Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Holiday badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: FAP speed limit at 220Mbps
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FAP speed limit at 220Mbps
I have posted this question to r/Fortinet and to spiceworks, and so far no one has an answer for me.
First, I should state that I am a huge fan of Fortinet. We manage and recommend many of their products. Their firewalls are miles better in value and features than any I have seen.
The APs though....
To summarize, all APs we have in production max out at around 220Mbps to the end clients (maybe 60 APs at different clients). I haven't tested the 421 series, but all others (regardless of model or release date) offer the exact same throughput.
We have had 4 tickets open with support for APs that simply cannot produce bandwidths to the specifications of the devices. I have gone through the support calls, and even brought out an exact same spec AP from another manufacturer (6 antenna wave 2, 802.11ac max speed 1.3 Gbps release date 2012) to compare to their FAP321C. They cant help. It's maddening. They go through the checklist, and we see no improvement. I see a million different forum posts that are similar, and never reach any answer.
[ul]
Solved! Go to Solution.
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
3 Solutions
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FAP 221E with 6.0.5 firmware (FP221E-v6.0-build0066) gives 303 Mbps with other devices connected in an area with a lot of RF noise and multiple interfering channels from neighbors.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you post more details about your config to clarify? Along with firmware version and screenshots, details like:
[ul]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm managing FAPs from FortiGates, so you might not be able to change these settings.
I've have had both speed and connection issues with some devices when PMF was enabled in the past (mainly older iOS and Apple devices). CLI lets you set it to disable or optional per SSID (config wireless-controller vap). Don't know how you get to it with cloud management.
Regarding WIDS (https://docs.fortinet.com/document/fortigate/6.0.0/handbook/961129/wireless-intrusion-detection-syst...), I don't see it in the FortiCloud documentation, so don't know how it's handled for your case. But some aspects of it, like scanning for rogue APs, could have perf hits,
I'm assuming that you have spectrum analysis off (under radio config for the wtp-profile) or you would see even worse performance.
Have you tested with any non-FortiCloud managed FAPs? Would be good to look at a default FAP 221E in bridge mode without cloud management to see if this might be a result of some setting on the cloud managed FAPs.
Hoping that somebody with more WiFi knowledge than me jumps in here...
28 REPLIES 28
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you share fortiap profile on the managing fortigate
Show the config under:
config wireless-controller wtp-profile
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
James_G wrote:
Can you share fortiap profile on the managing fortigate Show the config under: config wireless-controller wtp-profile
We use forticloud management. I can test it with fortigate management today, but I was told that in bridge mode it wouldnt matter.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, as I have mentioned before, I have spent hours and hours on this, with fortinet support. We have tested all channel widths, and set channels manually. We have also tested this at a location that we can confirm has no interference.
TO recap, for anyone who is skimming the previous conversation, Ruckus, Aruba and Apple airstation, all with the same specs/gen all connect at close to spec (875Mbps or 1Gbps depending on the model). The FAP (three different models 221C 221E 321C, 4 different businesses, 11 different physical locations) all max out at 220Mbps. We do you forticloud for AP control, but each are in bridge mode.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FAP 221E with 6.0.5 firmware (FP221E-v6.0-build0066) gives 303 Mbps with other devices connected in an area with a lot of RF noise and multiple interfering channels from neighbors.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I keep coming back to thinking 220mbps is about the limit for a 20mhz channel, can you use WiFi analyser to confirm channel bandwidth (I've got app on my Android phone)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yep, I use the same app. And yes, it's 80Mhz, you can see the width right there on the visualization. I like that thought process though!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Another clue perhaps: I switched management to the fortigate from forticloud. Still in bridge mode. Same speed. I then changed it from 80Mhz to 40Mhz and saw the max speed drop from 220 to about 160Mbps, and I get about 130Mbps at 20Mhz width. So I'm sure we really are using the 80Mhz channel width, but something else is slowing it down. Again, we get full speed from wired and from similar hardware from other manufacturers.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Can you post more details about your config to clarify? Along with firmware version and screenshots, details like:
[ul]
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have tried a million things, but if you have a config you want me to try I would SO appreciate it. As I said, we were mostly testing with forticloud management, which limited what we could change. Also, exporting our options was only possible with CLI at the AP rather than at the fortigate.
I do have a few answers for you.
We have used several firmwares, but all are now on 6.0 Build 0037
We have set power manually without any improvement
I have not set power-saving
I have used both DTLS and Plan text, no improvement
I have monitored the signal via a mobile app, but not anything with detailed reporting
I have disabled low data rates, no affect
Not sure about WIDS, is it set by default in forticloud?
Tested with and without radio resource provision
DFS channels are required to use 80Mhz Channel width
I have only tried DHCP broadcast suppression. I will try more
Protected Managment frames are required for 802.11ac. Are you saying there is a way to disable?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm managing FAPs from FortiGates, so you might not be able to change these settings.
I've have had both speed and connection issues with some devices when PMF was enabled in the past (mainly older iOS and Apple devices). CLI lets you set it to disable or optional per SSID (config wireless-controller vap). Don't know how you get to it with cloud management.
Regarding WIDS (https://docs.fortinet.com/document/fortigate/6.0.0/handbook/961129/wireless-intrusion-detection-syst...), I don't see it in the FortiCloud documentation, so don't know how it's handled for your case. But some aspects of it, like scanning for rogue APs, could have perf hits,
I'm assuming that you have spectrum analysis off (under radio config for the wtp-profile) or you would see even worse performance.
Have you tested with any non-FortiCloud managed FAPs? Would be good to look at a default FAP 221E in bridge mode without cloud management to see if this might be a result of some setting on the cloud managed FAPs.
Hoping that somebody with more WiFi knowledge than me jumps in here...
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Labels
-
FortiGate
8,718 -
FortiClient
1,767 -
5.2
801 -
FortiManager
732 -
5.4
639 -
FortiAnalyzer
559 -
FortiSwitch
476 -
FortiAP
473 -
FortiClient EMS
435 -
6.0
416 -
5.6
362 -
FortiMail
319 -
6.2
251 -
SSL-VPN
246 -
FortiAuthenticator v5.5
234 -
IPsec
210 -
FortiWeb
205 -
5.0
196 -
FortiNAC
190 -
FortiGuard
139 -
6.4
128 -
SD-WAN
115 -
FortiAuthenticator
104 -
FortiGateCloud
102 -
FortiSIEM
99 -
FortiCloud Products
97 -
FortiToken
92 -
Firewall policy
83 -
Customer Service
80 -
Wireless Controller
79 -
4.0MR3
64 -
FortiProxy
60 -
High Availability
56 -
FortiADC
54 -
Fortivoice
53 -
FortiEDR
52 -
vlan
51 -
ZTNA
49 -
Routing
47 -
FortiExtender
45 -
FortiSandbox
44 -
DNS
43 -
FortiDNS
42 -
LDAP
41 -
BGP
40 -
Authentication
38 -
FortiGate v5.4
35 -
SAML
35 -
NAT
35 -
Certificate
35 -
FortiSwitch v6.4
34 -
RADIUS
34 -
SSO
33 -
Interface
31 -
VDOM
30 -
FortiConnect
29 -
FortiLink
29 -
FortiWAN
27 -
Web profile
27 -
Application control
26 -
FortiConverter
25 -
Logging
25 -
Virtual IP
25 -
FortiGate v5.2
24 -
SSL SSH inspection
23 -
FortiPAM
22 -
Fortigate Cloud
20 -
FortiSwitch v6.2
19 -
FortiPortal
19 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiGate-VM
16 -
WAN optimization
16 -
FortiDDoS
15 -
OSPF
15 -
SSID
15 -
Automation
15 -
FortiGate v5.0
14 -
FortiSOAR
14 -
Static route
14 -
System settings
14 -
Web application firewall profile
14 -
IP address management - IPAM
14 -
SNMP
13 -
FortiCASB
12 -
Admin
12 -
FortiManager v5.0
11 -
FortiRecorder
11 -
Security profile
11 -
FortiManager v4.0
10 -
FortiBridge
10 -
IPS signature
10 -
FortiAP profile
10 -
Proxy policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
Traffic shaping policy
9 -
Intrusion prevention
9 -
FortiDeceptor
8 -
RMA Information and Announcements
8 -
Port policy
8 -
4.0
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
DNS filter
7 -
Antivirus profile
7 -
Fabric connector
7 -
Fortinet Engage Partner Program
7 -
FortiToken Cloud
6 -
Explicit proxy
6 -
trunk
6 -
Packet capture
6 -
Traffic shaping profile
6 -
Web rating
6 -
API
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
Authentication rule and scheme
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
Cloud Management Security
4 -
FortiDB
3 -
FortiHypervisor
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Protocol option
3 -
TACACS
3 -
SDN connector
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Schedule
2 -
Multicast policy
2 -
Zone
2 -
Vulnerability Management
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1714 | |
| 1093 | |
| 752 | |
| 447 | |
| 232 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.