After about 10 minutes they reconnected and started function fine again. None of the APs had rebooted or lost power. What's interesting here (maybe) is that it doesn't appear to be a broadcast flood or anything causing packets to be dropped; instead for several seconds before the outage they all got ping deny responses from the controller, e.g.:
So, their heartbeat pings were getting denied by the default implicit deny rule (policyid=0) but there's no reason for that that I can see. And it's also very odd to me that the problem then fixed itself without intervention. Any idea why the controller would suddenly stop accepting pings from its APs? We had no other network outage at the time, and the regular Fortigate firewall rules all continued functioning normally in the meantime.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.