- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Clients briefly disconnected from WiFi at exactly 00:00 every night.
It appears to be the session that is cleared, so it disrupts everything that device is currently doing for several seconds until the sessions are recreated.
I can see these logs under system events:
User: from cw_acd clean active IPv4 sessions,( filter:vd:0;source ip:172.30.100.10-172.30.100.10;)
And then these logs under WiFi Events:
Client 1c:1a:df:82:7b:74 de-authenticated.
Action client-deauthentication
Reason Previous authentication no longer valid
For all devices connected to WiFi and at exactly 00:00 every day.
FortiGate is a 61E running 7.0.3 and the FortiAP is a 221E also running 7.0.3, but it has happened on all versions of 7.0.x that I can remember.
Anyone have any suggestions how to diagnose or where to look next since I am stumped?
Regards, Thomas.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Thomas,
Have you checked if you are receiving de-authentication packets from an external source (you can do so by doing a packet capture using wireshark) ?
some one maybe trying to discover your WiFi password.
This maybe a motive of concern if you use only WPA2.
In this link you have some information how to act in case that is a DoS attack:
Best Regards.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Did you get a solution to this? I am seeing the same behavior at one of my locations
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If its the same issue I had then it was a bug that was resolved in FortiOS 7.0.6 and later.
748479 | cw_acd is crashing with signal 11 and is causing APs to disconnect/rejoin. |
https://docs.fortinet.com/document/fortigate/7.0.6/fortios-release-notes/289806/resolved-issues
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @Montieous ,
It looks some timer is expiring somewhere.
Can you check the DHCP lease time ?
Do you use VPN to connect ?
If you have found a solution, please like and accept it to make it easily accessible for others.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I know your question was to Montieous, but my DHCP leases are set to 1 week / 604800 seconds. But the issue occurs daily
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @rphillips,
What is the version of FortiGate and FortiAP? How many FortiAP are you using? Are you noticing high CPU on the FortiGate when the issue occurs? I would suggest upgrading the FortiGate firmware version if possible.
Regards,
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
6.4.14 on the fortigate and APs are on 7.0.1.
We are already planning on upgrading the fortigates, so glad to hear that this should fix it.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, sorry to wake up this old thread here, but I am experiencing a similar issue.
Clients in our office will experience random internet connection drop out. Devices are still connected to the network, either via WIFI or LAN, but they become unable to access the internet.
After some time, clients will become able to access the internet again, and this will be followed up by a HUGE CPU peak and session count PEAK in the Fortigate. I can also see events such as
"User: from cw_acd clean active IPv4 sessions,( filter:vd:0;source ip:172.30.100.10-172.30.100.10;)"
We're running FortiOS 7.0.15 and FortiAP 7.0.0 on our FAP-431F.
Any clues? Thanks for the help.