Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Ahslan
New Contributor III

Experience with 5.4.2 firmware on FortiAPs?

Curious to see if other people are having a poor experience using the latest 5.4.2 firmware for their FortiAPs. I'm currently running this on FAP-320Cs and it's been a mess for me...clients sometimes can't connect, or if they do, the connection to the internet is horrid. I've actually gone ahead and physically replaced some of the AP's running 5.4.2 with spares that I have on 5.2.4 and they seem to be running better (although definitely too early to tell yet). Curious to see who else is out there running the latest firmware on their APs

7 REPLIES 7
wanglei_FTNT
Staff
Staff

1) Actually you can change firmware on the FAP. If you need access to earlier versions, you might need to contact support to get access to that

2) for the issue you saw on 5.4.2, can you paste wireless related configuration and also a brief description about your deployment?

 

The whole configuration might contain sensitive info. You can paste output from

show wireless-controller wtp-profile <the one you use>

show wireless-controller vap <all the VAPs you use>

 

Also, you can install a Inssider which comes with free version to quickly assess RF environment

Ahslan
New Contributor III

1) "5.4.2 does not support downgrading to previous firmware versions" according to the 5.4.2 release notes. Support is currently following up with their devs to find out if there is a way of rolling back but so far, I'm not holding my breath.

 

2)

config wireless-controller wtp-profile edit "FAP320C" config platform set type 320C end set ap-country US config radio-1 set band 802.11n,g-only set short-guard-interval enable set auto-power-level enable set auto-power-high 20 set auto-power-low 14 set darrp enable set frequency-handoff enable set vap-all disable set vaps "X" "Y" "Z" set channel "1" "6" "11" end config radio-2 set band 802.11ac set short-guard-interval enable set channel-bonding 80MHz set darrp enable set frequency-handoff enable set vap-all disable set vaps "W" "X" "Y" "Z" set channel "36" "44" "52" "60" "100" "108" "149" "157" end next end

 

And here are the configurations for each of the SSIDs we use (replaced names and encrypted passphrases):

 

FW # show wireless-controller vap X config wireless-controller vap edit "X" set vdom "root" set ssid "X" set intra-vap-privacy enable set schedule "7AM-10PM" set passphrase ENC xxxxxxx next end FW # show wireless-controller vap Y config wireless-controller vap edit "Y" set vdom "root" set ssid "Y" set schedule "always" set passphrase ENC xxxxxxx next end FW # show wireless-controller vap W config wireless-controller vap edit "W" set vdom "root" set ssid "W" set broadcast-ssid disable set schedule "always" set passphrase xxxxxxx next end FW # show wireless-controller vap Z config wireless-controller vap edit "Z" set vdom "root" set ssid "Z" set security wpa2-only-enterprise set auth radius set radius-server "radius server" set schedule "always" next end

tanr
Valued Contributor II

My experience with 5.4.2 on the FAP's has been mixed.  I'm running it on a FAP 320C and a 221C.  

 

Both work well for a while (usually about a month) but then one or the other will have a problem.

 

The problem manifests as the FAP getting into an odd mode where it is no longer broadcasting any of its SSID's, existing connections slow to a crawl, and it immediately drops any new connections, but reports itself as just fine to the FGT.  A reboot has it working again.

 

Baptiste
Contributor II

Hi,

I use a FAP221C (5.4.2 ) on FGT60E (5.4.4) in tunnel mode.

I'm using WPA2 Entreprise with FGT local account.

I had same issue (no wifi connection, no SSID appears on device), I try to turn off "Block Intra-SSID Traffic", it's a bit better but users still have disconnections

 

I just configure DARRP timers according to http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-wireless-54/wifi-arrp.htm. By default, every 30min "Through DARRP, each FortiAP unit autonomously and periodically determines the channel that is best suited for wireless communications".

config wireless-controller timers

set darrp-optimize 0

set darrp-day sunday monday tuesday wednesday thursday friday saturday

set darrp-time 03:00

end

 

Wait & see !

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
wanglei_FTNT

Thanks for posting your config here and it looks quite typical.  One thing you might want to change on 5G is to set channel bonding to 40M to match your desired channel list. 36, 44 ... is actually a 40M mode config

Also, DFS channels are used in your config. When radio detects radar nearby, it has to switch to another channel. If that channel is also DFS, it needs to wait until it can use it. This might cause some downtime on your 5G radio. 

 

If the issue is still persistent, it's probably not efficient to solve in this forum and please work with our support who can help understand and collect right logs to narrow down the issue. 

Ahslan
New Contributor III

tanr wrote:

My experience with 5.4.2 on the FAP's has been mixed.  I'm running it on a FAP 320C and a 221C.  

 

Both work well for a while (usually about a month) but then one or the other will have a problem.

 

The problem manifests as the FAP getting into an odd mode where it is no longer broadcasting any of its SSID's, existing connections slow to a crawl, and it immediately drops any new connections, but reports itself as just fine to the FGT.  A reboot has it working again.

 

Thanks so much for the suggestion...I do quite feel like an idiot for not trying to reboot the access points sooner. Last night I checked when the last time they had been rebooted was and it's been about 2 months so I gave all the offending access points a reboot. This morning I checked in on them and performance seems to be drastically better than before...it's quite annoying that now Fortinet Support wants to replicate the issue with me now that I've rebooted all them *sigh*.

 

One thing that doesn't quite add up is the fact that I brought one of the 320C's running 5.4.2 home with me to test how it would run being managed by forticloud and was not impressed at all by the wireless performance. I wasn't able to fully max out my 60mbps down connection with any of my wireless devices being 5 ft away from the access point (was using a very similar config to the one I posted above)...I think this might have been why I didn't consider rebooting sooner...maybe...

 

wanglei@fortinet.com wrote:

Thanks for posting your config here and it looks quite typical.  One thing you might want to change on 5G is to set channel bonding to 40M to match your desired channel list. 36, 44 ... is actually a 40M mode config

Also, DFS channels are used in your config. When radio detects radar nearby, it has to switch to another channel. If that channel is also DFS, it needs to wait until it can use it. This might cause some downtime on your 5G radio. 

 

If the issue is still persistent, it's probably not efficient to solve in this forum and please work with our support who can help understand and collect right logs to narrow down the issue. 

Thanks for the tweaks. Made sure to change 5G to 40M. As for having DFS channels selected for 5G, is it generally recommended to remove these channels? I'm not so sure how much radar interference there is considering the access points are located in a standard office building. Anyway, appreciate the help. Hopefully Support is able to help me move the access points back to 5.2.4 

 

Thanks again for the help

Ahslan
New Contributor III

Update: Support confirmed there is now way to downgrade the version of fortiap. Didn't really get much help at all from them in terms of improving my wireless experience (support was quick to suggest upgrading to fortiap 5.6 without realizing that you need to have a fortigate running 5.6...). So far it looks like I'm going to have to reboot the access points every week...it looks like the AP's didnt last two weeks before getting into a crappy state where the access to the internet becomes drastically slower than normal and this now seems to include the APs running on the 5.2.4 firmware...was really looking forward to using these fortiaps since we didnt have to purchase a dedicated controller for them but now I really regret getting them :'( I think the 320C model just might be an absolute dud at least from my experience.

 

Labels
Top Kudoed Authors