Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Clients briefly disconnected from WiFi at exactly 00:00 every night.

It appears to be the session that is cleared, so it disrupts everything that device is currently doing for several seconds until the sessions are recreated.


I can see these logs under system events:

User: from cw_acd clean active IPv4 sessions,( filter:vd:0;source ip:;)


And then these logs under WiFi Events:

Client 1c:1a:df:82:7b:74 de-authenticated.

Action client-deauthentication
Reason Previous authentication no longer valid


For all devices connected to WiFi and at exactly 00:00 every day.


FortiGate is a 61E running 7.0.3 and the FortiAP is a 221E also running 7.0.3, but it has happened on all versions of 7.0.x that I can remember.


Anyone have any suggestions how to diagnose or where to look next since I am stumped?


Regards, Thomas.



Hello Thomas,


Have you checked if you are receiving de-authentication packets from an external source (you can do so by doing a packet capture using wireshark) ?

some one maybe trying to discover your WiFi password.


This maybe a motive of concern if you use only WPA2.


In this link you have some information how to act in case that is a DoS attack:


Best Regards.

As you think, so shall you become.