Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Montieous
New Contributor

Clients briefly disconnected from WiFi at exactly 00:00 every night.

It appears to be the session that is cleared, so it disrupts everything that device is currently doing for several seconds until the sessions are recreated.

 

I can see these logs under system events:

User: from cw_acd clean active IPv4 sessions,( filter:vd:0;source ip:172.30.100.10-172.30.100.10;)

 

And then these logs under WiFi Events:

Client 1c:1a:df:82:7b:74 de-authenticated.

Action client-deauthentication
Reason Previous authentication no longer valid

 

For all devices connected to WiFi and at exactly 00:00 every day.

 

FortiGate is a 61E running 7.0.3 and the FortiAP is a 221E also running 7.0.3, but it has happened on all versions of 7.0.x that I can remember.

 

Anyone have any suggestions how to diagnose or where to look next since I am stumped?

 

Regards, Thomas.

 

1 REPLY 1
Vando_Pereira

Hello Thomas,

 

Have you checked if you are receiving de-authentication packets from an external source (you can do so by doing a packet capture using wireshark) ?

some one maybe trying to discover your WiFi password.

 

This maybe a motive of concern if you use only WPA2.

 

In this link you have some information how to act in case that is a DoS attack:

https://docs.fortinet.com/document/fortigate/6.0.0/handbook/961129/wireless-intrusion-detection-syst...

 

Best Regards.

As you think, so shall you become.