Create successful ePaper yourself
Turn your PDF publications into a flip-book with our unique Google optimized e-Paper software.
What’s new in <strong>FortiOS</strong> 5.4<br />
To enable automatic authorization per-interface<br />
config system interface<br />
edit port15<br />
set auto-auth-extension-device enable<br />
end<br />
In the GUI, the Automatically authorize devices option is available when Addressing Mode is set to<br />
Dedicated to Extension Device.<br />
Control WIDS client deauthentication rate for DoS attack (285674 278771)<br />
As part of mitigating a Denial of Service (DoS) attack, the FortiGate sends deauthentication packets to unknown<br />
clients. In an aggressive attack, this deauthentication activity can prevent the processing of packets from valid<br />
clients. A new WIDS Profile option in the CLI limits the deauthentication rate.<br />
config wireless-controller wids-profile<br />
edit default<br />
set deauth-unknown-src-thresh 10<br />
end<br />
The range is 1 to 65,535 deathorizations per second. 0 means no limit. The default is 10.<br />
Prevent DHCP starvation (285521)<br />
The SSID broadcast-suppression settings in the CLI now include an option to prevent clients from depleting the<br />
DHCP address pool by making multiple requests. Add this option as follows:<br />
config wireless-controller vap<br />
edit "wifi"<br />
append broadcast-suppression dhcp-starvation<br />
end<br />
Prevent ARP Poisoning (285674)<br />
The SSID broadcast-suppression settings in the CLI now include an option to prevent clients from spoofing ARP<br />
messages. Add this option as follows:<br />
config wireless-controller vap<br />
edit "wifi"<br />
append broadcast-suppression arp-poison<br />
end<br />
Suppress all other multicast/broadcast packets (282404)<br />
The SSID broadcast-suppression field in the CLI contains several options for specific multicast and broadcast<br />
packet types. Two new options suppress multicast (mc) and broadcast (bc) packets that are not covered by any of<br />
the specific options.<br />
config wireless-controller vap<br />
edit "wifi"<br />
append broadcast-suppression all-other-mc all-other-bc<br />
end<br />
16 <strong>Deploying</strong> <strong>Wireless</strong> <strong>Networks</strong> for <strong>FortiOS</strong> 5.4<br />
Fortinet Technologies Inc.