Configure Alerts

An alert notifies you of an event that impacts your Wi-Fi network. You can customize the thresholds for each type of event that generates alerts. Wi-Fi Cloud organizes alerts into these categories:

  • WiFi — Wi-Fi alerts capture network connectivity and performance events such as client authentication failures and high latencies to services.
  • System — System alerts are for events related to the overall health of Wi-Fi Cloud communications, for example, when an AP is disconnected from the network.
  • WIPS — WIPS alerts are related to Wi-Fi vulnerabilities and attacks that can pose a security threat to your network.

For a full list of alerts that can appear, see List of Wi-Fi Cloud Events and Alerts.

Alerts are location specific. By default, alerts are enabled at all locations. An alert defined at a location is inherited by its subfolder locations. You can customize the alert configuration at a subfolder location or disable alerts for a location.

You can configure how long to store alerts before the alert is automatically deleted. You can store alerts for a maximum of 30 days. Select Configure > Alerts, then click Auto Deletion on the top-right corner of the screen. Select the number of days after which to automatically delete alerts.

Alert Notification Types

There are three methods for alert notification in Discover:

  • Email — Recipients configured in the Email Recipients tab of the Alerts configuration page receive an email about the alert. You can send alert emails to an administrator account, or you can use automatic email ticketing services in Professional Service Automation (PSA) tools such as ConnectWise, Autotask, and Tigerpaw. For more information, see Use Wi-Fi Cloud Discover email alerts with PSA tools.
  • Display — The alert appears on the Monitor > Alerts page and on the respective widgets in Discover.
  • Syslog — Discover sends alert events to the syslog servers configured in System > Third-party Servers > Syslog.

Alert Security Status

You can also set the Security Status for alerts. For WIPS and System events, select the Affects Security Status option to enable an alert to change the security status of a device location.

In the location navigator, you can view the security status of a location by the color code:

  • Red — Indicates a location with a live security alert to indicate a vulnerable device.
  • Green — Indicates no live security alerts for that location.

To view the security status in the location navigator:

Select Show Status > Security Status for the top-level location folder.

Add an Alert

You can add custom alerts in the WiFi section. WIPS and System alerts contain a set of predefined alerts that you can enable or customize.

To add an alert:

  1. Select Configure > Alerts.
  2. From the Navigator, select the location where you want to configure the alert.
  3. In the Select Alert Category section, select the category of the alert you want to configure. For more information about each category, see Alert Categories.
  4. In the WiFi section, you can click Add WiFi Alert to create a new custom alert. You cannot create custom WIPS or System alerts.
    You can also select an existing alert to edit the alert configuration.
  5. Configure the thresholds that will generate an alert. For more information, see Configure Alerts.
  6. To specify the alert notification methods, select the Email, Display, or Syslog check boxes.
  7. To change the security status for the affected device location, select the Affects Security Status check box.
  8. Click Save.

Screen shot of the Alerts configuration page in Discover

Alert Categories

Discover supports alerts for WiFi, System, and WIPS events.


  • Connectivity — Connectivity alerts are generated when connectivity failures exceed a configured threshold. Connectivity alerts include:
    • Connection Failure — An alert is generated when the number of client connectivity failures in the authentication, association, or network connection stages exceeds the configured threshold.
    • Associated Clients — An alert is generated when the number of clients associated to an AP radio exceeds the configured threshold.
  • Performance — One of the factors used to measure the performance of your network is the average latency time for AAA (authentication), DHCP, DNS, and applications. Performance alerts are generated when the average latency exceeds the configured latency threshold for each service.
  • Baseline — Baseline alerts are related to the performance of your network. Alerts are generated when specific thresholds for baseline events are exceeded.
  • Client Connectivity Test — You can configure alerts to notify you when a scheduled client connectivity test fails to start.


  • Server — Server alerts are generated based on database log status, AP connection limits, or when Wi-Fi Cloud cannot reach an AP for a specified period.
  • AP/Sensor — AP/Sensor alerts are generated by an issue with a device's connectivity status, security status, or firmware update status.


  • Rogue AP — Alerts for any potentially rogue APs. For example, an unauthorized AP connected to the enterprise wired network, a banned AP, or an AP operating on channels that are not allowed.
  • Misconfigured AP — Alerts for any AP behavior that deviates from the authorized Wi-Fi policy. For example, a change to an SSID for an authorized AP, or no encryption on an authorized AP.
  • Misbehaving Clients — Alerts for any client behavior that could compromise network security. For example, authorized client association with an external AP or unauthorized client association with an authorized AP.
  • Man-in-the-middle — Alerts for potential man-in-the-middle attacks. For example, Honeypot/Evil Twin active, or a PS-poll attack.
  • MAC Spoofing — Alerts for AP and client MAC spoofing.
  • Ad-hoc Network — Alerts for an authorized client connected to an ad-hoc network.
  • Prevention — Intrusion prevention alerts. For example, device reached maximum prevention capacity, or AP/client needs to be prevented.
  • DoS — Alerts for potential DoS attacks. For example, disassociation flood attacks and deauthentication flood attacks.

Configure Alerts

You can configure alerts for each alert category type: