Controllerless Networks

 View Only
last person joined: 2 days ago 

Instant Mode - the controllerless Wi-Fi solution that's easy to set up, is loaded with security and smarts, and won't break your budget
Expand all | Collapse all

How can I track down clients are visiting websites that are Moderate Risk, Suspicious or High Risk?

This thread has been viewed 8 times
  • 1.  How can I track down clients are visiting websites that are Moderate Risk, Suspicious or High Risk?

    Posted Dec 06, 2022 10:58 AM
    I have an AP-515 network with 20 AP's. I'd like to track down the clients that are populating Applications > Visibility > Websites > Moderate Risk, Suspicious or High Risk? My network traffic is routing out of a FortiGate that is flagging the traffic as malicious but the IP address shows that it's coming from the AP IP address. I'm assuming the AP is NATTING the client traffic. Any suggestions would be greatly appreciated!


  • 2.  RE: How can I track down clients are visiting websites that are Moderate Risk, Suspicious or High Risk?

    EMPLOYEE
    Posted Dec 06, 2022 05:34 PM
    do you have Airwave or Aruba Central?
    if not then I suggest to add a access policy rule for the user role to deny and log based on your criteria
    and then check the logs to get the list or even better send the logs to your syslog.


    ------------------------------
    If my post was useful accept solution and/or give kudos.
    Any opinions expressed here are solely my own and not necessarily that of HPE or Aruba.
    ------------------------------



  • 3.  RE: How can I track down clients are visiting websites that are Moderate Risk, Suspicious or High Risk?

    Posted Dec 07, 2022 08:36 AM
    I have Central. I'll look into the above suggestion. Thanks for the response.