Curious to see if other people are having a poor experience using the latest 5.4.2 firmware for their FortiAPs. I'm currently running this on FAP-320Cs and it's been a mess for me...clients sometimes can't connect, or if they do, the connection to the internet is horrid. I've actually gone ahead and physically replaced some of the AP's running 5.4.2 with spares that I have on 5.2.4 and they seem to be running better (although definitely too early to tell yet). Curious to see who else is out there running the latest firmware on their APs
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
1) Actually you can change firmware on the FAP. If you need access to earlier versions, you might need to contact support to get access to that
2) for the issue you saw on 5.4.2, can you paste wireless related configuration and also a brief description about your deployment?
The whole configuration might contain sensitive info. You can paste output from
show wireless-controller wtp-profile <the one you use>
show wireless-controller vap <all the VAPs you use>
Also, you can install a Inssider which comes with free version to quickly assess RF environment
1) "5.4.2 does not support downgrading to previous firmware versions" according to the 5.4.2 release notes. Support is currently following up with their devs to find out if there is a way of rolling back but so far, I'm not holding my breath.
2)
config wireless-controller wtp-profile edit "FAP320C" config platform set type 320C end set ap-country US config radio-1 set band 802.11n,g-only set short-guard-interval enable set auto-power-level enable set auto-power-high 20 set auto-power-low 14 set darrp enable set frequency-handoff enable set vap-all disable set vaps "X" "Y" "Z" set channel "1" "6" "11" end config radio-2 set band 802.11ac set short-guard-interval enable set channel-bonding 80MHz set darrp enable set frequency-handoff enable set vap-all disable set vaps "W" "X" "Y" "Z" set channel "36" "44" "52" "60" "100" "108" "149" "157" end next end
And here are the configurations for each of the SSIDs we use (replaced names and encrypted passphrases):
FW # show wireless-controller vap X config wireless-controller vap edit "X" set vdom "root" set ssid "X" set intra-vap-privacy enable set schedule "7AM-10PM" set passphrase ENC xxxxxxx next end FW # show wireless-controller vap Y config wireless-controller vap edit "Y" set vdom "root" set ssid "Y" set schedule "always" set passphrase ENC xxxxxxx next end FW # show wireless-controller vap W config wireless-controller vap edit "W" set vdom "root" set ssid "W" set broadcast-ssid disable set schedule "always" set passphrase xxxxxxx next end FW # show wireless-controller vap Z config wireless-controller vap edit "Z" set vdom "root" set ssid "Z" set security wpa2-only-enterprise set auth radius set radius-server "radius server" set schedule "always" next end
My experience with 5.4.2 on the FAP's has been mixed. I'm running it on a FAP 320C and a 221C.
Both work well for a while (usually about a month) but then one or the other will have a problem.
The problem manifests as the FAP getting into an odd mode where it is no longer broadcasting any of its SSID's, existing connections slow to a crawl, and it immediately drops any new connections, but reports itself as just fine to the FGT. A reboot has it working again.
Hi,
I use a FAP221C (5.4.2 ) on FGT60E (5.4.4) in tunnel mode.
I'm using WPA2 Entreprise with FGT local account.
I had same issue (no wifi connection, no SSID appears on device), I try to turn off "Block Intra-SSID Traffic", it's a bit better but users still have disconnections
I just configure DARRP timers according to http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-wireless-54/wifi-arrp.htm. By default, every 30min "Through DARRP, each FortiAP unit autonomously and periodically determines the channel that is best suited for wireless communications".
config wireless-controller timersset darrp-optimize 0set darrp-day sunday monday tuesday wednesday thursday friday saturdayset darrp-time 03:00end
Wait & see !
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Thanks for posting your config here and it looks quite typical. One thing you might want to change on 5G is to set channel bonding to 40M to match your desired channel list. 36, 44 ... is actually a 40M mode config
Also, DFS channels are used in your config. When radio detects radar nearby, it has to switch to another channel. If that channel is also DFS, it needs to wait until it can use it. This might cause some downtime on your 5G radio.
If the issue is still persistent, it's probably not efficient to solve in this forum and please work with our support who can help understand and collect right logs to narrow down the issue.
tanr wrote:My experience with 5.4.2 on the FAP's has been mixed. I'm running it on a FAP 320C and a 221C.
Both work well for a while (usually about a month) but then one or the other will have a problem.
The problem manifests as the FAP getting into an odd mode where it is no longer broadcasting any of its SSID's, existing connections slow to a crawl, and it immediately drops any new connections, but reports itself as just fine to the FGT. A reboot has it working again.
Thanks so much for the suggestion...I do quite feel like an idiot for not trying to reboot the access points sooner. Last night I checked when the last time they had been rebooted was and it's been about 2 months so I gave all the offending access points a reboot. This morning I checked in on them and performance seems to be drastically better than before...it's quite annoying that now Fortinet Support wants to replicate the issue with me now that I've rebooted all them *sigh*.
One thing that doesn't quite add up is the fact that I brought one of the 320C's running 5.4.2 home with me to test how it would run being managed by forticloud and was not impressed at all by the wireless performance. I wasn't able to fully max out my 60mbps down connection with any of my wireless devices being 5 ft away from the access point (was using a very similar config to the one I posted above)...I think this might have been why I didn't consider rebooting sooner...maybe...
wanglei@fortinet.com wrote:Thanks for posting your config here and it looks quite typical. One thing you might want to change on 5G is to set channel bonding to 40M to match your desired channel list. 36, 44 ... is actually a 40M mode config
Also, DFS channels are used in your config. When radio detects radar nearby, it has to switch to another channel. If that channel is also DFS, it needs to wait until it can use it. This might cause some downtime on your 5G radio.
If the issue is still persistent, it's probably not efficient to solve in this forum and please work with our support who can help understand and collect right logs to narrow down the issue.
Thanks for the tweaks. Made sure to change 5G to 40M. As for having DFS channels selected for 5G, is it generally recommended to remove these channels? I'm not so sure how much radar interference there is considering the access points are located in a standard office building. Anyway, appreciate the help. Hopefully Support is able to help me move the access points back to 5.2.4
Thanks again for the help
Update: Support confirmed there is now way to downgrade the version of fortiap. Didn't really get much help at all from them in terms of improving my wireless experience (support was quick to suggest upgrading to fortiap 5.6 without realizing that you need to have a fortigate running 5.6...). So far it looks like I'm going to have to reboot the access points every week...it looks like the AP's didnt last two weeks before getting into a crappy state where the access to the internet becomes drastically slower than normal and this now seems to include the APs running on the 5.2.4 firmware...was really looking forward to using these fortiaps since we didnt have to purchase a dedicated controller for them but now I really regret getting them :'( I think the 320C model just might be an absolute dud at least from my experience.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1640 | |
1069 | |
751 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.