I have posted this question to r/Fortinet and to spiceworks, and so far no one has an answer for me.
First, I should state that I am a huge fan of Fortinet. We manage and recommend many of their products. Their firewalls are miles better in value and features than any I have seen.
The APs though....
To summarize, all APs we have in production max out at around 220Mbps to the end clients (maybe 60 APs at different clients). I haven't tested the 421 series, but all others (regardless of model or release date) offer the exact same throughput.
We have had 4 tickets open with support for APs that simply cannot produce bandwidths to the specifications of the devices. I have gone through the support calls, and even brought out an exact same spec AP from another manufacturer (6 antenna wave 2, 802.11ac max speed 1.3 Gbps release date 2012) to compare to their FAP321C. They cant help. It's maddening. They go through the checklist, and we see no improvement. I see a million different forum posts that are similar, and never reach any answer.
[ul]
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
FAP 221E with 6.0.5 firmware (FP221E-v6.0-build0066) gives 303 Mbps with other devices connected in an area with a lot of RF noise and multiple interfering channels from neighbors.
Can you post more details about your config to clarify? Along with firmware version and screenshots, details like:
[ul]
I'm managing FAPs from FortiGates, so you might not be able to change these settings.
I've have had both speed and connection issues with some devices when PMF was enabled in the past (mainly older iOS and Apple devices). CLI lets you set it to disable or optional per SSID (config wireless-controller vap). Don't know how you get to it with cloud management.
Regarding WIDS (https://docs.fortinet.com/document/fortigate/6.0.0/handbook/961129/wireless-intrusion-detection-syst...), I don't see it in the FortiCloud documentation, so don't know how it's handled for your case. But some aspects of it, like scanning for rogue APs, could have perf hits,
I'm assuming that you have spectrum analysis off (under radio config for the wtp-profile) or you would see even worse performance.
Have you tested with any non-FortiCloud managed FAPs? Would be good to look at a default FAP 221E in bridge mode without cloud management to see if this might be a result of some setting on the cloud managed FAPs.
Hoping that somebody with more WiFi knowledge than me jumps in here...
Hi,
Was 220Mbps the throughput you got from wireless client using test tool such as iperf or Phy rate(link speed) you observed on client?
If it's throughput from wireless client ( I assume it was), please check the VAP mode. There are two modes as far as how the data packets are processed.
1) Tunnel mode: all packets from clients are tunneled over to controller for further processing
2) Bridge mode: all packets from clients are locally bridged/switched. <---recommended mode unless you really need to process all your wireless data traffic at one location
If mode 1) is used, it's possible that you can see 200-300Mbps throughput especially on some low end AP products. If DTLS or IPsec is used for data channel encryption, this number would be even lower due to CPU cycles used by encryption/decryption.
Hope this helps,
As I said before, I'm not really looking to debug it. Just asking if anyone is able to confirm more than 220Mbps through one of the following models: 221C 221E 321C
Are you able to achieve higher speeds?
But to answer your questions:
Yes, we have used iperf, also fast.com, speedtest.net, and a network file transfer. We are in bridge mode, and with Ruckus, Aruba, and an old apple airstation all with specs identical to the models listed above we were able to see speeds damn near spec. With the FAPs we see 220Mbps in perfect conditions with all models. It seems like some sort of hard limit in the firmware. I have spent 10 hours including with fortinet support debugging this, so I have tried just about everything. I really just want to know if ANYONE can get faster than that. If people can, than I can continue spending time debugging. But until then, I'm starting to think this is a limit, and I have to fall on my sword. I have reccomended FAPs to many clients and currently manage about 60 of them. I recently encouraged a client to upgrade to the 321C for their new gigabit wan. They were getting 220Mbps on the 221Cs (even though their spec was over 800Mbps) and had then shell out big $ for it. Now I look like an idiot, and I could lose their business.
I can assure you that there is no hard limit of 220Mbps. Internally we see much higher than that. As far as why you only consistently see 220Mbps, it could be relate to your WAN speed if you test it with public servers.
If you plug a physical cable / laptop into the same switch as the AP, do you get any faster result?
Change 1 thing at a time
Yes, I am getting 1Gbps over lan. We are in bridge mode. For those of you getting over 220Mbps, can you let me know what firmware version?
We are having the EXACT same problem at 4 clients, with at total of 11 sites. THis includes a site in the middle of nowhere with 0 interference.
Any I would be happy to relay one of our configs. Do you need a variable export?
export BAUD_RATE=9600 export WTP_NAME=FP221CXXXXXXXXXXXX export FIRMWARE_UPGRADE=0 export LOGIN_PASSWD_ENC="XXXXXXXXXXXXXX-" export ADMIN_TIMEOUT=5 export WANLAN_MODE="WAN-ONLY" export ADDR_MODE=DHCP export AP_IPADDR="192.168.1.2" export AP_NETMASK="255.255.255.0" export IPGW="192.168.1.1" export AP_MODE=0 export DNS_SERVER="208.91.112.53" export STP_MODE=0 export AP_MGMT_VLAN_ID=0 export ALLOW_TELNET=2 export ALLOW_HTTP=2 export ALLOW_HTTPS=2 export ALLOW_SSH=2 export DDNS_ENABLE=0 export AC_DISCOVERY_TYPE=7 export AC_IPADDR_1="192.168.1.1" export AC_IPADDR_2= export AC_IPADDR_3= export AC_HOSTNAME_1="_capwap-control._udp.example.com" export AC_HOSTNAME_2= export AC_HOSTNAME_3= export AC_DISCOVERY_MC_ADDR="224.0.1.140" export AC_DISCOVERY_DHCP_OPTION_CODE=138 export AC_DISCOVERY_FCLD_APCTRL= export AC_DISCOVERY_FCLD_ID="XXXXXXXXXXXXXX" export AC_DISCOVERY_FCLD_PASSWD_ENC=XXXXXXXXXXXXXXXXXXXXXXXXXX
export AC_CTL_PORT=5246 export AP_DATA_CHAN_SEC="clear,ipsec,dtls" export MESH_AP_TYPE=0 export MESH_MAX_HOPS=4 export MESH_SCORE_HOP_WEIGHT=50 export MESH_SCORE_CHAN_WEIGHT=1 export MESH_SCORE_RATE_WEIGHT=1 export MESH_SCORE_BAND_WEIGHT=100 export MESH_SCORE_RSSI_WEIGHT=100 export LED_STATE=2
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.