Sophos XG Firewall Web Interface Reference and Admin Guide v16.5

| Protect | 178

Figure 174: Add Hotspot Voucher

3. Click Save.

Rogue AP Scan

This section is applicable to Wi-Fi models only.

A Rogue Access Point (AP) is any Wi-Fi access point connected to your network without authorization. It can be a setup used by an attacker for the purpose of sniffing wireless network traffic and can be used to conduct a man-in-themiddle attack. It allows anyone with a Wi-Fi-equipped device to connect to your corporate network, leaving your IT assets wide open for the casual snooper or criminal hacker.

Device can alleviate this by recognizing rogue access points potentially attempting to gain access to your network.

General Settings

Click Schedule system-triggered scan to enable a scheduled scan to discover authorized APs and rogue APs. You can select from the pre-defined schedules or create a custom schedule from System > Profiles > Schedule.

Figure 175: General Settings

Discover Access Points

To increase the security capabilities and identify unauthorized APs, Sophos Wireless Devices provide scanning capability by which nearby APs can be discovered and an administrator can take countermeasures against the most common types of illicit wireless activity.

To manually scan for the automatic discovery of APs, click Scan Now.

All the Access Points discovered are regarded as unrecognized until they are identified as authorized or rogue . To authorize an access point, click the icon against it in the Unrecognized AP table. To mark an access point as rogue, click the icon against it in the Unrecognized AP table.

If you are scanning for the first time after enabling Wireless LAN, all the discovered APs will be listed in the

Unrecognized Access Points table. The scanning result is displayed in the form of 3 tables:

Unrecognized Access Points table

The table lists all the nearby APs discovered and displays the following information:

Channel

The radio channel used by the access point.

BSSID

The MAC Address of the radio interface of the detected access point.

SSID

The radio SSID of the access point.

Signal Strength

The strength of the detected radio signal

Security Mode

Mode for encrypting the wireless traffic

Wireless Mode

Wireless protocol

Action

Click the icon to mark the AP as an authorized AP and move it to the Authorized AP table. Click the icon to mark the AP as a rogue AP and move it to the Rogue AP table.

Figure 176: Unrecognized Access Points

Rogue Access Points table

The table lists all the APs marked as “Rogue” and displays the following information:

Channel

The radio channel used by the access point.

BSSID

The MAC Address of the radio interface of the detected access point.

SSID

The radio SSID of the access point.

Signal Strength

The strength of the detected radio signal

Security Mode

Mode for encrypting the wireless traffic

Wireless Mode

Wireless protocol

Action

Click the icon to mark the AP as an authorized AP and move it to the Authorized AP table. Click the icon to mark the AP as an unrecognized AP and move it to the Unrecognized AP table.

| Protect | 179

Figure 177: Rogue Access Points

Authorized Access Points table