, the AP is classified as rogue.
     • Enable active probe to detect connected rogue AP – The SonicPoint/SonicWave connects to the suspect device and sends probes to all LAN, DMZ and WLAN interfaces of the firewall. If the firewall receives any of these probes, the AP is classified as rogue.
6. Select Add evil twin into Rogue AP list to add devices to the rogue list when they are not in the authorized list, but have the same SSID as a managed access point.

7. Select Block traffic from rogue AP and its associated clients to drop all incoming traffic that has a source IP address that matches the rogue list. From the Rogue Device IP addresses drop-down menu, either:

   • Select All Rogue Devices (default) or an address object group you have created.
   • Create a new address object group by selecting Create New IP Address Object Group. The Add Address Object Group window displays.
8. Select Disassociate rogue AP and its clients to send de-authentication messages to clients of a rogue device to stop communication between them.
9. Select Disassociate Client from KRACK MITM AP to enable the KRACK prevention function. When enabled, the SonicWave periodically checks for KRACK Man-in-the-Middle access points and actively disassociates the client from the KRACK MITM access point when it detects a client associated to it.
10. Click Accept to save your changes.