5.2 firmware for AP' s

What version is your FortiGate running? If you upgrade your FortiGate to 5.2 then I would recommend upgrading the FortiAPs to 5.2 also. The 5.2 release notes for the APs can be found here: http://docs.fortinet.com/uploaded/files/1978/fortiap-5.2.0-release-notes.pdf The main new features are: • 802.11ac support (FAP-320C and FAP-221C) • Split-tunneling and NAT in tunnel-mode SSIDs • Selective band combinations in 802.11b/g/n and 802.11a/n/ac • Spectrum analysis on FAP-14C, 28C,221B, 223B, 320B, 221C and 320C • Improved DTLS-encryption CAPWAP-data throughput in FAP kernel data path • Improved multicast and broadcast control • DFS channels added to FAP-320B-E, FAP-320C-E, FAP-221C-E (European Union)

As neonbit suggested, it is very important that you match the FortiAP major version with the FortiOS major version. It may " work" with FortiAP on 5.0 and FortiGate on 5.2 but it is unsupported and there may be issues. For your AP, please look for the following file. You can get it by going to support.fortinet.com and going to Download section for FortiAP. FAP_221B-v5.2.0-b0212-fortinet.out Load this, and then please ensure it is working as expected. Cheers!

i have been having issues where the APs (5 units total) are ALL losing connectivity at once with the Fortigate and it has been recommended by a fortinet engineer to downgrade the firmware to 5.0 even tho my fortigate is on 5.2. we did a packet trace and found the CAPWAP traffic was not flowing consistently. by design the AP has to check in every 30 seconds or something similar or else they drop connection. can anyone confirm what this timeout would be? and is it possible to increase it?

The timers can be adjusted here: config wireless-controller timers However not sure your issue is a timer issue.... if CAPWAP is not flowing consistently then you' ll have problems (especially with tunnel mode SSIDs) regardless of timeout. Do you have DOS policies on the port the APs are connected to?

No DOS policies and the APs are all connected to downstream DELL PowerConnect PoE switches. FGT100D # config wireless-controller timers FGT100D (timers) # get echo-interval : 30 discovery-interval : 5 client-idle-timeout : 300 rogue-ap-log : 0 fake-ap-log : 1 darrp-wtp-tune : 3 darrp-optimize : 1800 FGT100D (timers) # Also on another note, if i enable telnet the AP crashes . reboots . then telnet goes back to being unchecked. seems like a bug. have you seen this before?

For telnet you should set that on the wtp setting in the Fortigate config wireless-controller wtp edit FP221Bxxxxx set login-enable enable end You' ll need to do that for each one... then you should be able to telnet to each FAP when they are connected to the Fortigate. If they are crashing then open a support ticket... they will want to see the output from the FAP: cw_diag kernel-panic

I also having the exact issues with my 200D +221B' s ( All are running on 5.2) It' s getting disconnected from the controller at least once in a two days with a " control message retransmission limit reached " log. So is it running fine on 5.0.X ?

For 11n FortiAPs, 5.0 releases are more stable. The only difference between 5.0 and 5.2 is that 5.2 can support 11ac FortiAP. For other features, they are same.

it has been recommended by a fortinet engineer to downgrade the firmware to 5.0

Hi Can you please provide the exact version? I am having recurring issues with 5.2 :(