Rogue access point scan
A rogue access point refers to any access point connected to your network without authorization. Attackers can use rogue access points for traffic sniffing and other purposes such as man-in-the-middle attacks. You can mitigate these threats by scanning nearby access points and marking unauthorized access points as rogue access points.
Restrictions
Rogue AP scan has the following restrictions:
- It's available only on Sophos Firewall devices with integrated Wi-Fi.
- If you turn on Bridge to Ethernet for LocalWiFi0 and assign it a wireless network set to Bridge to AP LAN, Rogue AP scan only shows the nearby networks broadcasting on the same frequency band as the assigned wireless network.
Scan for rogue access points
To scan your network for unauthorized access points and mark them, do as follows.
- Go to Wireless > Rogue AP scan.
-
Under Scan results, click Scan now.
Note
Client devices are disconnected for a short time during the scan.
All detected access points appear under Unrecognized access points.
-
Take one of the following actions:
- To authorize an access point, click Mark as "authorized access point" .
- To mark an access point as a rogue access point, click Mark as "rogue access point" .
Schedule rogue access point scan
To schedule scanning for rogue access points, do as follows:
- Go to Wireless > Rogue AP scan.
- Under General settings, click Schedule system-triggered scan at.
- Select a schedule from the drop-down menu or create a new schedule.
- Click Apply.