RF Signature Anomalies Prevention was AXed!!!!
WEPGuard — means you can also prevent authorized clients with anomalies in their RF signature from connecting to an authorized AP. These RF anomalies can indicate the client is spoofing an authorized inactive client MAC address to gain access to the AP.
I find it hard to understand why a function as important as RF signature anomalies Detection and Prevention was taken out of the Threat Prevention Configuration. I went back through Client Auto-classification as well as the Intrusion Prevention tab located under Configuration to see if there was another way of preventing spoofed clients from joining Authorized AP. To the best of my understanding, there is no setting or configuration that can prevent spoofed clients. I understand the implementation of the marker packet technology and how it is utilized in the WIPS function of the AP. However, if I cannot dictate or control spoofed clients autonomously what's the point of WatchGuard's WIPS as a Threat Prevention Sensor.
By taking out the RF Signature Anomalies under WEPGuard, I have no access to reset clients RF Signature without deleting them.
I understand that WEP itself is an out of date encryption standard, and having that option removed makes sense. To remove the only option to prevent spoofed clients however does not make sense. Can you please help me understand how Watchguard can protect and prevent all my clients from spoofed malicious attacks.