Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Connected to AP but no internet connection
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Connected to AP but no internet connection
Hope someone can help me out with this issue. client are connected to the AP but no internet connection Icon on mobile showing with exclamation mark
Icon on computer showing yellow triangle
Issue is, it is connected for some time then suddenly lose internet connection and then after some time will be gain internet access again. or if you disconnect and connect again you will gain internet access again.
there is a DNS server installed on one of the site DC. main DC is in another country.
DNS setup is
DNS1: ISP DNS
DNS2: DNS server IP
i will be attaching full configuration.
Setup
AP1:
Radio 2.4: channel 1,11
Radio 5.0: channel 36
Frequency Hand off: disable
AP Hand off: disable
Darrp: disable
SSID: wifi1,guest1
AP2:
Radio 2.4: channel 6
Radio 5.0: channel 40,48
Frequency Hand off: disable
AP Hand off: disable
Darrp: disable
SSID: wifi2,guest2
AP3:
Radio 2.4: channel 1,11
Radio 5.0: channel 44
Frequency Hand off: disable
AP Hand off: disable
Darrp: disable
SSID: wifi1,guest1
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
- « Previous
- Next »
28 REPLIES 28
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
deanshomer wrote:Having the same issues with clients disconnecting randomly. We have to reboot the APs every few hours to force client resets which is obviously less than ideal. Using FortiAP 221E in tunnel mode to Fortigate wifi controller. I have a support case opened with no resolution but will post back if anything comes from it.
Update: Found out that the CAPWAP packets were getting fragmented due to the tunneling over and IPSEC connection back to the controller. The solution for this particular problem is to adjust the tunnel MTU on the AP profile in order to avoid CAPWAP fragmentation.
I have the same issue, would be interesting if you could post how you discovered the CAPWAP fragmentation? and what you adjusted the MTU too.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Basically stumbled upon the fragmentation issue while performing packet captures on an intermediate IPSEC router. I found packet fragmentation on the tunnel with the source IP of the AP. Once I realized that the already encapsulated CAPWAP packets were being fragmented due to tunnel MTU, I began to adjust the MTU on the AP profile so that the encapsulated packets would fit in the IPSEC tunnel. Started at 1450 and ended up at around 1400. You could also start low (1300) and work your way up until you start seeing fragmentation and then go back some.
This is only a fix if you have your AP in tunneled mode back to the wireless controller with an IPSEC tunnel in between. The tunneled CAPWAP packets need to fit in the IPSEC tunnel MTU to avoid fragmentation. The Fortigate wireless controllers cannot handle fragmented CAPWAP packets.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry to dig up an old comment, but we are running into this exact thing
2 SSIDS, 1 for guests, 1 for employees.
Guest one works fine, (internet access only, no internal resources)
employee SSID is intermittently not working for some users, (They can connect to the AP, but No internet access).
Fortigate managing (6) FortiAP 231F.
Fortigate->Fortiswitch->FortiAPs
Fortigate is acting as recursive DNS server with a zone setup as a shadow and forwarding to our Internal Primary/Secondary internal DNS server over ipsec tunnel to datacenter.
All was working fine, for about a year, then we upgraded firmware on fortigate/fortiswitch/foritap
Foritgate - 7.2.5
Fortiswitch - 7.4.0
FortiAP - 7.2.0
Any additional thoughts/suggestions?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
I know also that this is digging up old topic, but I have the same issue and I can't find how to manage this point.
Do you have any updates / fixes with this case
BR
Konrad
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Seeing the same on 100F - with system DNS set to internal servers
Setting 8.8.8.8 for Wi-Fi DNS would result in internet connections
for internal DNS:
add feature DNS Database
added DNS server to the Wi-Fi interface forwarded to system DNS
set Wi-Fi DHCP - default gateway and DNS server to interface IP
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello EK,
Thank you for your answer
Unfortunatelly, I had DNS set for internal with similar settings you suggesting but without any results.
When I set it for 8.8.8.8 nothing has changed
Issue still exist
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
then I would check the Wi-Fi - Wan policy
I had a IP mismatch once due to making interface setting updates
& check the logs for such traffic
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
In our case, when we experienced this intermittent issue, (which we think was after some firmware updates), we ended up reloading the FortiAP profile for each of the AP's, that did the trick. Switched it to the default one, saved, then went back in and changed it back to our company's AP profile.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello
Thank you for your answers
I will try to make something with profile - but in my case trouble is a little bit different.
You can access internet from your computer, but when you will connect your phone there is no way to do it.
You can't even ping your default gateway which is in the same subnet.
You will get information "no route to host"
I created ticket in support, but I saw that this issue is common so I decided to ask community also
- « Previous
- Next »
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Issues Mapping Azure Files Storage After... 48 Views
- Site to Site IPSEC between to... 113 Views
- VXLAN discussion/design questions? 62 Views
- IPSec Network Lockdown in FortiClient 132 Views
- Connect SSL VPN On Phone, Error... 121 Views
Labels
-
FortiGate
8,525 -
FortiClient
1,724 -
5.2
801 -
FortiManager
717 -
5.4
639 -
FortiAnalyzer
548 -
FortiSwitch
463 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
310 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
225 -
FortiWeb
201 -
5.0
196 -
IPsec
191 -
FortiNAC
181 -
FortiGuard
136 -
6.4
128 -
SD-WAN
112 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
85 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
74 -
4.0MR3
64 -
FortiProxy
59 -
High Availability
54 -
Fortivoice
53 -
FortiADC
53 -
FortiEDR
51 -
vlan
48 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
41 -
DNS
41 -
BGP
40 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
34 -
Authentication
33 -
NAT
32 -
SSO
31 -
Interface
31 -
RADIUS
30 -
FortiConnect
28 -
FortiLink
27 -
FortiWAN
26 -
VDOM
26 -
Web profile
26 -
FortiConverter
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
FortiPAM
22 -
Virtual IP
22 -
SSL SSH inspection
21 -
Fortigate Cloud
20 -
FortiPortal
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
Intrusion prevention
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
Authentication rule and scheme
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1666 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.