Thread Info
  • State Suggested Answer
  • Locked Locked
  • Replies 1 reply
  • Answers 1 answer
  • Subscribers 13 subscribers
  • Views 4673 views
  • Users 0 members are here
Options
Suggested
This discussion has been locked.
You can no longer post new replies to this discussion. If you have a question you can start a new discussion

Rogue AP scan frequency & connectivity

mkli_celera

What are the best practices for Rogue AP scans? For reference I'm using the XGS 126w series.

If I set the rogue ap scan schedule to 24/7, what's the time-span between scans?

If I initiate a manual scan, existing connections will be interrupted for 3-5 mins as per the warning.
Is it the same interruption for scheduled scans?
Would then it be best to run rogue ap scans after-hours, as to not effect connected users?



Added TAGs
[edited by: Erick Jan at 4:46 AM (GMT -8) on 12 Jan 2024]
Parents
  • 0

    Hello  ,

    Thank you for reaching out to the community, Rogue AP scan is available only on Sophos Firewall devices with integrated Wi-Fi.  You can mitigate these threats by scanning nearby access points and marking unauthorized access points as rogue access points. So whenever you perform a manual scan client devices are disconnected for a short time during the scan.

    All detected access points appear under Unrecognized access points.

    1. To authorize an access point, click Mark as "authorized access point"  .
    2. To mark an access point as a rogue access point, click Mark as "rogue access point"  .

      *Note - You can also Schedule rogue access point scan as a best practice - 

      To schedule scanning for rogue access points, do as follows:

      1. Go to Wireless > Rogue AP scan.
      2. Under General settings, click Schedule system-triggered scan at.
      3. Select a schedule from the drop-down menu or create a new schedule.
      4. Click Apply.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Reply
  • 0

    Hello  ,

    Thank you for reaching out to the community, Rogue AP scan is available only on Sophos Firewall devices with integrated Wi-Fi.  You can mitigate these threats by scanning nearby access points and marking unauthorized access points as rogue access points. So whenever you perform a manual scan client devices are disconnected for a short time during the scan.

    All detected access points appear under Unrecognized access points.

    1. To authorize an access point, click Mark as "authorized access point"  .
    2. To mark an access point as a rogue access point, click Mark as "rogue access point"  .

      *Note - You can also Schedule rogue access point scan as a best practice - 

      To schedule scanning for rogue access points, do as follows:

      1. Go to Wireless > Rogue AP scan.
      2. Under General settings, click Schedule system-triggered scan at.
      3. Select a schedule from the drop-down menu or create a new schedule.
      4. Click Apply.

    Thanks & Regards,
    _______________________________________________________________

    Vivek Jagad | Team Lead, Technical Support, Global Customer Experience

    Log a Support Case | Sophos Service Guide
    Best Practices – Support Case  | Security Advisories 
    Compare Sophos next-gen Firewall | Fortune Favors the prepared
    Sophos Community | Product Documentation | Sophos Techvids | SMS
    If a post solves your question please use the 'Verify Answer' button.

Children
No Data
Unfiltered HTML