Quarantine Authorized Device
Watchguard AP 420 & 325 running in Watchguard WiFi Cloud
Per the instructions prior to turning WIPS on, I monitored all the devices on my network and classified each AP and Client as Authorized, External, Guest etc………
Then in Discover > Configure > WIPS I followed the recommended settings for AP Auto-Classification and Client Auto-Classification.
My issue is with an HP MFP device that only connects to our network wirelessly. This device has been classified as Authorized, and connects to an Authorized AP on a secure network. When I turn WIPS on this device is labeled as Rogue and thrown into Quarantine, making it unusable. On HP’s newer MFP’s there is a Network Setting called WiFi Direct, which allows smart devices to connect and print without having to be on the network. WIPS thinks this is a MITM attack, which I understand, but even after disabling this feature and re-classifying the device as Authorized, WIPS still quarantines it.
I have pushed every button and link in both the Discover & Manage sites to solve this without any luck. Even now I still see this Event:
Authorized] client [HP23383E] is running a Soft Mobile Hotspot AP or a Windows 7 Virtual AP
Any ideas anyone?
IMHO, Watchguard has made this very confusing having two different sites (Discover & Manage) to administer your wireless network. Once can turn WIPS on and off in both sites, Classify AP’s and Clients in both sites, monitor events and security alerts in both sites and more. Does one site take precedence over the other?
It's usually something simple.