6.4 Secure Wireless

Ace your homework & exams now with Quizwiz!

What are potential causes of low link rates (5)

-Low SnR (causes clients to use low link rates even if signal is high) -low station signal (higher link rates require high signal strength) -high frame retry or loss rate (if there are a large number of collisions because of neighboring APs the radio will reduce it's link rate to make transmissions more reliable) -client cannot support latest wireless standard -link rates will be reduced if client enters power save mode

Captive portal(4)

-Mostly used for guest access -used as landing page when accessing resources on a network (Disclaimer, auth page, terms of use, etc) -system grants user access only after they have accepted disclaimer is successfully authenticates -applied to wired or wireless

What is required to perform local 802.1X on fortigate for wireless (3)

-PEAP as EAP method -local user database -use group applied to SSID

Fortiplanner premium features (2)

-Site survey Install AP in site survey mode to confirm wireless coverage by walking around floor and collecting real time information Transmit power levels, client loss, received signals strength, BSSID/SSID Planning stage -Live services Can evaluate and monitor the performance of a wireless network by creating real time heat map Requires floor plan and placement of APs to gather proper display info

Where can you find key information to start troubleshooting poor wireless performance and connection reliability (7)

-The Wifi dashboard widgets in the GUI -managed fortiaps -Wifi maps -Wifi events -Wifi client monitor -controller CLI -AP CLI

Bridge mode SSID (4)

-Traffic will be bridged directly to local lan that AP is connected to -both wired and wireless stations can be in the same layer 3 subnet -wireless traffic will be subject to the same firewall policies as the AP broadcasting the wireless network -local traffic is switches at the fortiswitch only CAPWAP control traffic does to wireless controller -useful when deploying an AP that connects to a wireless controller over a WAN link at remote location -some FortiAP models can perform inspection on wireless traffic without forwarding to wired network

How to maintain good wireless health (6)

-Utilization- <75% -Client count- <30 -temporary peaks are expected. -best possible link rates -be aware of clients capabilities -ensure the client is connected to the most suitable interface

What security mode supports local standalone AP (2)

-WPA2 -WPA3

How does 5ghz frequency compare to 2.4ghz frequency (4)

-Wavelengths are shorter -have shorter range -penetrate objects less -have less interference

WIDS detection includes: (5)

-Weak WEP encryption -Null SSID probe response that cause wireless cards and devices to stop responding -spoofed deauthentication broadcaststjat are a DoS attack causing clients to disconnect from AP -invalid MAC organizationally unique identifier (OUI) -various management, EAP, authentication, and beacon floods

How does AP frequency handoff work (5)

-When a client asks to join the 2.4ghz channel, the controller can evaluate if the AP is a dual band device and verify if the RSSI is strong. -If so the controller would not reply to the clients request and forcing the client to retry until it attempted to join the same SSID on the other band 5ghz. -After the controller sees the request on the 5GHz band the controller measures the RSSI again. -If the RSSI is acceptable the controller allows the client to join. -Otherwise the controller updates the device table and waits for the client to Time out then accepts it on 2.4ghz.

coherent frequency interference and how it cant be identified as such

-a co-channel or adjacent channel wifi signal produced by neighboring APs. Aps and clients can recognize it but it is still an issue because it reduces utilization/performance -channel utilization measures are a good indication

WPA3

-address KRACK vulnerability -features SAE which provides more resilient password based authentication for users that have passwords lacking complexity -mitigates dictionary attacks by using a secure handshake

Managed AP topology - connection over WAN/remote connection (6)

-aka datacenter remote management deployment -FortiOS wireless controller is remote -best to configure APs with the static IP of the Wifi controller (can be configured with 3) - ports 5246 and 5247 must be open for CAPWAP control and data -must be a routable path between FortiAP and the fortigate device -can also use DHCP or DNS option (static IP is best option)

Managed AP topology - switched/indirect connection (5)

-aka gateway deployment -fortiAP is connected to fortios through a layer 2 switch or layer 3 router. -automatic wireless controller discovery using static IP, DHCP, or DNS -ports 5246 and 5247 must be open for CAPWAP control and data traffic -there must be a routable path between the APs and fortigate -great for edge gateway deployments or enterprise campus/HQ deployment

Managed AP topology - distributed connection (4)

-aka wireless mesh deployment -One AP is the root of the mesh and is directly connected to the Wifi controller. root can be FortiAP or fortiwifi -one radio for backhaul SSID (CAPWAP control) and one radio for client SSID -best practice is to use 5GHz for backhaul SSID

For manual rogue AP suppression to work what three things must be enabled (3)

-ap or radio in dedicated monitor mode -enable sensor mode in WIDS profile -enable rogue AP detection in WIDs profile

what affects channel utilization in a wireless network (3)

-associated clients -neighboring clients -neighboring APs

what stages will you see when logging the step by step process of a client connecting to an AP diagnose wireless-controller wlac sta_filter <AP station mac> 2

-association request and response -PSK key exchange -DHCP phase

Captive portal types (3)

-authentication: users will be prompted for credentials -disclaimer + authentication: users must accept a disclaimer and authenticate using valid credentials -disclaimer only: users will need to accept a disclaimed

Pros of bridged mode SSID (3)

-both wired and wireless stations can be in the same subnet -potential 1GBps or more (if using link aggregation supported on APs) LAN throughput per FortiAP -certain FAP models can perform security profile inspection

Fortiplanner post deployment planning (3)

-can use the Wifi adapte in a windows laptop or tablet to detect the signal level from the deployed APs in order to confirm wireless coverage in real world analysis -measurements can be made while walking around environment -fortiplanner uses this to report coverage holes

Causes of channel over utilization (5)

-caused by a high number of station connections -poorly connected stations with low link rates -high throughput application a -can also be caused by a smaller number of stations transmitting a large amount of traffic -high numbers of neighboring wireless networks on the same channel Does not matter if the stations and APs are your own or if they are neighboring devices

Pros of tunnel mode SSID(2)

-central play to enforce security -L3 traffic segmentation

After an AP is authorized, what tasks can you perform on the fortigate GUI managed fortiAP page (5)

-change the status of an AP (deauthorize) -perform firmware upgrade -change assigned AP profile -restart fortiAP -telnet to fortiAP CLI to execute commands on the AP

what 5 measurements can you look at to determine wireless health

-channel noise -signal strength -link rates -retry rate -loss rate

what 3 measurements can you look at to determine wireless capacity

-channel utilization -association count -data throughput

What settings can be change if APs are experiencing Co-channel interference (CCI) (3)

-check the automatic radio power and if needed reduce it from the default 10 to lower -or instead of reducing the radio power change the channel (more difficult in the 2.4 range) -if you cant do either of these then consider disable the radio interface

Possible causes of signal strength issues in wireless connectivity (3)

-client is far from AP -AP may be down -may be a sticky client

Fortiplanner controls- display properties (6)

-contour in DBM -frequency band -coverage metrics -gradient of color spectrum -units of measurements -signal to floor

How can you access the AP CLI (5)

-controller GUI -console cable to AP -direct over SSH -through controller using SSH/telnet -through CAPWAP tunnel

What is the easiest AP deployment mode and why

-direct connection: -Ap is directly connected to fortigate -no need to preconfigure AP -automatic wireless controller discovery using broadcast

on computers and phones what can you do to enhance client connectivity if they are having connection issues

-disable OS or driver power saving -experiment with the roaming aggressiveness -experiment with band preference if the client is failing to connect to the correct band

problem: client type, configuration, and drivers, or changes in client configuration and drivers can cause compatibility issues. incompatibility can lead to performance or connection reliability issues. solution: (2 examples)

-driver change, update driver or OS -driver change, downgrade driver or OS

why is it NOT recommended to have more than five SSIDs broadcasted by APs

-each SSID broadcasted by an AP requires a quantity of management frames -these frames take airtime/wireless capacity example - if 1 AP broadcasts 10 SSIDs/networks aprox 32% of available airtime would be used sending and receiving management frames

What settings do you configure on a WIDS profile

-enabling rogue AP detection -intrusion detection settings with intrusion type, enable | disable, threshold, intervals

why does fortigate automatically put load balancing vlans in a Zone (2)

-ensures all load balancing vlans are configured with identical access -makes it easier to manage firewall policies

The on-wire can use two rogue detection methods (2)

-exact MAC address match- if the same MAC address is seen in frames on the wired lan and on the Wifi network this means that the wireless client is connected to the lan. If you did not authorize the AP FortiOS will treat that AP as a rogue AP -Mac adjacency: if an ap is a wireless router, it applies NAT to Wifi packets. This can make rogue ap detection more difficult because the frames in the wired and wireless traffic won't have the same MAC address. However the Wifi interface Mac of an AP is similar to it's wired MAC address. So the Mac adjacency rogue detection method matches the MAC address that have close hex numbers.

What is required for WSSO (4)

-fortigate locally defined user groups -RADIUS server configured on fortigate -RADIUS server must be configured to send FORTINET-GROUP-NAME as a RADIUS attribute back to fortigate. -SSID for RADIUS server

Cons of tunnel mode SSID (2)

-fortigate must be sized according to traffic -if controller goes down wireless network will go down

Fortiplanner real time coverage heat map and performance visualization (2)

-fortiplanner connects directly to any fortigate devices to provide real time visualization of wireless coverage, connected clients, and failed APs -simplifies troubleshooting, deep visibility to uncover holes and congestion

What does channel selection depend on

-frequencies permitted for a particular region

Fortiplanner controls- floor plan tab (2)

-import bit map image of plan -select wall type and draw walls which will effect absorption, refraction, and reflection of radio waves

Three properties of the fortigate secure wireless solution.

-integrated -unified management -scalable

What are the first few questions to ask to begin troubleshooting wireless client connectivity: (6)

-is it connected? -is there an IP? -can I ping or reach network resources? -has there been a change to the client? -is the basic channel Config acceptable? -are there too many SSIDs being broadcasted?

Preshared key recommendations (4$

-length: at least 12 characters long -complexity: mix of upper case, lower case, numbers -ease of use: three random words and numbers at end -some IoT devices may not support special characters

Fortiplanner controls- Wifi planner tab

-let's use choose AP models to use in automatic or manual placement -customize AP parameters such as name, device radios, frequency, transmit power, orientation, and azimuth (North=0, E=90, S=180,W=270)

Possible causes of high client association (4)

-many connected devices -a higher than expected count can be caused by: -nearby AP or interface down -unexpected client mix (2.4ghz favored over 5GHz or the other way around)

What does wireless health measure (3) and what 5 measurements can you look at to determine wireless health

-measures of factors that affect connection reliability, how healthy the RF is around a specific interface, and how well wireless frames are being transmitted from APs to clients -channel noise of interface -signal strength of client -link rates the client is using -retry rate -loss rate

non-coherent frequency interference and how it cant be identified as such

-non-wifi interference such as bluetooth, microwave, cordless phone, etc. can also be distant AP or client signals that are no longer decodable. Causes the noise floor to rise -most aps and all clients cannot analyze non-coherent interference and specialist equipment is usually required

AP overloading - poorly connected clients and how to avoid it (3)

-poor link rates can cause poor performance -this typically occurs when the client has a slow signal strength or SnR or if the client is connecting to the wrong AP or AP radio -solution is usually to add additional APs if additional coverage is needed or to -use a spectrum analyzer to locate the interference that is increasing the noise floor -you can also enable band steering to encourage clients to connect to the best radio

What three things does fortiplanner help with during wireless planning process

-predeployment planning -post deployment planning -real-time coverage heat map and performance visualization

Source of information - Wifi events (3)

-provides a historical log of wireless related events -view specific station information by adding the band, data rate, and physical AP columns -to monitor a specific AP add the physical AP column

What is required to use remote 802.1X authentication for wireless (2)

-radius server configure -apply to SSID

access point channelization (3)

-review the channel map and identify adjacent APs that are on the same channel (next to, above , and below) - review the adjacent AP in the wifi heath monitor -sort the table to show the strongest interfering neighbor on the same channel -APs that have radios in the same channel that are stronger than -80 has the potential to cause issues

What two configurations do you need on the fortigate interface that the FortiAPs connect to

-security fabric connection -DHCP

Interfering SSID widget on dashboard

-see the interface with the most RF issues -APs must have WIDs profile or Radio Resource Provision enabled

Channel utilization widget on wireless dashboard

-see the most utilized wireless interfaces -interfaces must be enabled to monitor channel utilization in the Ap -click widget for more detail

how to use a fortiAP for dedicated packet sniffing

-set one AP to monitor mode (radio can only listen to one frequency at a time) by creating a packet capture profile and applying it to the AP -use one radio for one frequency and the other radio for the other frequency - try to use the same AP model as the sniffer that is being used for the aps whose traffic is being captured

What two problems can a rogue AP cause

-signal interference preventing clients from being able to use your wireless network -if it's connected to your network it could provide unauthorized access

What three SSID deployments does FortiOS offer

-tunnel -bridge -mesh

Wireless health- link rates

-upstream RX and downstream TX link rates - a measure taken by the AP interfaces when sending and receiving data from a client

Wireless health- link rates (3$

-upstream RX and downstream TX link rates - a measure taken by the AP interfaces when sending and receiving data from a client -fundamental measure of link quality

what is a reason to use VLAN pooling based on fortiAP group

-useful in large deployments to breakdown the broadcast domain rather than putting all wireless clients in a single subnet -* another reason to assign vlans based on APs is to apply security inspections and firewall rules based on the location of wireless clients (such as guests in lobby)

accessing AP CLI through CAPWAP tunnel (7)

-usually when an AP is remotely based behind a NAT device -can be used when SSH is not available -currently not supported by the FAP-U series -feature allows an AP shell command up to 127bytes to the FAP and the FAP will run this command and return results to controller -the FAP report only runs results to the controller after the command is finished -if the new command is sent to the AP before the previous command is finished then the previous command is cancelled -the maximum output from a command is limited to 4M the default output is set to 32k

Tunnel mode SSID (4)

-wireless Traffic will be tunneled back to wireless controller using CAPWAP data channel before it is allowed on the LAN or internet -default SSID -dedicated subnet for wireless network -requires separate firewall policy for SSID subnet

What are the two most important measures for wireless troubleshooting

-wireless health -wireless capacity

How many WIDS profiles can be assigned to an AP profile

1

Explain the fortigate CAPWAP discovery process (7)

1) FortiAP request sends discovery request 2) fortigate responds with discovery response 3) both devices establish a secure DTLS tunnel 4) fortigate authorizes the fortiAP 5) FortiAP sends a join request 6) fortigate responds with a join response 7) fortigate sends all management and WLAN-related configuration to the AP

FortiAP devices cycle through 6 methods to locate and connect to fortigate. What are they?

1) Static - configure FortiAP with a static controller IP 2) DHCP -default uses DHCP option 138 to get controller IP 3) DNS -fortiAP can discover the controller by using a host named configured in the AC_HOSTNAME_1 parameter 4) FortiCloud -uses the host name apctrl1.fortinet.com for forticloud mgmt 5)Multicast -discovers the controller using the multicast address 224.0.1.140 6)broadcast -it broadcasts a discovery request to locate the controller

How does fortipresence work? (5)

1) a smartphone emits a Wifi probe signal (even if not connected to network) 2) fortiAP or fortiWifi captures the MAC address and signal strength info from the smart phone 3) on-site FortiAPs, fortiWLC, or forticloud summarizes and forwards the data records 4) fortipresence service receives data 5) fortipresence analytics engine processes and correlates the data and displays it in a dashboard

How do you configure the AP controller to forward traffic to a host running wireshark (3 include commands)

1) configure server where CAPWAP traffic is forwarded -diagnose wireless controller wlac sniff-cfg x.x.x.x <port> 2) choose which traffic to capture, the interface to which fortiAP connects, and the fortiAP serial number - diagnose wireless-controller wlac sniff <port> <AP serial#> 2 WTP 3)run wireshark on server to capture CAPWAP traffic from controller

how to create an unencrypted test network to isolate client connection issues

1) create a temporary, open, unencrypted wireless network on an AP interface and broadcast it from the same AP the client is trying to connect to 2) failure to connect to an open network indicates an RF issue or AP overload issue 3) if the client is dualband capable, broadcast the network on both interfaces one-at-a-time to identify which frequency has the problem 4) connecting to an open network but not an auth network on the AP might indicate a client configuration or compatibility issue (assuming the credentials were correct and theres no 802.1X issues)

Fortigate supports what 5 AP topologies to connect FortiAP to fortigate

1) direct connection (wire closet deployment) 2) indirect connection (gateway deployment) 3) remote connection (Datacenter remote management deployment) 4) wireless mesh (Wireless mesh deployment) 5)cloud wireless deployment

how to capture a log of station connection to isolate client connection issues

1) enable client debug on controller for problematic clients to check at what stage a client fails to connect 2) try to connect from a problematic client 3) on the controller CLI issue the command: diagnose wireless-controller wlac sta_filter <AP station mac> 2

Authorizing FortiAP on fortigate process (3)

1) fortigate discovers the AP on the security fabric connection interface (CAPWAP) 2) the AP will be Breyer out until right click > authorize. It will appear offline as it receives the configuration from the fortigate 3) green check mark in status column indicates CAPWAP tunnel is established

Wireless design process (5)

1) project information 2) high level scope 3) gather information 4) site survey 5) predictive model

If you are using an external captive portal server how can you exempt certain source/destinations from having to authenticate or accept disclaimer of captive portal

1) select the destination and services on the SSID or interface configuration page in the exempt source/destination/services section 2)create a firewall policy on the captive portal interface to interface where the external captive portal server is located. You do not have to specify destination objects on the firewall policy

What are the useable non-overlapping channels in 2.4ghz range in US

1,6,11

What SSID option let's you set the maximum number of clients that can connect to a given SSID

10

How many operational channels does 2.4 have in the United States and how many in Europe

11 in US 13 in EU

By default what Dhcp option does FortiAP use to get the controller IP (DHCP method) and what do you specify with the option

138 When you configure the DHCP server, you can configure Option 138 to specify the WiFi controller IP address either on the Fortigate FortiWifi Controller or on an external DHCP serve You can change this if you are already using this option on your network if you configure the AP units to match

How many channels are there for 2.4 GHz for IEEE 802.11b and g

14

As a guide, a healthy SnR should maintain rates of:

15 at minimum 25 or more is preferable

As a best practice what should the handoff-sta-thresh value be set to

15-20

How many channels are there for 5ghz using IEEE 802.11a and n

16 channels

What layer of OSI does four way handshake occur ar

2

For every discovery type, FortiAP sends out discovery requests and sets a timer for an interval between ____. What is the default interval.

2-180 Default is five seconds Change behavior- Config wireless-controller timers Set discovery-interval 5 End

what frequency range is majorly used by IoT devices

2.4GHz

which frequency is more susceptible to interference

2.4GHz

Radio Setting on AP profile: Channel width

20,40,80 ghz this is configurable for 5ghz

How many non overlapping channels does 5GHz have and how many are useable on FortiAP profile

24 23

Each FortiAP can be configured with how many Wifi controller IP address for redundant failover?

3 Best to do this when you are using the static discovery method with the datacenter remote management AP deployment (remote connection)

for networks that have clients that regularly transfer large files or stream, you should aim for _____clients per radio -for networks that have clients that require only basic file, print, and Internet access, you should aim for ___ clients per radio

30 50

By default how long till the AP CLI timeouts and how can you increase it

5 min cfg -a ADMIN_TIMEOUT=mins Cfg -c

What ports need to be open for the remote connection and indirect connection AP deployment options to work

5245 and 5247

What is the best practice frequency to use for the backhaul SSID in a mesh AP deployment

5GHz because it's faster

How many APs does a 60E/60F/100FULL support

60E = 30 total / 10 tunnel 60F = 64 total / 32 tunnel 100F = 128 total/ 64 tunnel

if channel utilization is regularly exceeding ____ then additional radio capacity is needed

75%

How does a busy AP with AP handoff enabled signal to a client to connect to another AP

802.11 association response frame with status code 17 which indicates AP is busy

what IEEE standard defines VLANs

802.1Q

What happens first? 802.1X authentication or the WPA2 handshake

802.1X authentication

802.1X

802.1X standard uses an Extensible Authentication Protocol (EAP) for a challenge and response-based authentication protocol that allows a conversation between a Supplicant (the wireless/wired client) and the RADIUS (the authentication server), via an Authenticator (a wired switch or wireless access point which acts as a proxy) provides layer 2 authentication

How often does DARRP reevaluate channel selection (Optimizations), what is this, and what is the range

86400 This is a channel reevaluation 0-86400

how is a load balancing vlan zone named when the vlans are put in it

<ssid interface name>.zone

What CLI configuration mode is used to configure a new SSID A. Config wireless-controller vap B. Config wireless-controller wtp

A

What does DARRP do A helps reduce interference between APs B helps suppress rogue APs

A

What does WIDS stand for? A wireless intrusion detection system B wireless information distribution system

A

What does ap handoff accomplish? A load balancing among managed APs B load balancing between available frequencies

A

What is defined first in the fortipresence site management process? A. Site location B. Country information

A

What is the default encryption used by WPA2-enterprise A AES B elliptical curve

A

What is the default traffic mode when an SSID is created? A. Tunnel B. Bridge

A

What is the recommended signal strength for a client A. -64 B -92

A

What type of SSID traffic mode can scan the traffic for security threats on supported FortiAPs A. Bridge mode B. Tunnel mode

A

Where do you enable wireless load balancing? A AP profile B WIDS profile

A

Which SSID security mode can guest accounts authenticate A captive portal B WPA3 enterprise

A

Which of the following is a wireless health measure: A link rate B association count

A

Which suite does the fortipresence cloud solution belong to A. Forticloud B. Public cloud security

A

what type of server can you upload the packet capture that is temporarily saved on the fortiAP? A. TFTP B SMB

A

which fortigate models come with the wireless controller A. All fortigate and fortiwifi devices B. All fortiwifi devices

A

Authentication frame flooding

A DoS attack using a large number of association requests Default is 30 in 10 sec

Association frame flooding

A DoS attack using a large number of association requests. Default is 30 in 10 sec

What needs to be root in wireless mesh AP deployment

A FortiAP connected by a physical cable or fortiwifi

What needs to be configured to suppress rogue APs

A WIDs profile

By default, when FortiAP is connected to a fortigate interface that has CAPWAP enabled and fortigate discovers the ap, what does fortigate assign to the fortiAP automatically?

A default ap profile based on the fortiAP hardware model

What is a provisioning account

A local admin restricted to configuring guest accounts only

Wireless health - signal strength (RSSI)

A measure taken by the AP interfaces as they receive data from a client It does not measure the signal strength from the AP to the station. It measures the signal strength of the station as the signal is received by the AP It is an upstream measure not downstream measure

Wireless health - Channel noise(2)

A measure taken by the AP interfaces when not services clients that estimates the noise floor around the AP in the channel that it is configured to use Channel noise is a measure of the background wireless signal that the radio cannot interpret as a wireless LAN signal

Weak WEP IV detection

A primary means of cracking WEP keys is by capturing 802.11 frames over an extended period of time and searching patterns of WEP initialization vectors that are known to be weak. WIDS defects known wan IVs in on-air traffic

What is required in order to use security profiles on the wireless controller (2)

A separate fortiguard subscription per AP And ap must be in bridge mode

How can you connect to wired segments that are not physically connected

A wireless bridge

Fortiplanner(5)

A wireless predictive design tool that you can use to implement a design based on the data collected in the previous phases of the wireless network designing process -RF planning -Live site survey -real time heat map -displays wireless clients and rogue APs -generate reports

What must be defined on the fortiAP profile or overrides on a per AP basis for split tunneling

ACLs

By default what does WPA2 use as it's encryption algorithm

AES

Client load balancing across fortiAPs =

AP handoff

If an AP is found by on-wire detection where will it show uo

AP monitor with in it "On-wire" column

Where is a WIDS profile applied to enable the detection of the intrusion attacks

AP profile

How does an AP using DARRP select the best channel to use

AP selects the best channel available to use based on the scan results of BSSID/received signal stenfth indicator (RSSI) to AC

What must be enabled or applied to AP to detect interfering SSIDs

APs must have WIDs profile or Radio Resource Provision enabled

What APs will participate in WIDS

APs using an AP profile with a WIDS profile

Why enable DHCP on fortigate interface that fortiAPs connect to

APs will receive a dynamic IP assigned by the fortigate. That way you don't have to manually configure APs with IPs.

What types of intrusion detection can be enabled on the WIDS profile (name 5 as example)

ASLEAP attack Association frame flooding Broadcasting deauthentication EAPOL-FAIL flooding Invalid MAC OUI Null SSID probe response Spoofed deauthentication Wireless bridge Etc

ASLEAP attack

ASLEAP is a tool used to perform attacks against LEAP authentication

What can you classify discovered APs that show on the rogue ap dashboard (4)

Accepted, rogue; suppressed rogue, or unclassified

What three devices does the fortinet secure access solution include?

Access points Switches Firewall

Once an area is defined in fortipresence what can you do to enhance the floor plan

Added fixed assets such as printers and cameras and import linked APs

Where do you find the registration information for fortipresence that allows you to link APs

Admin > settings > discovered APs

Where in fortipresence do you create and manage a new site/building

Admin > site management

AP band steering

Aka frequency hand off

With the AP CLI command "iwconfig" what are the two numbers after "wlan" Example Iwconfig Wlan00

All SSIDs are in the form of wlan XY Where X is 0 for 2.4GHz and 1 for GHz Y is incrementing in function of the SSID

What APs does fortipresence support

All fortinet APs whether they are managed by fortigate or cloud wireless controller

Block intra SSID option in tunneled mode AP

All traffic between the SSID is blocked. Clients can access resources based on firewall policies but are unable to communicate with other clients that are connected to the same SSID

Fortigate guest management feature

Allow you to create guest accounts locally and configure setting such as automatic account expiry, collect user info/auto generate, sending passwords via sms or email.

Wireless load balancing

Allows distribution of wireless traffic more efficiently among managed APs and available frequencies

FortiAP cloud wireless deployment

Allows management of remote APs without the need of having an on site fortigate. FortiAP cloud allows you to provision, monitor, troubleshoot, and optimize your FortiAP deployment through a cloud interface. Features zero touch deployment options.

FortiAP group

Allows you to create a logical grouping of APS on the managed fortiAP tab. For example- per floor, per building, etc Facilitates the application of FortiAP profiles to a large number of APs

Thin ap

An AP that is managed by a controller. Sometimes called a controller-based AP.

KRACK

An attacker within range of a victim can exploit these weaknesses using key reinstallation attacks (KRACKs). Concretely, attackers can use this novel attack technique to read information that was previously assumed to be safely encrypted

WPA2-Enterprise

An authentication scheme for Wi-Fi networks that combines WPA2 with RADIUS or through a built in local user group that way each user has their own credentials to authenticate to the SSID

Rogue AP

An unauthorized AP connected to your wired network and be an attempt to compromise network security. Sometimes when you do a spectrum analysis you can detect neighboring APs that may be causing interference and may not necessarily be rogue

Anonce

Anonce is a random number generated by an access point (authenticator)

What supported profiles are there for AP security profiles (4)

Antivirus IPS Web filtering App control

If you want to allow some traffic from a particular user group or source through a wireless SSID with a security mode that has captive portal enabled without them needing to authenticate or use a disclaimer what can you do

Apply an exemption

After a guest group and users are created what do you do to allow them to connect to wireless (2)

Apply the guest group to an SSID and set security mode to captive portal

Wireless capacity - association/station count

Association count is a measure of the number of clients associated with each interface(radio) A high client count will always affect performance, but the applications in use and the types of clients also matter

Besides on-wire detection, background scanning, and dedicated monitor what are the other mechanisms that can detect rogue APs that arent specified as rogue ap detection? (4)

Audit grade reports On-wire correlation Automatic suppression Wireless IDS (WIDS)

Three parts of 802.1X wireless authentication

Authentication, association, WPA/2 handshake

By default what discovery method does FortiAP use to discover controller

Auto- which means it will cycle through the 6 discovery methods to locate the wireless controller.

What does the auto-suppress rogue APs in foreground scan for the WIDS profile do

Automates suppressing rogue APs. Whenever a rogue AP is detected On-wire, fortigate automatically suppresses the AP

Radio Setting on AP profile: Radio resource provision

Automatic channel selection on APs in a network to minimize interference

Where is information about wireless performance metrics found

Available in the GUI and CLI Located under dashboard -AP status and client counts -channel utilization widget -interfering SSIDs widget

How many AP profiles can be assigned to an AP A.2 B. 1

B

WSSO can be used when 802.1X authentication is configured as which of the following? A. Local EAP B. Remote RADIUS server

B

What function does a rogue AP background scan perform? A. It sends deauthentication frames in the background while serving client B. It serves clients and performs a scan for interfering APs in the environment

B

What is the most secure form of WPA security A. WPA2-personal B. WPA2-enterprise

B

What type of SSID is set to broadcast, by default? A. Bridge mode B. Tunnel mode

B

What type of administrator access is required to manage FortiAP on fortigate? A. FMG-Access B. Security Fabric Connection

B

Which one is a core fortiplanner feature? A. Offers authentication method for wireless clients B. Allows you to view real-time heat map of FortiOS integrated wireless deployment

B

what is the recommended maximum channel utilization: A -50% B -75%

B

which organization evaluates wifi devices for compatibility? A. IEEE B Wifi Aliance

B

which methods of VLAN pooling are used for load balancing: A. Dynamic VLANs B. Round Robin and Hash

B.

Radio Setting on AP profile: WIDS profile

Background radio scanning and IDS profile settings

What is the default FortiAP profile named

Based on the AP model followed by —default

Why may DARRP not detect interference such as microwave ovens

Because it does not do a continuous spectrum analysis. By default it performs a background scan to measure utilization every 600 seconds by default and a channel reevaluation scan every 86400 seconds

Why shouldnt you share one radio for backhauling and clients in a mesh AP deployment

Because it will decrease performance. Clients will have to compete for airtime with APs

Why is the client connection quality to the AP usually poorer than the AP connection to the client?

Because it's transmits power rate is less than the AP and the antennas on clients tend not to be as good. This results in clients being more susceptible to interference

When choosing APs for your deployment why do you have to choose between universal and standard fortiAPs

Because not all fortiAP models support all types of wireless deployment modes. Universal works with all types of deployment modes including dedicated wireless controller deployment Standard support forticloud deployments and integrated (fortigate) deployment

Why is there a possibility of false positives with the on-wire rogue ap detection mrthod

Because of the nature of the Mac adjacency method Usually Wifi interface max address of an AP is similar to it's wired MAC address but not alway

Why are fortiAPs considered thin

Because they are controlled by either a fortigate or FortiAP cloud service

The lower the channel noise the _____

Better

A higher RSSI means

Better signal strength

What SSID option lets you block communication between devices on the same SSID

Block Intra-SSID traffic

Can captive portals be applied to wired or wireless

Both

Explain the FortiAP controller discovery process

By default FortiAP discovery method is set to auto which means it will go through each discovery method in sequential order until controller is found FortiAP will send discovery requests and sets a timer by default for 5 seconds. After 5 seconds and no response received it will send another request. This is done up to 3 times After 3-15 seconds if no response is received it will move to the next discovery method and repeat until the last discovery process fails. If the last method fails the AP goes into a SULKING state After approx 30 seconds it will enter the AP_IP_DISCVER state After the AC (ap controller) IP is found it will enter the idle state and eventually enter the DISCOVERY state then repeat the process

What is one new way of connecting to the AP CLI and how is it useful

CAPWAP tunnel Useful when AP is remotely based and cannot be reached by any other method (console, ssh, controller gui etc)

Where are the threshold for AP hand off set and what is command

CLI FortiAP profile Config wireless-controller wtp-profile Edit < profile name> Set handoff-sta-thresh 30 Set handoff-rssi 25 Set ap-handoff {enable | disable}

What calculates link rates and what is the rate based on (4)

Calculated by the wireless chipset based on signal strength, the SnR, and the retry and loss of frames

Example of CAPWAP packet capture and what you will see (pic)

Can see: -L2 header -sniffed traffic encapsulated into IP for transport -CAPWAP encapsulated into UDP for sniffer purposes and encapsulated intp IP -CAPWAP control traffic on UDP port 5246 -CAPWAP payload

The higher channel utilization the less ____ there is

Capacity

What security mode is there to provide guest access without authentication and use a disclaimer only

Captive portal

When using guest accounts for wireless access what do you have to set the security mode to

Captive portal

Fortipresence - social wifi

Captive portal configuration for guest wifi and can use social networking logins which can give fortipresence access to additional demographical information such as gender and age

Besides Wifi what other wireless technology does FortiOS support

Cellular with fortiextender

What I the primary indicator of capacity around an interface

Channel utilization

What is the most important indicator of wireless capacity

Channel utilization

What do channels with an asterisks mean on fortigate AP profile

Channels are subject to the rules of dynamic frequency selection (DFS)

What is a great way to check if a client is suffering from RF issues

Check the upstream link rate

What need to occur to get an accurate representation of connection speed from the client to AP (cw_diag ksta) Hint: it has to do with the client

Client should be transmitting data. Often clients will reduce link rate of wireless connections when the device is idle, in order to save battery

If an ap occasionally loses communication to the wireless controller due to network congestion of if the wireless controller becomes temporarily unavailable what happens to the devices connected to a bridged AP

Clients already associated to a bridged AP can still have network access

Why does frequency handoff (band steering) encourage clients to use 5GHz if possible (2)

Clients that support 5GHz band benefit from faster speeds and decreased interference Any clients on 2.4ghz will also have decreased interference

What dBm is considered better

Closer to 0 Usually -50 - -70 dBm is good -70+ is low signal

Two fortipresence platforms available

Cloud based On-premise VM

How to enable wireless controller on entry level models on the CLI

Config sys global Set wireless-controller enable End

Command to enable split tunneling in GUI for fortiap

Config sys settings Set GUI-fortiAP-split-tunneling enable

Enable wireless controller GUI display in CLI for entry level fortigates

Config sys settings Set gui-wireless-controller enable End

Command to configure security profile group for wireless controller

Config wireless-controller UTM-profile Edit <SSID> Set comment Set UTM-log enable Set ips-sensor <""> Set application-list <""> Set antivirus-profile <""> Set webfilter-profile <""> Set scan-botnet-connections monitor Next End

Command to configure WIDs profile in CLI

Config wireless-controller WIDs-profile Edit <name>

4 wireless controller configuration modes in CLI and what are each

Config wireless-controller global Global Config affects all APs and wireless configs Config wireless-controller wtp Configure managed APs Config wireless-controller wtp-profile Configuration of AP profiles Config wireless-controller vap SSID configuration

Command to change geographic location of wireless controller in the CLI, what is default, and why would you need to do this

Config wireless-controller setting Set country US End Default is US the max allowed transmitter power and permitted radio channels for Wifi depends on the region

Command to modify the interval (in s) that FortiAP sends out discovery requests for each discovery method to locate the controller

Config wireless-controller timers Set discovery-interval 5 End

Command to enable split tunneling for SSID

Config wireless-controller vap Edit <> Set split-tunneling enable

Command to apply per-ap configurations in the CLI

Config wireless-controller wtp Edit <AP SN>

Command to preauthorize APs in the CLI

Config wireless-controller wtp Edit <fap serial number>

Commands to configure split tunnel ACLs

Config wireless-controller wtp Edit <wtp name> Set override-split-tunnel enable Set split-tunneling-ACL-path { local | tunneled} Set split-tunneling-acl-local-ap-subnet enable Config split-tunneling-acl Edit 1 Set dest-ip

Command to configure ap profile in the CLI

Config wireless-controller wtp-profile Edit <profile name>

what is the CLI command to set the period that DARRP performs background scans

Config wireless-controller wtp-profile Set ap-bgscan-period <60-3600>

Command to configure DARRP optimization scan (channel reevaluation)

Config wireless-controller wtp-profile Set DARRP-optimize <0-86400>

Config wireless-controller wtp-profile

Configuration of AP profiles. Create or modify profiles that define radio and other settings for fortiAP platforms (models)

Config wireless-controller wtp

Configuration of Managed APs Used to change the configurations that are specific to a wireless termination point (WTP) aka AP Ie. Assigning a profile to an AP or overriding split tunneling configuration for individual AP

What do you need to configure to use the DHCP AP discovery method (2)

Configure option 138 on DHCP server Convert the IP of controller to hexadecimal: Convert each octet separately from left to right and concatenate them. IE. 192.168.0.1 converts to C0A80001

Set split-tunneling-acl-local-ap-subnet enable

Configured under Config wireless-controller wtp Automatically adds the local subnet of FortiAP to split tunneling ACL

In terms of signal strength and connection of a wireless client, the lower the modulation rates the lower the ______ ____ of the client

Connection performance

Fortipresence VM consists of ____ VMs. What are they?

Consists of two VMs Infrastructure server for SQL service Application server to allow GUI access

CAPWAP

Control and Provisioning of Wireless Access Points. Tunneling protocol that encapsulates data between the AP and the WLC. Not encrypted by default. Network protocol that you can use to provision and manage APs using the fortigate.

What happens after the 4 way handshake

Control port unlocked: Once the 4-way handshake is completed successfully virtual control port which blocks all the traffic will be open and now encrypted traffic can flow. Now all unicast traffic will be encrypted with PTK and all multicast traffic will be encrypted via GTK which created in the 4-way handshake process.

After the APa are registered to forticloud what do you do for the cloud wireless deployment option

Create a FortiAP network and then in the network add the APs and create SSIDs

Command to show channel utilization for all allowed channels at the AP CLI

Cw_diag -c all-chutil

Command to show the last minute of channel utilization for the AP radios in AP CLI

Cw_diag -c his-chutil

Command to see station-specific layer 1 metrics on AP CLI and what is is some things it shows

Cw_diag -d sta <mac-address> Rx bytes RX rate Tx discards (lost frames) Tx retires (retry frames) RSSI (SnR)

Command to show associated stations on AP CLI Shows key information that is not available elsewhere such as downstream (AP to client) AND upstream link rate

Cw_diag ksta (sta)

Command to see statistics on a single wlan interface on an AP

Cw_diag stats wlanXY

Dedicated monitoring for rogue APs (option 1)

Dedicated monitoring radios are reserved for scanning and suppression. If enabled they will not broadcast and SSID and will not allow wireless clients to join them. -faster rogue discovery -suppressing rogue APs by sending deauthentication frames -performs continues foreground scans

How does the handoff-RSSI threshold value work

Default is 25. Measured in dB relative to the generic noise level -95dBm. For instance a value of 25 means that the signal level needs to be -70dBm or better and a value of 30 means the signal threshold is -65 dBm or better

What do RSNAs specify (2)

Defined by IEEE 802.11 Robust security network associations specify that two stations must: -establish a procedure to authenticate and associate with each other -create dynamic encryption keys through the process of the four way handshake Utilize a dynamic encryption-key management method that involves the creation of five separate keys. Part of the RSNA process involves the creation of two master keys known as the GMK (group master key) and the PMK pairwise master key

What is an AP profile (5)

Defined radio settings for FortiAP -operating band (g/n/ac/ax) -channels and band settings -SSIDs to broadcast -transmit power -radio settings They are model specific -all FortiAP models have different AP profiles -platform setting defines which ap model the profile supports

Wireless bridge

Device used to connect two wired/wireless network segments together, or to join wireless and wired networks together in the same way that wired bridge devices do.

Command to list connected stations and APs as you would see on the GUI

Diag wireless-controller wlac -d sta | grep -v 0.0.0.0

Radio Setting on AP profile: Channels

Different channels are available by country settings. You can enable channels by selecting the box. The different channels available will depend on the frequency band selected (2.4/5)

Radio Setting on AP profile: Short guard interval

Disabled by default. If enabled it can provide marginally better throughout on an 802.11ac or 802.11n

Source of information - Managed fortiap tables

Displays widgets and detailed information about the APs installed Multiple views: By AP BY radio

Background scanning for rogue APs (option 2)

During idle periods, FortiAP briefly switches the radio from acting as an AP to monitoring) by default the scan periods starts every 600 seconds and each seconds a different channel is monitored for 20 ms until all channels have been checked. During heavy AP traffic, background spectrum analysis can cause packet loss when the radio switches to monitoring. This technique is enabled with DARRP and offers poor rogue ap detectoon -slower rogue discovery -automatic if DARRP is enabled -scans only frequency band of radio

What kind of data does fortipresence display on the dashboard

Dwell time Visit frequency Visit duration Foot traffic Visitor density Location comparison Busiest time of day Etc

DARRP (6)

Dynamic automatic radio resource provisioning -AP selects the best channel availae to use based on the scan results of BSSID/received signal stenfth indicator (RSSI) to AC -Automatically selects channels based on usage and interference. -Can be applied in AP profile -uses background scan every 600 seconds -AP reevaluates channel selection. Every 84600 seconds -clients are signaled to migrate to a new channel -can consume AP resources

What key management method does RSNAs use

Dynamic encryption-key management method involving the creation of five separate keys

what authentication protocol does the 802.1X standard define

EAP and EAP over the lan (EAPOL) and RADIUS

EAP-TTLS

EAP encapsulation method used for client authentication after the TLS session is established with this, AVPs (attribute value pairs) are interchanged and authenticate the client using one of the following: -a native EAP method -a legacy auth proto such as PAP or CHAP EAP-TTLS is not natively supported on many devices so third-party utility may be needed

What type of EAPOL packets are detected by WIDS profile (4)

EAPOL-FAIL EAPOL-LOGOFF EAPOL-START EAPOL-SUCC

Radio Setting on AP profile: Band

Each radio had one of two band available, 2.4ghz or 5ghz. Use the drop down to choose IEEE protocol such as 802.11g/b

When will a four way wireless handshake occur

Each time a client tries to connect to an AP including roaming

EIRP

Effective Isotropic Radiated Power is a calculation used to estimate the radiated output power of an isotropic antenna crucial to understand the power level that will actually end up radiating out of your antenna. This is often for reasons of regulatory compliance, coverage considerations or perhaps matching the power of client devices. To calculate the EIRP of a system, enter the AP transmit power, the loss of any cable and connectors and the gain of the antenna. Note that if you are using an AP with an internal antenna, you can leave the cable loss at 0dB. Finally, hit the 'Calc' button to see the EIRP of the system in expressed in dBm and mW:

What authentication type is the PMK (pairwise master key generated in the RSNA process) generated as a result from (2)

Either 802.1X/EAP PSK authentication

What options are there for a guest account user ID (3)

Email Auto generate Specify

In order to send guest account passwords via sms or email what is required

Email or aka gateway to be configured on fortigate

What fortigates do not have wireless controller enabled by default

Entry-level models

With AP handoff the client that is forced to move to the other AP must have an RSSI that is _____

Equal to or more than the defined RSSI value on the AP this I defined in the AP profile

How often does fortiAP push data to fortipresence

Every 10 seconds but this is configurable

EAP

Extensible Authentication Protocol -The Extensible Authentication Protocol (EAP) is a protocol for wireless networks that expands the authentication methods used by the Point-to-Point Protocol -EAP is used on encrypted networks to provide a secure way to send identifying information to provide network authentication -is not a wire protocol, it only defines message formats -each protocol that uses EAP defines a way to encapsulate EAP messages within that protocols message -has many different versions

EAPOL packet flooding

Extensible authentication protocol over LAN packets are used in WPA and WPA2 authentication. Flooding the AP with these packets can be a DoS attack. Several types can be detected by FortiAP WIDS:

True or false. Only the paid fortipresence license can be hosted on cloud or on premise

False both free and paid licenses can be hosted on cloud or on premise

True or false: can you apply individual security profiles to an SSID like you can with firewall policies?

False you have to apply as a security profile group

True or false The ap can measure the client signal quality directly

False. Only the client NIC can measure this and there is no way for these metric to be sent back to the wireless network

Real time heat map

Feature of fortiplanner- fortiplanner receives real time RF information from installed APs Displays actual coverage area on uploaded maps

RF planning

Feature of fortiplanner- helps determine the number and placement of APs required to cover the desired area

Fortiplanner reporting

Feature of fortiplanner- reports include information such as number of APs required to cover the desired area, channel sections, 2.4GHz and 5GHz coverage

Live site survey

Feature of fortiplanner- requires an AP in site survey mode to check and report any interference in the area. Allows you to check for an interference on the coverage area. Displays the coverage area on uploaded maps

RSNA dynamic key-management process

Five Separate keys created (Two master keys)

Phase 3 of wireless design- gather information (6)

Follows the High level scope: -list of apps and protocols currently in use -number of users to support -type of client devices in use (from high end to least capable) -use case details (VoIP, data, guest access) -number of SSIDs to broadcast -floor plans and area to be covered by wireless network

Do you enable administrative access for directly on the AP (2)

Forti ap profile or by overriding the FortiAP profile settings on a per ap basis

FortiAP shows a "?" On managed fortiAP page

FortiAP is not authorized

traffic flow for an AP with an SSID configured in local bridged mode

FortiAp tags the traffic coming from the wireless clients with the correct VLAN ID. FortiAP the places the traffic on the bridged network The local traffic is switches at Fortiswitch, but CAPWAP control traffic still goes to the wireless controller

When an attacker tries to use a rogue AP for unauthorized access what does FortiOS do

FortiOS automatically detects and lists the ap in the rogue AP monitor. Using the WIDs profile you can suppress the AP to avoid security threats

What fortiap managing devices does fortipresence receive data from (3)

Forticloud Fortigate/wifi FortiWLM

What is a fortiwifi a combination of (3)

Fortigate LAN switch AP

What devices have the FortiOS integrated wireless controller (3)

Fortigate Fortiwifi Fortigate-VM

The forticloud service is separated into two parts:

Fortigate cloud FortiAP cloud

Once a FortiAP is authorized on fortigate what happens? (2)

Fortigate establishes a CAPWAP tunnel to the fortiAPs and pushes the configuration to them based on the assigned AP profile

Fortiwifi

Fortigate with a built in Wifi radio (also called a thick AP) this is suitable in deployments where a single AP can cover all areas

Fortinet integrated wireless solution and what it includes.

Fortigate with an integrated wireless controller for thin aps. It provides a single-pane-of-glass management for security and access. This solution includes fortigate, fortiAPs, and centralized management. It is secure because it consolidated the WLC with the fortigate UTM

Where do fortiAPs get security profile updates

Fortiguard through a fortiguard subscription that is why each AP needs separate subscription

Fortinets Wifi site survey manager

Fortiplanner

What product collects details on site visitors such as devices and locations and then presents information as analytical reports

Fortipresence

Fortiplanner free version vs professional version

Free supports up to 10 APs Paid supports unlimited and enables the site survey and real time heat map features.

Fortipresence licenses are available with two options, what are they and what are the differences between them

Free tier (unlicensed) and paid tier (licensed) Free: 5 sites 7 day data retention 200 captive portal sessions No site reports or user management Social media auth is paid per site Captive portal customization is paid per site Has themes and images from captive portal

What options are there for client loading balancing on forti APs (2)

Frequency handoff Ap handoff

What other key is the GTK depended on

GMK group master key

What key is used to encrypt/decrypt broadcast and multicast traffic in wireless

GTK

What are the final encryption keys in the four way handshake

GTK and PTK

Fortiplanner controls- report tab (2)

Generate reports in PFF or other format. Provides details on device placement, device inventory, propagation analysis for 2.4/5GHz

Command to show RF conditions around all AP radios - shows a list of neighboring APs together with their signal strength, channel, and RF score

Get wireless-controller RF-analysis

Command to list all discovered neighboring APs

Get wireless-controller scan

Command to show client load over time - shows a breakdown of total client load over multiple hours and day

Get wireless-controller status

Config wireless-controller global

Global Config affects all APs and wireless configs Used to configure global parameters like name and max-retransmit

High speed standards require a _____ SnR

Greatwr

You must have at least one user ____ with the type ____ to generate guest accounts

Group Guest

GTK

Group Temporal Key used to encrypt all broadcast and multicast traffic between an access point and multiple client devices. GTK is the key which is shared between all client devices associated with 1 access point. For every access point, there will be a different GTK which will be shared between its associated devices.

What CLI setting in AP profile determines the value after which the handoff protocol is initiated for a new client

Handoff-sta-thresh

what is vlan pooling load balancing hash method

Hash - FortiOS assigned a VLAN based on a hash of the current number of SSID clients and the number of entries in the VLAN pool

What command will provide help and show you available commands in the AP CLI (2)

Help or ?

The lower the signal strength RSSI the lower the ability of the radio to use _____modulation rates

Higher

VLANs use __ ___ to logically separate a LAN into smaller broadcast domains

ID Tags

What standard defines RSNAs

IEEE 802.11-2007

explain the following RADIUS attributes: IETF 64 (tunnel type) IETF 65 (tunnel medium type) IETF 81 (tunnel private group ID)

IETF 64 (tunnel type) - Tells the fortigate that the VLAN information is attached to the RADIUS response IETF 65 (tunnel medium type) - tells the fortigate that the IEEE 802 attribute is attached to the RADIUS response IETF 81 (tunnel private group ID) - tells the fortigate to attach the user to the specified VLAN ID interface

what attributes must the RADIUS server send the fortigate to use dynamic VLAN assignment and what do they need to be set to (3)

IETF 64 (tunnel type) - set to VLAN IETF 65 (tunnel medium type) - set to IEEE 802 IETF 81 (tunnel private group ID) - set to the VLAN ID

Radio Setting on AP profile: Monitor channel utilization

If enabled AP radio is monitored for channel utilization

Why can DARRP cause network issues

If network is being used at capacity it can cause issues because it consumes AP resources with different scans.

AP split tunneling

If split tunneling is configured, only traffic destined for the corporate office networks is routed to the fortigate and other general traffic is routed, unencrypted through the local gateway. It eliminates loading the fortigate with unnecessary traffic and allows direct access to local private networks at the location of the fortiAP even if the connection to the controller goes down

What conditions must be met for a bridged fortiap to continue to authenticate users if the wireless controller is down or disconnected

If the SSID meets the following: -authentication and traffic is handled by FortiAP regardless of the connection status between FortiAP and fortigate "Local standalone" "Local authentication"

Why may it be helpful to exempt sources from the captive portal

If the device needs wireless for internet access but can't accept a disclaimer or authenticate. Such as a printer that needs access to internet for firmware.

What happens if the Last AP discovery method fails

If the last method fails the AP goes into a SULKING state After approx 30 seconds it will enter the AP_IP_DISCVER state After the AC (ap controller) IP is found it will enter the idle state and eventually enter the DISCOVERY state then repeat the process

Bridge mode - security profile support

If the managed FortiAP model (such as U) you can apply a security profile group to the wireless controller which allows you to apply the following security profile features to the traffic over the bridge SSID AV (botnet) IPS APP control Web filter

When is DARRP recommended

In large deployments with many APs to reduce interference. With small deployments that have less risk of interference static channel assignation is fine

Where is the client RSSI threshold defined

In the AP profile

When a new AP is detected that is not authorized this AP appears where?

In the rogue AP list? Dashboard > Wifi > rogue APs

What would a client with good signal strength and a low link rate indicate

Indicates that the noise floor is higher than optimal because the SnR is small. This prevents the client from using the upper link rates regardless of how strong the signal is. A higher level of noise and/or a lower signal reduces the SnR

What does retry rate and percentage of channel utilization measurements indicate for a radio (2)

Indicates the quality and capacity of the air (RF) around the AP Also includes the clients that use the RF

ISM

Industrial, scientific, and medical band 2.4ghz

What will netsh display on windows CLI

Information depending on whether the client is connected or not including the channel connected. You can also see the channel in use and an estimate of the receive and transit rates and the percentage signal strength.

What is it called when FortiAP devices are provisioned and managed using fortigate

Integrated wireless deployment

Why is it recommend to use the integrated wireless solution (8)

Integrating APs with fortigate gives you the ability to perform: -UTM -policy enforcement -authentication -bandwidth control -logging and analysis -rogue AP detection and WIDs -fortiguard services -single pane of glass management Etc

Why is the dedicated monitor for rogue AP preferred over background scanning

It can reduce the load on APs and saves them from switching to AP and monitoring mode, preventing packet loss.

How does fortigate determine if a client can operate on 5GHz frequency for band steering

It continuously probes the clients to identify if they can operate on the 5GHz frequency. Fortigate maintains a table to track which clients support both frequencies and records the RSSI value along with the other information for each frequency.

What is fortipresence

It correlates and displays analaytics from wireless devices in order to improve business and customize experience. Gathers details on site visitors from their Wifi signal. Data such as Dwell time Visit frequency Visit duration Foot traffic Visitor density Loyalty Location comparison Busiest time of day Etc is collected from forti-wireless devices, summarized, and forwarded to fortipresence

Benefit of AP split tunneling

It eliminates loading the fortigate with unnecessary traffic and allows direct access to local private networks at the location of the fortiAP even if the connection to the controller goes down

Why may the cw_diag ksta command on the AP CLI be helpful (3)

It will shows associated stations to the AP with both the upstream AND downstream link rates listed together with SnR These are good indication of connection quality Reviewing the connection capability of the client that's connecting will indicate the max rate the client is capable of. Compare this to it's connection using this command to show how close it is to the maximum connection speed.

Command to show radio interfaces on an AP and what are some other details shown

Iwconfig -Wireless standard -frequency -ESSID -mac -bit rate -tx power -enc key -link quality -SnR -SSIDs in the form of XY "wlan00"

A tunneled SSID is treated as a_____

Layer 3 Interface

The upstream ____ ____ is the best measure of upstream client connection quality

Link rate

_____ _____ are a fundamental measure of link quality

Link rate

What measurement can generally be the prime indicator of connection quality

Link rate (retry and loss rate)

The ultimate indicator of wireless health is _____

Link rates that the client and AP use to communicate with each other

What two options are there for 802.1X on fortigate wireless Config

Local or remote with RADIUS

Captive portal- authentication portal types (2)

Local: fortigate presents the user with a login page and processes authentication requests External: fortigate redirects the user to an external URL. External captive portal server is responsible for presenting the user with the login page and validating authentication

Where is the fortipresence VM deploued

Locally on site

The higher the level of channel noise the ____ the signal-to-noise ratio (SnR)

Lower

MSK

MSK (Master Session Key) The master session is the first key which is generated either from 802.1X/EAP or derived from PSK authentication.

What can make on-wire rogue ap detection more difficult

Mac address spoofing and NAT on the rogue AP can make on-wire detection more difficult because the frames in the wired and wireless traffic won't have the same MAC address.

What type of managed APs can split tunneling be enabled on (2)

Managed by fortigate or forticloud

What two options does TX power control have in the FortiAP profile. What are each

Manual and auto. Manual: a TX slide control appears and you can adjust the TX power. 100% power is based on the maximum permitted in your area Auto: you must define the power range and FortiOS will automatically adjust the power in that range.

To use the static IP or DNS hostname AP discovery method what do you need to do before deploying the APs

Manually configure the APs with the controller IP or hostname in the GUI, CLI, or serial port of AP

Two ways to suppress a rogue AP

Manually on the rogue AP monitor page Enabling auto suppress rogue APs in foreground scan (WIDS profile)

What is one of the most common reasons a laptop can't connect to the wireless network

Many laptops have hardware switches to enable or disable wireless connectivity. Most commonly the switch is disabled preventing connectivity

Set max client vs set handoff-sta-threshold ap profile setting

Max client is max number of clients AP supports. Once reached it will force reject new clients Sta threshold is when the ap handoff is initiated and nearby AP will respond to the client to join it

What is the max command that can be sent to a FAP over the CAPWAP tunnel and what is the max output from the command (and default) that can be sent back from the FAP (3)

Max command sent to FAP- 127bytes MAx output from the FAP back- 4M Default output from FAP back- 32K

Config wireless-controller wtp-profile Edit < profile name> Set max-client

Maximum number of clients this AP supports. After the AP reaches this number of clients it forces a hard rejection. 0 means no limit.

What does more channel noise mean to an AP and client

Means it will be more difficult for the AP and the client to transmit

What is the enable passive scan mode setting on the rogue ap detection settings for the WIDS profile

Means that the AP will not send probe requests on scanned channels

Most of the metrics for performance and diagnostics shown on the controller are measured from what point of view?

Measured from the AP or controller point of view

What does wireless capacity measure (3) and what 3 measurements can you look at to determine wireless capacity

Measures factors that affect the capacity of the interface and the channel capacity around the interface, measure of channel utilization (how busy the interface and spectrum is, and the number of clients on an interface -channel utilization -association count -data throughput

How does DARRP prevent interference between APs

Measures utilization and interference on the available channels and selects the clearest channel at each AP. It uses AP background scans as input (every 600 seconds)

On-wire rogue AP detection and how it works (7)

Mechanism continuously compares wireless and wired client traffic to identify if an unknown AP has joined your network -must be at least one Wifi client connected to suspect AP and continuously sending traffic -rogue AP will probably need to be a layer 2 bridged AP otherwise FortiOS will only see the wireless router Ethernet MAC -if fortigate and FortiAP see the wireless client MAC address on the wired network, then the rogue AP that the client is connected to must be on-wire -can block either exact MAC addresses only or similar (adjacent) Mac addresses -Mac adjacency is configurable -Mac address spoofing and NAT on the rogue AP can make on-wire detection more difficult -false positives are possible

Complete four way handshake

Message1: access point sends EAPOL message with Anonce (random number) to the device to generate PTK. Message2: Once the device has created its PTK it sends out SNonce which is needed by the access point to generate PTK as well. The device sends EAPOL to AP message2 with MIC (message integrity check) to make sure when the access point can verify whether this message corrupted or modified. Once SNonce received by the AP it can generate PTK as well for unicast traffic encryption. Message3: EAPOL message3 is sent from AP to client device containing GTK. AP creates GTK without the involvement of the client from GMK. Message4: Fourth and last EPOL message will be sent from the client to AP just to confirm that Keys have been installed.

Message 1 of 4 way handshake

Message1: access point sends EAPOL message with Anonce (random number) to the device to generate PTK. Don't forget client device knows Ap's MAC because its connected to it. It has PMK, Snonce and its own MAC address. Once it receives Anonce from access point it has all the inputs to create the PTK. PTK = PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))

Message 2 of 4 way handshake

Message2: Once the device has created its PTK it sends out SNonce which is needed by the access point to generate PTK as well. The device sends EAPOL to AP message2 with MIC (message integrity check) to make sure when the access point can verify whether this message corrupted or modified. Once SNonce received by the AP it can generate PTK as well for unicast traffic encryption.

Message 3 of 4 way handshake

Message3: EAPOL message3 is sent from AP to client device containing GTK. AP creates GTK without the involvement of the client from GMK.

Message 4 of 4 way handshake

Message4: Fourth and last EPOL message will be sent from the client to AP just to confirm that Keys have been installed.

For a large proportion of wireless troubleshooting, it revolves around ensuring that a number of wireless ____ are within acceptable ranges

Metrics

What default FortiAP profile settings are customizable (10)

Mode: disabled (no radio) access point(normal radio) , dedicated monitor (used to monitor and not for clients) WIDS profile: background radio scanning and IDS profile settings radio resource provision: automatic channel selection on APs in the network to minimize interference Band: 2.4/5ghz Short guard interval: disabled by default. If enabled can provide better throughput on 802.11ac or n Channels: different channels are available by country/region TX power control: provides auto or manual control over radio power Monitor channel utilization: if enabled, AP radio is monitored for channel utilization SSID: select auto or manual Channel width: 20,40,80 configurable for 5ghz

why may you need special equipment to identify non-wifi/non-coherent interference

Most APs do not have a built in spectrum analyzer and if they do they may be able to log interference events but cannot pinpoint the exact location since they usually lack directional antennas. Some APs may need to be dedicated to this task

Why may a client capable of high wireless link rates be showing they are only getting around 65mbps (2 examples)

Most likely this means they are connecting to the 2.4GHz radio and not the 5GHz radio Also could mean metrics (loss/retry/signal strength/noise) are impacting

What needs to happen for fortigate and FortiAP to detect a rogue AP on wire (2)

Must be at least one Wifi client connected to the suspected AP and continuously sending traffic. If fortigate and FortiAP see the wireless client MAC address on the wired network then the rogue AP that client is connected to must be on wire -rogue AP will probably need to be a layer 2 bridged AP otherwise FortiOS will only see the wireless router Ethernet MAC

When configuring a guest user group it allows you to select which type of guest information you want selected. What are the options (6)

Name Email SMS Password (auto or specify) Sponsor (auto or specify) Company (auto or specify)

Signal strength is measure in _____ _____

Negative decibels

How to locate client MAC address on windows CLI

Netsh wlan show interfaces

CAPWAP in the fortigate integrated wireless solution and what it provides (3)

Network protocol that you can use to provision and manage APs using the fortigate. Provides: -configuration management -device management -configuration and firmware upgrade to AP

By default, is load balancing applied to roaming clients

No

Do the AP and controller need to be in the same broadcast domain for the multicast AP discovery method to work

No AP and controller do not need to be in the same broadcast domain if multicast routing is configured correctly.

Benefit of using the fortiAL cloud wireless deployment

No need for a fortigate on site

Possible causes of channel noise and examples

Non-wireless lan devices transmitting in the 2.4 and 5GHz ranges. Examples include: -microwave oven -Bluetooth devices -wireless cameras and alarms -distant wireless aps and devices

What part of 802.1x or PSK auth does the four way WPA/2 handshake start

Occurs in the last four frame during either 802.1X/EAP or PSK authentication

Where is wireless load balancing configured

On AP profile

What two options are there for the start countdown - expiration of a guest account

On account creation (default) After first login

Where is frequency load balancing configured

On the AP profile

Besides dedicated monitor and background scanning what is another useful technique for rogue AP setection

On-wire rogue AP detection

What type of APs can be assigned to an AP group (2)

Only APs of the same model and only ones not assigned to another group

For a fortiap cloud wireless deployment what type of traffic is sent back to forticloud

Only management traffic. All user data traffic remains local

Complete list of supported formats for wireless security modes (13)

Open Captive-portal WPA-personal WPA-personal+captive WPA-enterprise WPA2-only-personal WPA2-only-personal+captive WPA2-only-enterprise WPA3-enterprise WPA3-sae WPA3-sae-transition Owe Osen

What EAP method is supported for 802.1x local authentication

PEAP

PTK is dependent on what other key

PMK PTK = PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))

What are the two master keys created during the RSNA process

PMK pairwise master key GMK group master key

What key is used to encrypt/decrypt unicast traffic in wireless

PTK

PMK

Pairwise Master Key Generates the PTK Pairwise master is key generated from master session key (MSK). In case of WPA2/PSK when device authenticates with access point the PSK becomes PMK.PMK resides on all stations as in AP and client devices, so we do not need to share this information. We use this information to create PTK which are used for unicast data encryption.

PTK

Pairwise Transient Key Pairwise transit key is used to encrypt all unicast traffic between a client station and the access point. PTK is unique between a client station and access point. To generate PTK, client device and access point need the following information. PTK = PRF (PMK + Anonce + SNonce + Mac (AA)+ Mac (SA))

An ap profile defines the configuration for each AP. If you want to apply different settings for some aps without creating additional profiles what can you do

Per-ap Configuration You can override ap profile configuration for a specific AP Certain options are available only in the cli

How is channel utilization measured

Percentage

Phase 5 of wireless design- predictive design (1)

Performed using a software program to perform AP placement based on RF prolongation algorithms -fortiplanner

What FortiAP profile settings can you Not modify when you use a default FortiAP profile (2)

Platform Country/region

PPP

Point-to-Point Protocol -used for wired network authentication -unencrypted

What would a acceptable signal strength and a low link rate indicate

Potential noise issue An AP and a client will respond to decrease in SnR by reducing link rates. Decrease in SnR means increase in channel noise

Phase 1 of wireless design- project information (4)

Project info is high level input that you can use to implement wireless design. Important to identify use case and primary goals. What industry? What type of structure is it based on? What are the business goals? Compliance requirements?

Pros and cons of mesh AP deployment

Pros: -Eliminates the need to physically cable every AP to the wireless controller -better performance due to fewer clients on backhaul frequency (less collisions) Cons: -wireless not reliable for backhaul connectivity due to interference and quality of signal issues

PEAP

Protected Extensible Authentication Protocol. PEAP provides an extra layer of protection for EAP. PEAP-TLS uses TLS to encrypt the authentication process by encapsulating and encrypting the EAP conversation in a Transport Layer Security (TLS) tunnel. Since TLS requires a certificate, PEAP-TLS requires a certification authority (CA) to issue certificates. (Server side)

Radio Setting on AP profile: TX power control

Provides auto or manual control over radio TX power

Source of information - Wifi Maps (4)

Provides graphical representation of the location of the APs. Useful for visualizing the state of the wireless network. You can see channel configuration, channel utilization, and station load. Allows for the ID of APs that might have incorrect channel settings or are overloaded. It requires a floor plan import and AP placement

Phase 4 of wireless design- site survey (6)

Purpose is to plan and design a wireless network, providing a solution that will deliver the required coverage, link rates, network capacity, roaming capability, and QoS -perform a site walkthrough -type of building or facility -detailed maps or drawings -capture photos of mounting positions, cable drops, and cabinet spots -existing wireless infrastructure (potential interference, spectrum analysis, non Wifi devices) -identify problem areas

What must the RADIUS server send back to fortigate for WSSO

RADIUS server must be configured to send a group name as a RADIUS attribute back to fortigate. It is case sensitive. VSA (vendor specific attribute) is FORTINET-GROUP-NAME

how does dynamic vlan assignment work for SSIDs

RADIUS server will provide the VLAN information through the attributes that it sends to the fortigate upon the authentication request: IETF 64 (tunnel type) - set to VLAN IETF 65 (tunnel medium type) - set to IEEE 802 IETF 81 (tunnel private group ID) - set to the VLAN ID

In the CLI what is the radio referred to as

RLD

The controller maintains a list of ______ for all wireless clients

RSSI

On FortiAP the component on the AP that transmits and receives radio signals is called ______(2)

Radio or wireless interface

What setting need to be enabled in AP profile if you want FortiAP to select channels based on interference

Radio resource provision

What will the following columns indicate on the wifi client monitor: Rate - MIMO - Band -

Rate - link quality indicator MIMO - client capability indicator Band - client capability indicator

RSSI

Received Signal Strength Indication

RSSI

Received Signal Strength Indicator - an index level calcuated from signal strength. If it the connection speed is below the RSSI minimum the wireless adapter will drop the signal

When an attack Is detected by a WIDS profile what does FortiOS do

Records a log message

By default what does fortigate do to traffic from users behind an interface that has the security mode set to captive portal (2)

Redirects HTTP traffic to captive portal and blocks all other traffic

What will lowering the TX power do to FortiAP coverage

Reduce the coverage area and RF signal propagation

How will an AP and client respond to the decrease in SnR

Reducing connection link rates

What can a high number of tx_retries (retry frames) with the command cw_diag -d sta <mac address> indicate

Retries are part of normal wireless LAN network operation but a high number would indicate an issue

How to upgrade fortiAP from the managed fortiAP page and what is required to be able to perform the upgrade from this page

Right click AP > select upgrade FortiOS will find appropriate firmware for AP and upgrade it. This requires you to register FortiAP on fortinet support site and have a valid support contract

From the rogue ap dashboard how can you keep track of APs that are authorized by you or not

Right click and classify the AP as: Accepted, rogue; suppressed rogue, or unclassified

RSNAs

Robust security network associations

How does on wire rogue AP detection work

Rogue AP monitoring of WiFi client traffic builds a table of WiFi clients and the Access Points that they are communicating through. The FortiGate unit also builds a table of MAC addresses that it sees on the LAN. The FortiGate unit's on-wire correlation engine constantly compares the MAC addresses seen on the LAN to the MAC addresses seen on the WiFi network. There are two methods of Rogue AP on-wire detection operating simultaneously: Exact MAC address match and MAC adjacency.

Fortigate RBAC

Role based access control Fortigate let's you create user groups and use remote authentication servers with reference to a group in order to select users based on a different set of policies, SSID, SSL VPN, etc for role based access

what is vlan pooling load balancing round robin method

Round Robin - VLAN with least number of clients is assigned new connections

What are the two VLAN pooling methods available for wireless client load balancing (tunneled only)

Round Robin - VLAN with least number of clients is assigned new connections Hash - FortiOS assigned a VLAN based on a hash of the current number of SSID clients and the number of entries in the VLAN pool

Config wireless-controller vap

SSID configuration Used to set options for VAP (virtual access points) aka SSID. All parameters related to wireless security options will be configured under here.

What protocol needs to be enabled on fortigate interface that AP connects to for CAPWAP

Security fabric connection

How does FortiAP suppress rogue APs

Sends deauthentication frames

What two fields are required when preauthorizing a FortiAP on the fortigate

Serial number and FortiAP profile

What level is traffic processed for a tunneled SSID

Session

What are these settings in the CLI: Config wireless-controller wtp-profile Edit < profile name> Set handoff-sta-thresh 30 Set handoff-rssi 25 Set ap-handoff {enable | disable}

Set handoff-sta-thresh 30 - # of clients before AP handoff is initialized <5-35> Set handoff-rssi 25 - RSSI value threshold sets minimum signal strength that a new client must have at an alternate AP for the overloaded AP to ignore the client. Range 20-30 Set ap-handoff

CLI command to change the max numerical difference between an Ethernet and wireless max value for on-wired rogue AP detection What is the range and default value

Set rogue-scan-Mac-adjacency <0-31> Def is 7

What are wireless security modes

Settings for client authentication and traffic encryption between the wireless client and the AP

What can a high number of tx_discards (lost frames) with the command cw_diag -d sta <mac address> indicate

Shows the AP was unable to successfully send a data frame after numerous retires. This can indicate the station is unable to clearly receive or decode frames from the AP with the result. This can indicate poor signal strength at the client or a high noise floor

SAE

Simultaneous Authentication of Equals SAE is a variant of the Dragonfly Key Exchange defined in RFC 7664,[2] based on Diffie-Hellman key exchange using finite cyclic groups which can be a primary cyclic group or an elliptic curve.[1] The problem of using Diffie-Hellman key exchange is that it does not have an authentication mechanism. So the resulting key is influenced by a pre-shared key and the MAC addresses of both peers to solve the authentication problem.

Types of items to add to fortipresence GUI integrated google maps UI (4)

Sites Buildings Floors Areas

How is channel noise represented

SnR

SNonce

Snonce a random number generated by the client device (supplicant)

What exemptions can be applied to captive portals

Sources and destination/services

Spoofed deauthentication

Spoofed deauthentication frames are a DoS attack. They cause all clients to disconnect from an AP.

802.11s

Standard for wireless mesh networking

What AP discovery method should you use if the AP is not deployed on the same subnet as the wireless controller and cannot be reached by multicast or broadcast (2)

Static IP or DNS hostnames method

What automatic discovery options can you use for the remote connection and indirect connection AP deployment options (3)

Static IP(recommended) DHCP DNS

A high link rate means that both the signal _____ and _____ are good

Strength and quality

After you detect a rogue AP what do you usually want to do to it

Suppress it

TX power mode manual

TX slide control appears and you can adjust the TX power. 100% power is based on the maximum permitted in your area

How is RSSI measure by the fortiAP

Taken by the AP interface when receiving data from a client

How to locate client MAC address on Mac OS

Terminal - networksetup - listallhardwarereports

What can wireless retry rate be an indication of (example)

That the collision rate is high which can occur when there are large numbers of clients on the network (capacity measurement)

What is the wireless four way handshake

The 4-way handshake is the process of exchanging 4 messages between an access point (authenticator) and the client device (supplicant) to generate some encryption keys which can be used to encrypt actual data sent over Wireless medium

Level of AP participation in WIDS depends on?

The AP operating mode. Example: APs that are not in dedicated monitor mode cannot perform foreground scanning.

How does the multicast AP discovery method work?

The AP sends a multicast discovery request and the controller responds with a Unicast discovery response to the AP. AP and controller do not need to be in the same broadcast domain if multicast routing is configured correctly.

In 802.1X local authentication mode what two roles does fortigate play

The Authenticator and the authentication server

When using 802.1X remote authentication what role does fortigate play

The Authenticator only

What does it mean when the managed fortiAP status changes to a greed check mark

The CAPWAP tunnel is established between the controller and the AP

when VLANs are configured with a tunneled SSID what does the SSID interface act as (vlan interface is considered separate interface)

The SSID interface is considered a trunk

What are two key pieces of information needed in order to troubleshoot an issue with a wireless client and where would you get this info from

The client MAC address and IP If this issue lies beyond connecting to the AP then you can get this from the AP or controller If the issue is with connection to the AP you will have to get it from the end user

In order to use rogue AP suppression what rogue ap detection method do you need to use

The dedicated monitor. You can't use background scan. One radio needs to be dedicated since this is an active process

Why are faster link rates good

The faster the data is transferred and the less air time is used for transmissions. Ensuring high performance for the client and allowing max opportunity for other clients to transmit

4-way handshake keys for top to bottom

The first level key is generated is MSK during the process of 802.1X/EAP or PSK authentication. The second level key is generated from MSK is PMK and GMK. PMK is used to generate PTK and GMK is used to create GTK. Third level keys are the actual keys used for data encryption.

How to tell if signal strength is good or bad

The greater the negative number, the weaker the signal

What does a guest provisioning account display when they login

The guest user management pane which limits them to only creating guest accounts

Where does local and CAPWAP control traffic go for an SSID configured in bridged mode with a VLAN

The local traffic is switches at Fortiswitch, but CAPWAP control traffic still goes to the wireless controller

When dragging and dropping the AP into a fortipresence area what are you prompted to enter

The minimum RSSI cutoff value and EIRP values

What is TX power

The power the fortiAP uses when broadcasting RF signals

X.509

The standard format for digital certificates.

Frequency handoff

The wireless controller monitors the usage of 2.4ghz and 5GHz bands and signals clients to switch to the lesser used frequency to prevents congestion and interference

Why can't guest accounts be used for 802.1X local authentication

They are not considered local user accounts

Leaf AP in mesh deployment

They connect normal clients such as laptops, tablets, and mobile phone. They may also connect another leaf AP to the root AP

Long Duration attack

To share radio bandwidth. Wifi devices reserve channels tor brief periods of time. Excessively long reservation periods can be used as a DoS attack. Default threshold is 8200

Block intra SSID option in bridge mode AP

Traffic to and from wireless clients connected to the same SSID and AP is blocked. However wireless clients connected to the same SSID but on a different AP can communicate with each other. To prevent this you must have private VLAN enabled if APs are connected to a fortiswitch

True or false- false positives are possible with on-wire rogue AP detection

True

True or false. A smart phone will emit a Wifi probe even if it is not connected to Wifi network

True

True or false. Guest accounts are not considered local user accounts

True

To achieve one of the four main (not including the cloud deployment) physical AP topologies what two traffic modes can be used

Tunnel Bridge

Default SSID mode

Tunnel mode

Which SSID mode is treated as an interface

Tunnel mode

Three types of SSIDs that can be configured on fortigate

Tunnel mode Bridge mode Wireless mesh

What SSID option makes it so only users who know the name of the SSID can connect to it

Turn off broadcast SSID

Broadcasting deauthentication

Type of DoS attack. A flood of spoofed deauthentication frames forces wireless clients to deauthenticate, then reauthenticate with their AP.

What AP series does not support it's CLI being accessed through the CAPWAP tunnel

U series

What ports does CAPWAP use

UDP port 5246 - control channel UDP port 5247 - data channel

U-NII

Unlicensed National Information Infrastructure for 5ghz

What are the general guidelines during wireless network planning to avoid overlapping

Use every fourth or fifth channel

How do you register fortiAPs managed by FortiAP cloud or fortiWLC on fortipresence

Use the auto generated project name, project secret key, fortipresence IP, and port on the location services

What is the first step in using fortipresence

Use the fortipresence registration information to link discovered APs to fortipresence

Wireless mesh SSID

Used as backhaul SSID in distributed connection to connect to the root AP. The radio receives data for the WLAN from the mesh backhaul SSID

What are cw_diag command for in the AP CLI

Used for monitoring or diagnostics

What type of deployment is security profiles on managed APs ideal for

Used for remote deployments and complex networks

SSID group and where it is configured

Used to simplify management of multiple by grouping SSIDs so that they can be specified together in a FortiAP profile. Kind of like address object group. Configured in wifi&switch controller > SSIDs > create new > SSID group

Why is TX power control useful

Useful to control signal coverage area. You can decrease the power to prevent broadcasting signals to any unwanted area that may pose as a security risk

Where to configure guest accounts

User & authentication > user groups > type guest

The fortigate wireless controller supports two user authentication mechanisms. What are they?

Username and password (WPA enterprise, WPA3, captive portal) Preshared keys (WPA2 personal)

When does DARRP perform background scans and what is the range

Uses background scan every 600 seconds Range is 60-3600 seconds

How does fortiplanner estimate signal loss and bounce (generate heat map)

Uses ray tracing algorithms to estimate signal loss and bounce based on objects that can cause RF interference such as walls, windows, and elevator shafts.

How can CAPWAP communication be secured

Using DTLS encryption

How does fortipresence make locating sites and their respective data simple

Using google maps integrated UI to locate the sites and compare trends across each site

As a guide, a healthy wireless interface should maintain rates of: Utilization- Client count-

Utilization- <75% Client count- <30

What is VLAN pooling?

VLAN pooling is the process of creating several VLANs for a single domain (a single SSID as well) and randomly assigning the wireless clients to a VLAN.

using _____ reduces the need to deploy additional SSIDs

VLAN tagging

What is the VSA and ID for the RADIUS server to send fortigate for WSSO

VSA (vendor specific attribute) is FORTINET-GROUP-NAME. Fortinet vendor ID: 12356

Max number of supported APs on fortigate and fortiwifi

Varies by model

What do you need to do before enabling the suppression of rogue APs

Verify that the operation of suppressing rogue APs is compliant with the applicable laws and regulations of your area

VAP

Virtual access point. AKA SSID

How can fortipresence VM be utilized to allow visitors to login to the wireless infrastructure (3)

Visitor can login using: -Social media authentication with captive portal -SMS-OTP -customized visitor portal

How does fortiAPs collect data to forward to fortipresence

Visitor smart phones and devices probe for wireless APs. APs use this data to detect information about the devices and forward it in the form of station reports to fortipresence

As a best practice what should you set the handoff-RSSI value for voice traffic and for data and video to minimize interruptions (2)

Voice- 25-30 Data/video - 23-37

What security modes does the wireless controller support (7) There is also a complete list with more supported.

WPA WPA2 WPA3 captive portal Open OWE OSEN

What is a more secure form of WPA2 security and why

WPA2 enterprise because each user has their own authentication credentials verifies through an authentication server

WPA2 with a preshared key is called___

WPA2 personal

dynamic vlan assignment can only be enabled for what type of SSID security mode and authentication (2)

WPA2-Enterprise or WPA3-Enterprise using RADIUS for authentication

WPA2-Personal

WPA2-Personal encryption uses a pre-shared key (PSK) to protect the network access. -all user share same static pass phrase -if a user leaves or device is lost the PSK should be changed on all APs and devices

In the CLI what is the AP referred to as

WTP

Where is frequency handoff configured

WTP (AP) profile

Null SSID probe response

When a wireless client sends out a probe request the attacks sends a response with a NULL SSID. This causes many wireless cards and devices to stop responding.

How does the controller measure and display the quality of a a downstream wireless connection

When an AP transmits network traffic to the client, the controller shows the connection quality of the AP when it transmits to the client

What is the multiple preshared keys option for SSID configuration

When enabled you will configfre a preshared key for each user. If a device is ever lost or a user leaves then you only have to change it for that one user or device.

When is FortiAP beneficial

When organizations have a large number of APs

Set split-tunneling-acl-path {local} Vs Set split-tunneling-acl-path {tunneled}

When set to local you can define subnets where traffic will remain local instead of being tunneled When you set to tunnel you can define subnets that are tunneled back to the controller

How does AP suppression work? (4)

While pretending to be the rogue AP, the fortigate Wifi controller uses the dedicated monitoring radio on a nearby AP It send deauthentication messages to the rogue AP clients. This makes it difficult for the clients to maintain a connection with the rogue AP. FortiOS will also mimic the rogue AP clients and send deauthentication messages to the rogue AP.

Phase 2 of wireless design- high-level scope (7)

Why, what, when, how - it it a new or existing install -why are you upgrading -what is the use case -what is the scale of the project -primary applications -big rollout or phased -deadline

After creating a wireless controller security profile group where do you apply the group

Wifi & switch controller > SSIDs Security profile group

Where to create wireless security profile group in gui

Wifi & switch controller > SSIDs > security profile group

Where to configure WIDS profilw

Wifi & switch controller > WIDS profiles

Where do you authorize and see discovered fortiAPs managed by fortigate

Wifi & switch controller > managed APs

How do you preauthorize APs and what is this

Wifi & switch controller > managed APs Allows you to preauthorize APs that will be added to the network. Must add all APs manually, one by one using the AP serial number and assign a forti AP profile After the preauthorize APs come online and are discovered by fortigate will authorize the fortiAPs automatically

Where is the managed FortiAP table

Wifi & switch controller > managed fortiAPs

How to connect to the AP CLI using the controller GUI

Wifi & switch controller > managed fortiAPs Right click the row of the fortiAP that you want to connect to and then select connect to CLI

Where do you configure SSIDs on fortigate

Wifi and switch controller > SSID

Where do you specify wireless security mode for SSIDS

Wifi and switch controller > SSIDs

Where to create a custom ap profile in the GUI

Wifi and switch controller > forti ap profiles > create new

Wireless bridge (WIDS profile)

Wifi frames with both the fromDS and ToDS fields set in are a wireless bridge. This will also detect a wireless bridge that you intentionally configure in your network

WIDS

Wireless Intrusion Detection System Monitors wireless traffic for a wide range of security threats by detecting and reporting on possible intrusion attempts It uses a profile to specify the intrusion detection settings and rogue AP detection

Two lan segments connected together over a wireless link (backhaul SSID)

Wireless bridge

AC

Wireless controller (AP controller)

AP handoff

Wireless load balancing. Wireless controller signals a client to switch to another AP

WSSO (2)

Wireless single sign on -allows fortigate to dynamically map RADIUS users to local groups -allows fortigate to enforce different levels of network access with the use of firewall policies and security profiles based on the user group that user belongs to

WTP

Wireless termination point. Aka AP

How are APs registered to forticloud

With the cloud key that ships with the AP or the forticloud credentials configured on AP

Can you apply captive portal to groups

Yes you can specify groups and even exempt sources and destination application/services

Is it possible to infer the downstream signal from AP to client is stronger than the upstream signal of the client to the AP

Yes, in general the transmission power of the AP can be higher than the transmission power of the client

Using the WAN connection AP topology, do you need to configure a VPN for the AP to contact the controller over the internet

You can but don't have to because the CAPWAP tunnel is secure and encrypted with DTLS

Radio Setting on AP profile: SSIDs

You can select auto or manual for the SSID used by the AP profile

After a local group ID created as type guest what do you do next

You create the guest accounts under guest user management and fill in the details that were configured on the user group

How do you register fortiAPs managed by fortigate on fortipresence (4)

You enter the auto generated project name, project secret key, fortipresence IP, and port numbers when configuring the fortiAP profile

When you look at the performance/diagnostics and metric of a radio what are you looking at?

You look at the health of the radio frequency (RF) around the radio

Why do you need to select the right platform settings and country in a custom FortiAP profile

You must select the correct platform because this is what tells fortigate the type of hardware used by the AP. Country/regio provides RF channels available in the area.

When bridged SSIDs are using VLANs what does the fortiAP ethernet interface act as?

a 802.1Q trunk

Wireless capacity - Channel utilization

a percentage count of used airtime on the interface channel around each AP for all interfaces It does not just account for traffic transmitted by it's own clients, but also account for other wireless traffic on the channels coming from neighboring APs and clients not associated with the network

a VLAN with tunnel mode SSID is treated as ____ ?

a separate virtual interface tied to a physical or tunnel SSID

thick AP

a thick AP has a radio, adds routing features and handles authentication and encryption as well as overall management of the network clients FortiWifi is a thick AP

What does the ap-sniffer-addr do config wireless-controller wtp-profile edit <profile> config <radio-1> set mode sniffer set ap-sniffer-addr 00:00:00:00:00:00 (wildcard)

all 0s will be a wilcard to sniff and decode all traffic on that channel or you can specify to a particular device

Can you apply an ap profile to any FortiAP?

all FortiAP models have different AP profiles -platform setting defines which ap model the profile supports -if the hardware of the AP does not support the specific setting fortigate removes those settings for the AP (ie. Removing 1 radio if the ap only has 1 radio )

inside the TLS session for PEAP what EAP method can be used for client authentication and give two examples

any native EAP method PEAPv0/MSCHAPv2 PEAPv1/EAP-GTC

PEAPv0/MSCHAPv2

authenticates the client using MSCHAPv2 EAP encapsulation method used for client authentication after the TLS session is established

what does the authentication server use to authenticate a client using PEAP

authentication server uses a digital certificate to auth the client

why might a third party utility be needed to use EAP-TTLS for

because it is not natively supported on many devices

How can VLANs enhance the capabilities of a wireless network

because you can separate an SSID into broadcast domains/more manageable subnets, so you dont need multiple SSIDs. Each VLAN is its own broadcast domain. Smaller broadcast domains reduce traffic and increase security

When does background scanning for rogue APs occur

by default the scan periods starts every 600 seconds and each seconds a different channel is monitored for 20 ms until all channels have been checked.

what three parties does 802.1X involve

client (aka supplicant) - device that wants to join the network authenticator - network device such as AP or switch authentication server - the host that supports RADIUS and EAP protocol such as FAC

how does 802.1X work (simple)

client is allowed to access layer 2 network after their identity has been validated and authorized. The client provides credentials to the authenticator (AP and switch) which the authenticator forwards to the authentication server for verification. If the authentication server determines that the credentials are valid, the client device is allowed to access the network

what is one of the biggest sources of wireless network issues

co-channel interference caused by incorrect channel settings

what are the two types of frequency interference

coherent and non-coherent

command to configure vlan pooling with managed AP groups in CLI

config wireless-controller vap edit <ssid> set vlan-pooling wtp-group config vlan-pool edit <vlanid> set wtp-group <groupname>

command to configure AP in sniffer mode

config wireless-controller wtp-profile edit <profile> config <radio-1> set mode sniffer set ap-sniffer-bufsize 32 set ap-sniffer-chan 1 set ap-sniffer-addr 00:00:00:00:00:00 (wildcard) set ap-sniffer-mgmt-beacon en set end set ap-sniffer-mgmt-other en set ap-sniffer-ctl en set ap-sniffer-data en

Radio Setting on AP profile: Mode

disabled (no radio) access point(normal radio) , dedicated monitor (used to monitor and not for clients)

What multicast address does FortiAP use to discover fortigate controller (multicast method)

discovers the controller using the multicast address 224.0.1.140

example: 1 mechanism that can help limit the need to have multiple wireless networks being broadcast

dynamic vlans

AVP (attribute value pairs) with the EAP-TTLS use what to authenticate the client (2)

either a native EAP or a legacy auth proto such as CHAP or PAP

using PEAP what does the client do prior to the authentication request

establishes a TLS session

How does FortiAP use DNS to discover the controller (DNS method)

fortiAP can discover the controller by using a host named configured in the AC_HOSTNAME_1 parameter

if using dynamic vlan assignment with a tunnel mode SSID where is traffic sent

fortigate

By default all traffic from the remote FortiAP is sent to the ____ _____ ____

fortigate Wifi controller

After you create VLANs under VLAN pooling with AP group method what do you need to do?

fortigate will automatically create the vlan interface but you need to apply interface settings such as IP and admin access, DHCP server, etc

Client load balancing across 2.4/5GHz =

frequency handoff

command to transfer AP pcap file to TFTP server

ftftp -1 /tmp/wl_sniff.cap -r sniff.cap -p <IP of TFTP server>

GMK

group master key Group master key is used in a 4-way handshake to create GTK.

dedicated spectrum analyzer

has chipset and software specifically designed to analyze wireless interference. They often come with a highly directional antenna and are mobile allowing a wireless engineer to walk the site and locate interference. It also allows for the classification of interference such as microwaves or bluetooth

Offline Dictionary Attack

ie The attacker obtains the system password file and compares the password hashes against hashes of commonly used passwords. If a match is found, the attacker can gain access by that ID/password combination. Ie An offline dictionary attack is performed by obtaining a ciphertext generated using the password-derived key, and trying each password against the ciphertext. This category of attack is invisible to the KDC and can be performed much faster than an online attack.

why would a client have a 169 address

if the network admin is dumb or if the client cant claim a dhcp lease

if the number of clients is already at the defined threshold and AP handoff is enabled what happens

if the number of clients is already at the defined threshold, new clients are redirected to join the least busy AP nearby. fortigate will request the least busy AP to respond to the join request for any new client that tried to connect to an overloaded AP if the RSSI condition is met.

Why should you disable broadcasting SSID

increases security and reduces management traffic

wireless alliance client certification

independent organization funded by the wireless industry. One service it offers is client certification. The alliance tests wireless clients and wireless Aps to verify compatibility before it issues a cert. cert is not a compatibility but it proves the client has been test in an enterprise environment http://www.wi-fi.org/product-finder

what needs to be configured for a VLAN with tunnel mode SSID

interface settings such as IP address, admin access, and separate firewall policies

what point of view does the wifi client monitor show for signal strength

it shows the signal strength measured by the AP does not show the strength for AP at the client

how to verify an AP is in monitor mode directly from the AP CLI

iwconfig mode:"Master"

problem: client shows as connected in the controller device tables and has a valid IP but cant ping other hosts on the network solution: (3 examples)

key hosts and services on the network shouldbe reachable at layer 3, which you can test using ping. failed connectivity indicates: -a policy is potentially preventing traffic flow -a captive portal is in place but not triggered -routing issue

what layer authentication does 802.1X provide

layer 2

Cons of bridge mode SSID

limited VLAN pooling options

common wireless equipment vendor used by wireless engineers

metageek

What does fortiplanner let you customize about the APS (6)

name, device radios, frequency, transmit power, orientation, and azimuth (North=0, E=90, S=180,W=270)

does the authenticator (AP or switch) need to have any knowledge on the authentication method (PEAP, TLS, etc) for 802.1X and why

no because the authentication is tunneled from the client to the authentication server over the RADIUS protocol

what SSID type is dynamic vlan assignment allowed on

on both tunnels or bridged ssid settings

EAP-TLS

one of the most common native methods that uses TLS and digital certificates on both clients and server to authenticate requires PKI implementation for all your wireless clients (all devices will need to have a valid certificate installed in order to connect to the wireless network) useused for client authentication after the TLS session is establishedd for client authentication after the TLS session is established

when are firewall policies required for a bridged SSID with a VLAN tagged?

only to route traffic between interfaces

if a wireless client is having connectivity issues and you determine it is the individual client by testing on several other clients, what can the issue then be narrowed down to

point to a driver or chipset issue on the individual client or maybe has to do with authentication if using 802.1X or MAC whitelisting/blacklisting

PRF

pseudo-random function which is applied to all the input. Used when generating the keys in the wireless four way handshake

FortiOS automatically adds all load balancing vlans to _____ after they are created in a VLAN pool

puts the VLANs in a zone based on the SSID they were defined in and tied to the VLAN interface. The zone name includes the SSID interface followed by .zone

how do you correctly disable an AP packet capture

remove AP from capture profile and then edit the profile to disable the capture

what does EAP-tLS required to be implemented for all wireless clients

requires PKI implementation for all your wireless clients (all devices will need to have a valid certificate installed in order to connect to the wireless network)

problem: client shows as connected in the controller device tables but doesnt have a valid IP address for the network it is joining solution: (6 examples)

solution: a wireless network is often assigned its own vlan and as a result its own IP schema and DHCP scope -some clients assign themselves a 169 link local address when they cant claim a DHCP address -make sure DHCP is not exhausted -if using a bridged network add a non-fortigate DHCP option -if using dynamic vlans with RADIUS make sure the RADIUS server is returning the correct attribute -if user assigned a static IP and moves to a new AP -fortiWLC stops a client from joining a tunneled wireless network if the clients manually configured IP address doesnt match the IP address range in use on the wireless network

Invalid MAC OUI

some attackers use randomly generated MAC address. The first three bytes of the MAC address are the OUI administered by the IEEE. invalid OUIs are logged

for a bridged SSID with VLANs where is the VLAN tagged?

tagged on the fortiAP and sent out the fortiap ethernet interface acting as a trunk to the switch

what is one way to isolate a wireless connectivity issue to the client instead of the AP

test with multiple wireless clients and see if they have the same problem

If a VLAN pool contains no valid VLAN ID what VLAB will users get assigned to?

the SSID static VLAN ID setting

when you use vlan pooling with the "Managed AP group setting" what do you define in the vlan pool settings?

the VLAN ID and the AP group to apply the VLAN ID to

what is one factor that CCI (co channel interference) is highly dependent on

the amount of traffic being transmitted over the channel. More traffic = more collisions

with dynamic vlan assignment, if the users RADUIS record does not specify a VLAN ID, what VLAN is the suer assigned

the default VLAN specified under: config wireless-controller vap edit <ssid> set vlanid <id> set dynamic-vlan enable

The lower the link rate means...

the more time is required to transmit a given amount of network traffic and the lower the link performance for the client

what is this command for: diagnose wireless-controller wlac sta_filter <AP station mac> 2

this will capture a step-by-step log of connection attempts made to the AP

AP overloading - client count/utilization and how to avoid it (3)

too many clients on a radio -for networks that have clients that regularly transfer large files or stream, you should aim for 30 clients per radio -for networks that have clietns that require only basic file, print, and Internet access, you should aim for 50 clients per radio may required additional APs w/ channel planning

What SSID mode can vlan tagging be used in

tunnel and bridge

VLAN pooling load balancing is only available for SSIDS in ____ mode

tunneled

where is the pcap for wireless packet sniffing temporarily stored

under the tmp directory as wl_sniff.pcap will be removed if AP is rebooted or radio parameter is changed

too many SSIDS can cause _____and why?

unwanted interference b/c wireless is a shared medium and clients will be competing for available airtime

what is dynamic vlan assignment for

used in the SSIDs with RADIUS authentication to assign each user a VLAN based on information provided by the RADUIS authentication server

In what AP deployment scenario would a bridged SSID be useful

useful when deploying an AP that connects to a wireless controller over a WAN link at remote location

PEAPv1/EAP-GTC

uses different identification mechanisms (including one time passwords) for authenticating clients, which makes it flexible. FAC supports it, but not commonly supported by other vendors EAP encapsulation method used for client authentication after the TLS session is established

How does FortiAP use the forticloud method to locate controller for forticloud management (forticloud method)

uses the host name apctrl1.fortinet.com for forticloud mgmt

what is frequency interference

when another wireless signal overpowers or corrupts your signal and causes frame loss, frame retries, and link rate reduction

where is vlan pooling configured

wifi & switch controller > SSIDs > vlan pooling enable > create new

What are the fortiAPs referred to as in FortiOS CLI

wireless termination points (WTP)

why are dual band APs increasingly hard to configure to prevent co-interference

with 5GHz APs are required to be closer due to higher signal strength and greater SnR requirements. This can cause problems with 2.4ghz planning and may require some APs 2.4ghz radio to be disabled

TX power mode auto and how it works in terms of detected interference

you must define the power range and FortiOS will automatically adjust the power in that range. If interference is detected the controller will automatically reduce AP tx power until "auto-power-low threshold" if interference is not detected or is detected and removed, controller increases AP TX power until "auto-power-high threshold"

DTLS

(Datagram Transport Layer Security) TLS used with UDP applications, Used to encrypt CAPWAP communication

What is vlan assignment, for vlan pooling, based on (2)

- The AP fortiAP group (for network config reasons) example: AP in lobby always assigns clients to a guest vlan) -Available VLANs for network load balancing purposes (tunnel mode SSID only)

problem: when a client fails to connect to a wireless network, it can be difficult to identify if the cause is an authentication process, a configuration issue, or issue with the wireless connection solution: (2)

- create an unencrypted test network -capture a log of station connection

A new client joins 5GHz only if: (2) what happens if both of these things are true? (2)

- fortigate uses the table to check: -clients support dual band -RSSI value is strong on 5GHz -if both of the above are true fortigate ignores the clients request to join on 2.4 until client times out -client attempts to connect to same SSID on 5GHz and fortigate responds to request

How does AP handoff work (2)

- if the number of clients exceeds the maximum number of clients configured for an AP the client with the lowest RSSI value will be forced to join another AP (RSSI must meet the signal strength on the nearby AP) -if the number of clients is already at the defined threshold, new clients are redirected to join the least busy AP nearby (least busy nearby AP responds to the clients join request) Basically: If load exceeds threshold client with weakest link will be signaled to join another AP If load at max, controller signals another AP to respond to client

Source of information - Wifi Client Monitor (3)

- widgets and details client information for all clients currently connected - use to assess the client health from the AP point of view -add the Rate, MIMO, and band columns

What is the minimum signal that a voice handset requires

-68dBm

As a guide, a healthy channel noise should maintain rates of:

-92 or weaker (a higher neg number) -high -80s is OK -low -80s or -70s is BAD and indicates an interference that should be investigated with a spectrum analyzer

Tunnel mode SSID interface

-A tunneled SSID is treated as a layer interface 3 -can configure administrative access to wireless interface -must have separate DHCP and DNS setting

Managed AP topology - direct connection (5)

-Aka wire closet deployment -No switches between fortigate and FortiAP -deployment type is used where the number of fortiAPs equal the number of internal ports available on fortigate. -ideal for home or small office -no need to preconfigure AP -automatic wireless controller discovery using broadcast

What two ways are there to configure FortiAP to detect rogue APs.

-As a dedicated monitor (can assign one or both radios ) -in idle periods during AP operation (background scanning)

different EAP method/versions (5)

-Cisco LEAP (lightweight EAP) -EAP-TLS -PEAP (Protected EAP) -EAP-TTLS (EAP Tunneled TLS) EAP-SIM (EAP Subscriber Identity module)

SSID options - name some (3)

-Client limit -broadcast SSID toggle -block intra-ssid traffic

What can you configure in FortiAP cloud under configure menh

-Custom AP profile with all type of AP settings -SSID profile to configure preshared keys, WPA/WPA3 enterprise, captive portals

What settings must be enabled to enable on-wire automatic suppression (4)

-Enable rogue AP detection (WIDS) -sensor mode = foreign and home channels (WIDS) -auto-suppress rogue APs in foreground scan (WIDS) -have an AP or radio in dedicated monitor mode (foreground scanning)

What are the 3 deployment solutions/secure wireless modes offered by fortinet

-FortiOS Integrated wireless controller -fortiAP cloud management -dedicated wireless controller deployment

Fortiplanner pre deployment planning (6)

-Import floor plan -draw obstructions -select AP type -manually or auto place APs -uses ray tracing algorithms to estimate signal loss and bounce -select built in deployment scenarios such as VoIP, high priority data, or normal


Related study sets

05. tétel - Rendszerelemzés és -tervezés

View Set

A&P 2 Chapter 18 Blood Vessels Practice

View Set

ALL Ocean Practice Questions 2021

View Set

Chapter 9-13 cognitive psychology

View Set

Foundations Ch 27 Safety, Security and emergency

View Set