Hi,
I'm currently running an A/P cluster with 2 x 100D, on v6.0.6.
SSID are setup on tunnel mode.
If I reboot active FGT, all FortiAP are seen offline for 10/15 minutes
I found this doc for a fast failover for integrated Wifi controler
But in a cluster, there's just a single shared interface with capwap enable.
I know I can add a dedicated inerface on each FGT : is it a good way to enable resiliency for wifi controler ?
Thanks !
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I was skeptical about your outcome so I tested the same with our office 60Es in HA A-P cluster with four FAPs. After swapping over, I could get connected to one of tunnel mode SSIDs within 2-3 min (internet path took that long to recover) and confirmed all of them are "online" (took me another minute or two to get on the GUI since our RADIUS servers are not local). Definitely much less than 10-15 min.
Is your HA operation normal? Are they in sync (What's in "get sys ha status")? I suspect something is wrong with HA.
Thanks for your hint.
There is some errors when slave become master, it's "out of sync"...
Reboot slave, everything came back (ha sync, FAP online).
I change HA to A-A, there's no more error on sync if I reboot a device.
But my FAP are still connected to old "master" (Discovered AC point tothe device that have been rebooted)
I remember I did theses tuning :
# config wireless-controller global # set max-retransmit 3 <<<< default - please input integer value (0-64) ---> increase to 25 # config wireless-controller timers # set echo-interval <1-255> ---> increase to 100 # end
This can be the reason why it may takes more time to switch to the new master... ???
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
The adjustment is not a problem itself. Instead you have a problem causing the FGT having hard time communicating with FAPs. You need to find & fix that problem(s). Maybe on the cable that might be aggregated, or have multiple APs with mesh (no wire) with long distance, or else.
Make sure the FortiGate interface has the correct settings in the advanced settings to set the wireless controller:
Clearly it must be the gateway of the FortiAP subnet. Alternatively, these steps are required on the DHCP Server:
Campus WLAN Deployment Guide | FortiAP / FortiWiFi 7.0.0 | Fortinet Documentation Library
ac1
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1502 | |
1011 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.