Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Montieous
New Contributor

Clients briefly disconnected from WiFi at exactly 00:00 every night.

It appears to be the session that is cleared, so it disrupts everything that device is currently doing for several seconds until the sessions are recreated.

 

I can see these logs under system events:

User: from cw_acd clean active IPv4 sessions,( filter:vd:0;source ip:172.30.100.10-172.30.100.10;)

 

And then these logs under WiFi Events:

Client 1c:1a:df:82:7b:74 de-authenticated.

Action client-deauthentication
Reason Previous authentication no longer valid

 

For all devices connected to WiFi and at exactly 00:00 every day.

 

FortiGate is a 61E running 7.0.3 and the FortiAP is a 221E also running 7.0.3, but it has happened on all versions of 7.0.x that I can remember.

 

Anyone have any suggestions how to diagnose or where to look next since I am stumped?

 

Regards, Thomas.

 

7 REPLIES 7
Vando_Pereira

Hello Thomas,

 

Have you checked if you are receiving de-authentication packets from an external source (you can do so by doing a packet capture using wireshark) ?

some one maybe trying to discover your WiFi password.

 

This maybe a motive of concern if you use only WPA2.

 

In this link you have some information how to act in case that is a DoS attack:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/961129/wireless-intrusion-detection-syst...

 

Best Regards.

As you think, so shall you become.
rphillips
New Contributor

Did you get a solution to this?  I am seeing the same behavior at one of my locations

Montieous

If its the same issue I had then it was a bug that was resolved in FortiOS 7.0.6 and later.

 

748479

cw_acd is crashing with signal 11 and is causing APs to disconnect/rejoin.

 

https://docs.fortinet.com/document/fortigate/7.0.6/fortios-release-notes/289806/resolved-issues

dbu
Staff
Staff

Hi @Montieous ,

It looks some timer is expiring somewhere. 

Can you check the DHCP lease time ?

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-add-unique-DHCP-lease-time-for-spec...

Do you use VPN to connect ?

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
rphillips
New Contributor

I know your question was to Montieous, but my DHCP leases are set to 1 week / 604800 seconds.  But the issue occurs daily

hbac

Hi @rphillips,

 

What is the version of FortiGate and FortiAP? How many FortiAP are you using? Are you noticing high CPU on the FortiGate when the issue occurs? I would suggest upgrading the FortiGate firmware version if possible. 

 

Regards, 

rphillips
New Contributor

6.4.14 on the fortigate and APs are on 7.0.1.

We are already planning on upgrading the fortigates, so glad to hear that this should fix it.

Labels
Top Kudoed Authors