It appears to be the session that is cleared, so it disrupts everything that device is currently doing for several seconds until the sessions are recreated.
I can see these logs under system events:
User: from cw_acd clean active IPv4 sessions,( filter:vd:0;source ip:172.30.100.10-172.30.100.10;)
And then these logs under WiFi Events:
Client 1c:1a:df:82:7b:74 de-authenticated.
Action client-deauthentication
Reason Previous authentication no longer valid
For all devices connected to WiFi and at exactly 00:00 every day.
FortiGate is a 61E running 7.0.3 and the FortiAP is a 221E also running 7.0.3, but it has happened on all versions of 7.0.x that I can remember.
Anyone have any suggestions how to diagnose or where to look next since I am stumped?
Regards, Thomas.
Hello Thomas,
Have you checked if you are receiving de-authentication packets from an external source (you can do so by doing a packet capture using wireshark) ?
some one maybe trying to discover your WiFi password.
This maybe a motive of concern if you use only WPA2.
In this link you have some information how to act in case that is a DoS attack:
Best Regards.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2023 Fortinet, Inc. All Rights Reserved.