- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Endpoint gets IP but doesn’t work
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi there,
Can you post the details of the wireless profile that you are using?
Cheers,
Sidewaysguy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sidewaysguy,
Thanks for your fast reply! Follow below as your request:
Radio 1 mode -> Access Point radio resource provision -> enable client load balancing -> Frequency Handoff band -> 2.4 n/g channel width -> 20MHz short guard interval -> enable channels -> 1,6,11 tx power control -> manual 100% ssids -> manual no location based services
****************************************
Radio 2 mode -> Access Point radio resource provision -> enable client load balancing -> Frequency Handoff band -> 5 ac/n/a channel width -> 80MHz short guard interval -> enable channels -> 36,40,44,48,149,153,157,161 tx power control -> manual 100% ssids -> manual no location based services
****************************************
AP configuration
Radio 1
WTP mode -> normal
Band -> 2.4 n
channel -> 6
tx power control -> auto
Radio 2
Band -> 5 ac/n
channel -> 149,153,157.161
tx power control -> auto
I have 2 SSIDs that is used in both frequencies. One for corporate and other for guest. Corporate as bridge, with wpa2 enterprise and radius. Guest as tunnel, with wpa personal and fortigate as dhcp server. I don't have problems with Corporate, only with guest.
Thanks in advance!
Marcelo
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey Marcelo,
I'm not sure what the physical coverage is like, but i'm wondering if tx power range may be too low on the bottom end? In the WiFi Health Monitor, do you see the devices connected but just not passing traffic? Can you ping them from the firewall? Also which firmware are you on for the Fortigate and APs?
Cheers,
Sidewaysguy
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Also note if you are on 2.4 or 5GHz, as i've had issues with 2.4 interference showing similar symptoms. If you have decent coverage going 5 GHz may be an option to try, unless you are close to exceeding the number of allowed devices per radio and/or you have a specific 2.4 Ghz requirement.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
It's very difficult to pin-point the cause if it comes to seemingly random wifi drops. That's why we opened a TT with TAC to get some help. In our case, we have multiple vendor environment within our office and many other rogue APs in our building. Turned out to be another vendor AP's WIPS feature, which I was tesing, was deauthenticating some specific client devices from connecting to FortiAP's SSID. The devices connect to external public SSIDs as well, which caused to be labelled as "misbehaving authorized clients". Your case sounds different but I just wanted to mention about a possibility.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Toshi and Sideway, hope you are doing well!
My fortigate firmware is v5.6.3 build1547 (GA). I can't ping the devices from firewall and i can see the device at health monitor, with no traffic.
I understood the moment the problem happens for my device(iphone) and i will investigate if it is similar for others employees having the same problem. In my case, i noticed that when i go outside the room as i have the AP, it moves from 5G to 2,4G and looses connectivity. I can see at the health monitor that the device goes from channel 36 to 11. As i told you, i have the same name "ssid" for both frequencies and i can't understand why iphone can treat it. The next test that i will do is reduce the beacon time and client iddle time,, in order client can stay more time without roaming the connection. What do you think?
Thanks in advance!
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If you're suspecting signal reception, you need to use an analyzing tool (I use Acrylic on win10 laptop) to see what kind of signal level the client is getting at those spots while you roam around. FortiGate/AP can tell you only AP side of reception level. That's only a half of the connection. Depending on the area size and obstacles in the area, you might need to add more APs. 5GHz radio can be weakened easily by walls, doors, windows, pillars, and ducts on the ceiling, etc. than 2.4GHz, while 2.4GHz is more crowded by neighbors due to smaller number of channels than 5GHz.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hey there,
How many APs do you have (I forgot to ask earlier)? As well, do you have any tools on your phone/laptop that you can use to see how your signal strength when walking around in the environment? Do you see a lot of interfering AP's on the Fortigate?
You mentioned walking out of the room where an AP is located, structure can also cause interference with the signal. Devices like your iPhone will always try to maintain a signal no matter. A simple test that you can do would be to remove the SSID from the 2.4GHz radio in the profile. If you don't want to test with the production SSID, create a new SSID and add it to the 5GHz in the FortiAP profile and create a basic policy for internet access for it to test with. See what your signal strength is as you move through the environment and if you lose connectivity.
To dive deeper into your config, you may want to start a ticket with TAC as they will help troubleshoot directly.
Cheers,
Jared