It appears to be the session that is cleared, so it disrupts everything that device is currently doing for several seconds until the sessions are recreated.
I can see these logs under system events:
User: from cw_acd clean active IPv4 sessions,( filter:vd:0;source ip:172.30.100.10-172.30.100.10;)
And then these logs under WiFi Events:
Client 1c:1a:df:82:7b:74 de-authenticated.
Action client-deauthentication
Reason Previous authentication no longer valid
For all devices connected to WiFi and at exactly 00:00 every day.
FortiGate is a 61E running 7.0.3 and the FortiAP is a 221E also running 7.0.3, but it has happened on all versions of 7.0.x that I can remember.
Anyone have any suggestions how to diagnose or where to look next since I am stumped?
Regards, Thomas.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello Thomas,
Have you checked if you are receiving de-authentication packets from an external source (you can do so by doing a packet capture using wireshark) ?
some one maybe trying to discover your WiFi password.
This maybe a motive of concern if you use only WPA2.
In this link you have some information how to act in case that is a DoS attack:
Best Regards.
Did you get a solution to this? I am seeing the same behavior at one of my locations
If its the same issue I had then it was a bug that was resolved in FortiOS 7.0.6 and later.
748479 | cw_acd is crashing with signal 11 and is causing APs to disconnect/rejoin. |
https://docs.fortinet.com/document/fortigate/7.0.6/fortios-release-notes/289806/resolved-issues
Hi @Montieous ,
It looks some timer is expiring somewhere.
Can you check the DHCP lease time ?
Do you use VPN to connect ?
I know your question was to Montieous, but my DHCP leases are set to 1 week / 604800 seconds. But the issue occurs daily
Hi @rphillips,
What is the version of FortiGate and FortiAP? How many FortiAP are you using? Are you noticing high CPU on the FortiGate when the issue occurs? I would suggest upgrading the FortiGate firmware version if possible.
Regards,
6.4.14 on the fortigate and APs are on 7.0.1.
We are already planning on upgrading the fortigates, so glad to hear that this should fix it.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.