Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
JensG
New Contributor II

FortiAP - Apple Devices WiFi handoff issues

Hi,

 

I have issues with iPhones, iPads and MacBooks loosing WiFi connection when moving to another room.

The devices try to keep/establish the connection and it seems they are trying to change the AP but are not able to do so. They are switching between full WiFi power and just one dot in the WiFi sign.

Manually switching off WLAN in the devices and switching it on again after a while does not help.

When I reboot the device it connects immediately and all is fine until I move into another room. 

 

Handoff is switched on, both frequency and AP.

 

I am using FortiAP 231F and 23JF and FGT60F, all first with v6.4.7 and now v7.0.3, having AP versions respectively. No difference whether v6 or v7 is used.

 

The Apple devices are newer and older ones, and different models, all with OS versions up to date (iOS 15.1.1, iPadOS 15.1, macOS 12.0.1)

 

Has someone else seen similar issues?

Any ideas?

 

Thank you,

Jens

14 REPLIES 14
jkassner
New Contributor II

Quick update...

 

Same Apple Devices, same Radio/VAP config except using WPA3 Enterprise (local Raius / FGT User ) work fine.... 

 

So there´s a flaw in the WPA3 SAE/SAE Transition on the FortiAP 231F (7.0.2)

______________________________________________________
Have you tried turning diag deb off and on again :D
______________________________________________________Have you tried turning diag deb off and on again :D
JensG
New Contributor II

Today I had a session with the Fortinet engineer who is working on my ticket.

He asked me to change from WPA3 SAE Transition to WPA2 for the moment and disable PMF setting inside the SSID settings (CLI).

 

He confirmed there is a bug identified with 231F in current firmware version regarding WPA3 SAE Transition and pmf setting enabled.

 

Seems you were on the right track.

 

We verify now, whether connection stays stable for all devices. If this is proofed and they once fixes the bug, I should switch back to WPA3 Transition.

jkassner
New Contributor II

Update from my side.

 

WPA3 Enterprise (PMF mandatory) also shows the issue.

So JensG seems to be on Point with the PMF.

But it seems to be happening on WPA3, WPA3 Transition and WPA3 Enterprise.

Makes sense, because these are all using PMF (Mandatory or optional)

______________________________________________________
Have you tried turning diag deb off and on again :D
______________________________________________________Have you tried turning diag deb off and on again :D
ThomK
New Contributor

Yes, we have the similar issues with all mobile devices - especially since we have connected the FortiAPs (U321E) directly to the FortiGate (before we used a FortiWLC device, which isn´t supported by Fortinet anymore).

 

Actually we haven´t any solution for this, but my coworkers tell me, that the problem is really annoying, because the devices often don´t signalize calls (Teams) or other office apps don't get recent changes (i. e. email, teams chats). 

 

On the one hand, my employees  (=customers) are not satisfied and on my side, the many requests and complaints tie up my time and mind...

 

Maybe it´s time to search for another working solution from another producer?

xsilver_FTNT
Staff
Staff

Hi,

not sure which FortiOS each of you runs. But there is few improvements in various stages of completeness into WPA3.

Just curious .. have you tried to disable "voice-enterprise" in profiles and had it any impact?

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

Labels
Top Kudoed Authors