From 573cee64bb8471c5d7d736a89baae3b23851e6e6 Mon Sep 17 00:00:00 2001
From: John Poland <jdpoland@gmail.com>
Date: Wed, 15 Oct 2025 20:27:19 -0400
Subject: [PATCH] fortigate/vdom_scsd/wireless-controller.cfg Wed Oct 15
 08:27:19 PM EDT 2025

---
 .../vdom_scsd/wireless-controller.cfg         | 43 +++++++++++++++++++
 1 file changed, 43 insertions(+)
 create mode 100644 configs/fortigate/vdom_scsd/wireless-controller.cfg

diff --git a/configs/fortigate/vdom_scsd/wireless-controller.cfg b/configs/fortigate/vdom_scsd/wireless-controller.cfg
new file mode 100644
index 0000000..c084220
--- /dev/null
+++ b/configs/fortigate/vdom_scsd/wireless-controller.cfg
@@ -0,0 +1,43 @@
+config wireless-controller setting
+    set darrp-optimize-schedules "default-darrp-optimize"
+end
+config wireless-controller arrp-profile
+    edit "arrp-default"
+    next
+end
+config wireless-controller wids-profile
+    edit "default"
+        set comment "Default WIDS profile."
+        set ap-scan enable
+        set ap-bgscan-intv 1
+        set ap-bgscan-duration 20
+        set ap-bgscan-idle 0
+        set wireless-bridge enable
+        set deauth-broadcast enable
+        set null-ssid-probe-resp enable
+        set long-duration-attack enable
+        set invalid-mac-oui enable
+        set weak-wep-iv enable
+        set auth-frame-flood enable
+        set assoc-frame-flood enable
+        set spoofed-deauth enable
+        set asleap-attack enable
+        set eapol-start-flood enable
+        set eapol-logoff-flood enable
+        set eapol-succ-flood enable
+        set eapol-fail-flood enable
+        set eapol-pre-succ-flood enable
+        set eapol-pre-fail-flood enable
+    next
+    edit "default-wids-apscan-enabled"
+        set ap-scan enable
+        set ap-bgscan-intv 1
+        set ap-bgscan-duration 20
+        set ap-bgscan-idle 0
+    next
+end
+config wireless-controller ble-profile
+    edit "fortiap-discovery"
+        set advertising ibeacon eddystone-uid eddystone-url
+    next
+end