FortiAP - Apple Devices WiFi handoff issues

After testing around a bit it seems, that at least my MacBook Pro is able to roam around in the building and gets a handoff from one AP to the other.

So, maybe it is not related to handoff?

Is this possibly related to devices gone to kind of hibernation mode and then being activated in the area of a different AP? 

I forgot to tell: I am using WPA 3 Transition with 2.4 GHz and 5 GHz for the WLAN.

I have similar issues between fortiap and fortiwifi.  In my office i connect to fortiap and when i move to the area with the fortiwifi, the ssid just disconnects.  I can connect manually to the fortiwifi.  If i drift away from the fortiap and return, i am still disconnected.  using updated iphone and it happens to others on an iphone as well.  i have read that roaming is a function of the client and see that others have issues on apple devices. but the cox panoramic wifi from before didnt have these issues with not reconnecting to the ssid when in range.

Hello,
I also have this problem with iPhones, but only using WPA3 (SAE in my case). I have no problem using the same devices with WPA2.

Hello @fl3aflikr & @abitschine , thanks for your response. Good to know I am not the only one with this issue. Has one of you contacted Fortinet Support regarding your issues? I have opened a ticket with them. 

I have another SSID with WPA2 only and there are no issues at all. Although I have to say, that I don‘t use any iPhones, iPads or MacBooks in that WPA2 WLAN.

Hi Jens,

Roaming/Handoff works fine here with:

config wireless-controller vap

    edit „WIFI“

        set ssid „SSID“

        set security wpa3-sae-transition

        set pmf optional

        set mbo enable

        set voice-enterprise enable

        set neighbor-report-dual-band enable

        set fast-bss-transition enable

        set local-bridging enable

        set schedule "always"

        set qos-profile "WMM"

    next

end

but most of the time Apple devices will drop to 6 MBit/s TX Rate after roaming, which makes the connection unusable. (Enable TX Rate RX Rate in the Wifi Client Monitor and check)

81E on 7.0.3, 231F on 7.0.2

Quick update...

Same Apple Devices, same Radio/VAP config except using WPA3 Enterprise (local Raius / FGT User ) work fine.... 

So there´s a flaw in the WPA3 SAE/SAE Transition on the FortiAP 231F (7.0.2)

Today I had a session with the Fortinet engineer who is working on my ticket.

He asked me to change from WPA3 SAE Transition to WPA2 for the moment and disable PMF setting inside the SSID settings (CLI).

He confirmed there is a bug identified with 231F in current firmware version regarding WPA3 SAE Transition and pmf setting enabled.

Seems you were on the right track.

We verify now, whether connection stays stable for all devices. If this is proofed and they once fixes the bug, I should switch back to WPA3 Transition.

Update from my side.

WPA3 Enterprise (PMF mandatory) also shows the issue.

So JensG seems to be on Point with the PMF.

But it seems to be happening on WPA3, WPA3 Transition and WPA3 Enterprise.

Makes sense, because these are all using PMF (Mandatory or optional)