Help
FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
Adolfo_Z_H
Staff
Staff

Created on ‎03-26-2024 11:11 PM Edited on ‎03-28-2024 09:39 AM

Article Id 306674

Technical Tip: Enhance recovery times for FortiAPs after disconnection from FortiGate

Description

 

This article describes how to set up manual discovery for all FortiAPs on a FortiGate to minimize downtime after disconnection.

 

Scope

 

FortiOS release v7.2, v7.4. All forti FortiAP models and versions

 

Solution

 

There are 6 discovery methods that a FortiAP can use to discover a FortiGate interface with a Security Fabric enabled access.

1(static) → 2(dhcp) → 3(dns) → 7(fortiapcloud) → 5(multicast) → 6(broadcast)

 

As per default, all FortiAP are pre-configured to use auto-discovery, it will try the sequence above until successful discovery and adoption

Per default, it will try 3 times and wait up to 5 seconds to have a response from FortiGate, and then switch to the next discovery method.

 

The fastest method is setting Static IP AC addressing on the FortiAP, but not always can be easily enforced, especially  to deploy tens or hundreds of devices.

Now from v7.2 and onwards, along with using DHCP or DNS methods, it is possible to use FortiAP configuration profile and push commands to a FortiAPafter first successfully adoption.

 

Let’s assume there is a FortiGate with a Security Fabric interface enabled, with an IP address 192.168.10.254 configured on it, it is possible to create a configuration profile that includes both AC IP address and discovery method

 

Fortigate # config wireless-controller apcfg-profile

 

Fortigate (apcfg-profile) # show

config wireless-controller apcfg-profile

    edit "static_discovery"

        set ap-family fap-u

        set ac-type specify

        set ac-timer 3

        set ac-ip 192.168.10.254

        config command-list

            edit 1

                set name "AC_IPADDR_1"

                set value "192.168.10.254"

            next

            edit 2

                set name "AC_DISCOVERY_TYPE"

                set value "1"

            next

        end

    next

end

 

It can be associated with a FortiAP profile (wtp-profile).

 

Fortigate (233G-default) # show

config wireless-controller wtp-profile

    edit "233G-Default"

        set apcfg-profile "static_discovery"

end

 

After a successful first discovery, FortiAP will receive configuration commands and wait 3 seconds to try to join the FortiGate using this config. Following reconnection times will be greatly improved from automatic or even DCHP/DNS methods.

 

Note:

Consider configure at last entry for 'AC_DISCOVERY_TYPE' because it FortiAP will apply this immediately after receiving it.

If there is a missing/wrong parameter regarding discovery type (like AC_IPADDR_1) FAP will not connect until logging directly on the device and correcting it.

 

Use this method to enforce any discovery method to use or to apply other configuration variables.

 

Related documents:

Operations Profiles Entry

FortiAP CLI configuration and diagnostics commands

Advanced WiFi controller discovery

165
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.