I have posted this question to r/Fortinet and to spiceworks, and so far no one has an answer for me.
First, I should state that I am a huge fan of Fortinet. We manage and recommend many of their products. Their firewalls are miles better in value and features than any I have seen.
The APs though....
To summarize, all APs we have in production max out at around 220Mbps to the end clients (maybe 60 APs at different clients). I haven't tested the 421 series, but all others (regardless of model or release date) offer the exact same throughput.
We have had 4 tickets open with support for APs that simply cannot produce bandwidths to the specifications of the devices. I have gone through the support calls, and even brought out an exact same spec AP from another manufacturer (6 antenna wave 2, 802.11ac max speed 1.3 Gbps release date 2012) to compare to their FAP321C. They cant help. It's maddening. They go through the checklist, and we see no improvement. I see a million different forum posts that are similar, and never reach any answer.
I am NOT looking to debug it. I have support for that, plus I've spend about 10 hours doing it, so I've probably tried what you want to suggest.
I AM looking to see if anyone out there is getting more than 220Mbps to a wireless client. If anyone can, I would love to hear from you. Then the we can sort out firmware version and config. I HOPE i am wrong, but so far I have found no one who can get past that 220Mbps speed limit.[/ul]
I'm managing FAPs from FortiGates, so you might not be able to change these settings.
I've have had both speed and connection issues with some devices when PMF was enabled in the past (mainly older iOS and Apple devices). CLI lets you set it to disable or optional per SSID (config wireless-controller vap). Don't know how you get to it with cloud management.
I'm assuming that you have spectrum analysis off (under radio config for the wtp-profile) or you would see even worse performance.
Have you tested with any non-FortiCloud managed FAPs? Would be good to look at a default FAP 221E in bridge mode without cloud management to see if this might be a result of some setting on the cloud managed FAPs.
Hoping that somebody with more WiFi knowledge than me jumps in here...
Was 220Mbps the throughput you got from wireless client using test tool such as iperf or Phy rate(link speed) you observed on client?
If it's throughput from wireless client ( I assume it was), please check the VAP mode. There are two modes as far as how the data packets are processed.
1) Tunnel mode: all packets from clients are tunneled over to controller for further processing
2) Bridge mode: all packets from clients are locally bridged/switched. <---recommended mode unless you really need to process all your wireless data traffic at one location
If mode 1) is used, it's possible that you can see 200-300Mbps throughput especially on some low end AP products. If DTLS or IPsec is used for data channel encryption, this number would be even lower due to CPU cycles used by encryption/decryption.
As I said before, I'm not really looking to debug it. Just asking if anyone is able to confirm more than 220Mbps through one of the following models: 221C 221E 321C
Are you able to achieve higher speeds?
But to answer your questions:
Yes, we have used iperf, also fast.com, speedtest.net, and a network file transfer. We are in bridge mode, and with Ruckus, Aruba, and an old apple airstation all with specs identical to the models listed above we were able to see speeds damn near spec. With the FAPs we see 220Mbps in perfect conditions with all models. It seems like some sort of hard limit in the firmware. I have spent 10 hours including with fortinet support debugging this, so I have tried just about everything. I really just want to know if ANYONE can get faster than that. If people can, than I can continue spending time debugging. But until then, I'm starting to think this is a limit, and I have to fall on my sword. I have reccomended FAPs to many clients and currently manage about 60 of them. I recently encouraged a client to upgrade to the 321C for their new gigabit wan. They were getting 220Mbps on the 221Cs (even though their spec was over 800Mbps) and had then shell out big $ for it. Now I look like an idiot, and I could lose their business.
I can assure you that there is no hard limit of 220Mbps. Internally we see much higher than that. As far as why you only consistently see 220Mbps, it could be relate to your WAN speed if you test it with public servers.
IIRC I’ve gotten much faster speeds on 320C 221C, and 221E, with FAPs in bridge mode. If you’re already using bridge mode then something else is going on and you need to give us more config and version information to be able to help.
If these are dense installations or have tons of users your problems may be more noise/power/channel related which means site surveys or MetaGeek analysis.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.