To configure Wireless IDP settings
Navigate to the DEVICE | Access Points > Advanced IDP page.
Select Enable Wireless Intrusion Detection and Prevention to enable the appliance to search for rogue access points, including KRACK Man-in-the-Middle access points. This option is not selected by default, so when selected, the other options become active.
All detected access points are displayed in the Discovered Access Points table on the DEVICE | Access Points > IDS page, and you can authorize any allowed access points.
For Authorized Access Points, select the Address Object Group to which authorized Access Points are assigned. By default, this is set to All Authorized Access Points.
For SonicPoint Ns, no access point mode Virtual Access Point (VAP) is created. One station mode VAP is created, which is used to do IDS scans, and to connect to and send probes to unsecured access points.
Select one of the following two options to determine which access points are considered rogue (only one can be enabled at a time):
Select Block traffic from rogue AP and its associated clients to drop all incoming traffic that has a source IP address that matches the rogue list. From the Rogue Device IP addresses drop-down menu, either: