Configure Trusted Access Points in ThreatSync

Applies To: ThreatSync

The Trusted Access Points page shows a list of MAC addresses of access points trusted by ThreatSync. When you trust an access point MAC address with ThreatSync, the device will not generate incident alerts for Rogue and Evil Twin detections.

These WatchGuard devices are automatically identified as trusted access points by the Airspace Monitoring feature, and do not appear in the Trusted Access Points list:

WatchGuard access points managed by WatchGuard Cloud in the same account
Wireless Fireboxes managed by WatchGuard Cloud in the same account

You can add the MAC addresses of devices on your network that you consider as managed, trusted devices to the Trusted Access Points list if the device generates incident alerts in ThreatSync.

For example, these devices might be detected as Rogue, Suspected Rogue, or Evil Twin access points:

Wi-Fi 5 access points managed by WatchGuard Wi-Fi Cloud or a Gateway Wireless Controller on a Firebox
Wireless Fireboxes not managed by WatchGuard Cloud
Third-party access points connected to your network or operating in your airspace

Do not trust detected Rogue or Evil Twin access points that you do not recognize as known devices on your network or in your airspace.

Add Devices to the Trusted Access Points List

As you review incident details and monitor threats, you might decide to trust one or more known, managed access points that were detected as a malicious access point and blocked by a ThreatSync automation policy or manual remediation of an incident.

To trust an access point from the ThreatSync incident details page:

Log in to your WatchGuard Cloud account.

For Service Provider accounts, from Account Manager, select My Account.
Select Monitor > Threats > Incidents.
The Incidents page opens.
Select a Malicious Access Point incident.
From the Threat Details - Automatic Response section of the incident, click .

Screenshot of the Incident Details page for an incident with the Trust Access Point dialog box

If this is a known access point in your deployment, and you do not want the device to be detected as a malicious access point again, click Trust Access Point.
Click Trust Access Point to confirm.
The device is added to the Trusted Access Points list.
Caution: Make sure this is a known access point on your network. If this is a malicious access point and you trust it, ThreatSync no longer creates incident alerts on the device's actions.

View Trusted Access Points in ThreatSync

To view your list of access point MAC addresses that are trusted by ThreatSync:

Log in to your WatchGuard Cloud account.

For Service Provider accounts, from Account Manager, select My Account.
Select Configure > ThreatSync > Trusted Access Points.
The Trusted Access Points page opens.

Screenshot of the Trusted Access Points ThreatSync page in WatchGuard Cloud

The Trusted Access Points page shows these details:

Trusted MAC Addresses — The MAC address of the trusted access point.
Threat Type — The detected threat type of the access point.
For example:
Malicious Access Point - Rogue Access Point
Malicious Access Point - Suspected Rogue Access Point
Malicious Access Point - Evil Twin
Trusted By — The user name or automation policy name that trusted the access point.
Time Stamp — The date and time the access point was trusted.

Stop Trusting an Access Point

You can stop trusting an access point from the Trusted Access Points list or from the Incident Details page for a malicious access point detection.

Configure Trusted Access Points in ThreatSync

Add Devices to the Trusted Access Points List

View Trusted Access Points in ThreatSync

Stop Trusting an Access Point

Related Topics