Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
sdash_FTNT
Staff
Staff

Created on ‎01-07-2015 10:10 AM Edited on ‎02-05-2024 02:51 AM By Moderator

Article Id 191840

Technical Tip: How to enable and disable broadcast of SSID

Description

 
This article describes the steps to enable and disable the broadcast of SSID of the access points. Broadcasting the SSID enables clients to connect to a wireless network without first knowing the SSID.

Sometimes it may be required to disable the broadcast of the SSID of a wireless unit or to hide the SSID of the wireless in the FortiWiFi or the FortiAP which connects to the FortiGate unit.


Scope

 
FortiGate, FortiWiFi, FortiAP.


Solution

 
For some environments, it may be necessary to disable the broadcast SSID (Service Set Identifier) which is shared by all users in the wireless network or to hide the SSID from an unknown attack in FortiGate v5.0 and above.  The following CLI command can be used to turn on or off the SSID broadcasting.
 
config wireless-controller vap
    edit <vap_name>
        set broadcast-ssid {enable | disable}
    next
end
 
where: <vap_name> is the name for this Virtual Access Point.

For example:
 
FGT # config wireless-controller vap
FGT (vap) # edit TAC24AP <vap_name>
FGT (TAC24AP) # set broadcast-ssid disable  ---> Disable to hide the SSID. It will be enabled by default.
FGT (TAC24AP) # end
 
Enabling broadcast will allow users to see the SSID when scanning the network for wireless connection. Broadcasting the SSID enables clients to connect to the wireless network without first knowing the SSID.  For better security, do not broadcast the SSID.

Disabling the same will stop broadcasting the SSID. This does not mean that users cannot connect to that SSID. A user who knows the SSID name and the password will still be able to join if they try to enter the SSID details manually on the client machine.

By disabling the SSID broadcast the client will not be able to detect the SSID by scanning the wireless network.

The above commands will work regardless of the traffic mode or even if the VAP is part of a software switch wherein the wireless is bridged with the local LAN network.

Note: The same can also be done from GUI under WiFi & Switch Controller -> SSID, but the broadcast SSID option will only be available if the traffic mode is ‘tunnel’.  If the traffic mode is ‘Local Bridge’ it will have to be enabled/disabled from the CLI.  By default, SSID broadcast is enabled.
21946
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.