Fortinet Community

cclg_support · ‎04-06-2023

Hi all

I have a problem with the FortiAP 221E

I have a fleet of 50 FortiAPs on different networks interconnected in MPLS.
FortiAP management is done via a FortiGate 600E and a FortiManager
The FortiAps are all in 7.0.6
The FortiGate is in 7.0.11
The FortiManager is in 7.0.7

Here is the problem :

For some reason that I cannot identify, from time to time (on average one to two terminals per week), the terminal no longer responds to a ping with a packet size > 1500. Example ping –l 1800
When the problem occurs, I test the ping from the terminal's LAN, to rule out any MPLS fragmentation problem.
This makes the terminal unusable for customers (out of service captive portal, out of service PC authentication, etc.) anything that uses SSL no longer works. They therefore become unusable. On the other hand, a normal ping (< 1500) continues to work.

When this happens, I reboot the terminal (via the FortiManager or via the web interface of the terminal) and after restarting, the terminal is OK, the fragmentation is done well.
I tried different firmwares (from 7.0.5 to 7.2.2), it doesn't change anything.

BAUD_RATE:=9600

WTP_VERSION:=FortiAP-221E v7.0,build0108,230329 (GA)

FIRMWARE_UPGRADE:=0

FACTORY_RESET:=0

LOGIN_PASSWD_ENC:=xxxxxxxxxxxxxxxxxxxxxx

ADMIN_TIMEOUT:=5

WANLAN_MODE:=WAN-ONLY

AP_MODE:=0

STP_MODE:=0

AP_MGMT_VLAN_ID:=0

ADDR_MODE:=DHCP

AP_IPADDR:=192.168.1.2

AP_NETMASK:=255.255.255.0

IPGW:=192.168.1.1

DNS_SERVER:=208.91.112.53

ALLOW_HTTPS:=2

ALLOW_SSH:=2

AC_DISCOVERY_TYPE:=0

AC_IPADDR_1:=192.168.1.1

AC_IPADDR_2:=

AC_IPADDR_3:=

AC_HOSTNAME_1:=_capwap-control._udp.example.com

AC_HOSTNAME_2:=

AC_HOSTNAME_3:=

AC_DISCOVERY_MC_ADDR:=224.0.1.140

AC_DISCOVERY_DHCP_OPTION_CODE:=138

AC_DISCOVERY_FCLD_APCTRL:=

AC_DISCOVERY_FCLD_ID:=

AC_DISCOVERY_FCLD_PASSWD_ENC:=

AC_CTL_PORT:=5246

AP_DATA_CHAN_SEC:=clear,ipsec,dtls

BONJOUR_GW:=2

MESH_AP_TYPE:=0

LED_STATE:=2

WAN_1X_ENABLE:=0

WAN_1X_USERID:=

WAN_1X_PASSWD_ENC:=

WAN_1X_METHOD:=0

Here is the configuration of a terminal (they all have the same configuration)

have you encountered this problem before?

how to fix it?

Thanks for your help

Anthony_E · ‎04-09-2023

Hello,

Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.

Thanks,

Anthony-Fortinet Community Team.

Anthony_E · ‎04-10-2023

Hello,

We are still looking for someone to help you.

We will come back to you ASAP.

Regards,

Anthony-Fortinet Community Team.

Anthony_E · ‎04-11-2023

Hello,

Did you have already a look into this document?:

https://docs.fortinet.com/document/fortiap/7.2.4/fortiwifi-and-fortiap-configuration-guide/873995/ip...

Regards,

Anthony-Fortinet Community Team.

cclg_support · ‎04-19-2023

Good morning

Thank you for your reply.

I have already seen the documentation you are talking about but it does not relate to my problem.
The doc talks about a fragmentation concern for customers of the wifi terminal through a capwap tunel.

My problem is different, it's the terminal itself which no longer wants to fragment for some unknown reason.

as a reminder :
I try to ping the terminal from a pc on the same lan (connected by cable on the same switch)

example :

pc 192.168.1.10
fortiAP 192.168.1.11

from pc: ping -s 1800 192.168.1.11 -> ok
then, for no reason, this same command no longer passes.
on the other hand ping 192.168.1.11 remains ok.

after rebooting the terminal, the ping -s 1800 192.168.1.11 again OK

Fortinet Community

FortiAP fragmentation issues