Skip to content
The XG Series hardware appliances will reach end-of-life (EOL) on March 31, 2025. Click here to see the XG to XGS migration documentation.

Rogue access point scan

A rogue access point refers to any access point connected to your network without authorization. Attackers can use rogue access points for traffic sniffing and other purposes such as man-in-the-middle attacks. You can mitigate these threats by scanning nearby access points and marking unauthorized access points as rogue access points.

Restrictions

Rogue AP scan has the following restrictions:

  • It's available only on Sophos Firewall devices with integrated Wi-Fi.
  • If you turn on Bridge to Ethernet for LocalWiFi0 and assign it a wireless network set to Bridge to AP LAN, Rogue AP scan only shows the nearby networks broadcasting on the same frequency band as the assigned wireless network.

Scan for rogue access points

To scan your network for unauthorized access points and mark them, do as follows.

  1. Go to Wireless > Rogue AP scan.
  2. Under Scan results, click Scan now.

    Note

    Client devices are disconnected for a short time during the scan.

    All detected access points appear under Unrecognized access points.

  3. Take one of the following actions:

    • To authorize an access point, click Mark as "authorized access point" Button for authorizing access points..
    • To mark an access point as a rogue access point, click Mark as "rogue access point" Button for authorizing access points..

Schedule rogue access point scan

To schedule scanning for rogue access points, do as follows:

  1. Go to Wireless > Rogue AP scan.
  2. Under General settings, click Schedule system-triggered scan at.
  3. Select a schedule from the drop-down menu or create a new schedule.
  4. Click Apply.