Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
hfuentes87
New Contributor

Created on ‎06-01-2022 05:18 PM

FortiAp takes a long time to connect to Fortigate in HA

Good afternoon!
I am trying to connect two FortiGate 40F in HA and two different ISPs with a FortiAP 221e on the internal network. The architecture of the formed network is as follows:

 

 

Consulta AP en HA.png

 

the connections with the ISPs through the ISPs work correctly and the connection in HA also works as it should (I make the wired connection from the internal Switch to a computer, I run ping to google and when I disconnect the FG that is working as primary , only one packet is lost, making the switch from primary to secondary correctly). The problem is that when I perform such disconnection from the primary FG, the FortiAP goes offline and takes a long time to reconnect, leading to all client connections to the AP being disconnected.
I would appreciate if someone could guide me on the following:
Why will there be such a delay in reconnection to the secondary FG?
Is this delay because I am using TPLinks Switches?
Is there any particular configuration for the FortiAP in this situation?
Thank you very much in advance for everyone's attention and contribution.
HORACIO FUENTES

Labels:
2297
0 Kudos
1 Solution
jhussain_FTNT
Staff
Staff

Created on ‎06-01-2022 10:42 PM

 

Hi,

 

Please note that normally when your are doing failover, the FortiAP will try to discover new controller only when the retrasnmit count (default is 3) configured on the Fortigate fails. It is normally it will take 2 -3 min for the AP to join the new controller.

 

Kindly let us known how much time it is taking to FortiAP joins to new controller. Does both the Fortigate are in sync, when you do the HA failover.

 

You can fine tune to below keep alive settings on the Fortigate.

#config wireless-controller global
#set max-retransmit 3
#end
# config wireless-controller timers
(timers) # set echo-interval 60  (sec)
(timers) # end

 

Regards

Jamal

View solution in original post

2285
0 Kudos
2 REPLIES 2
jhussain_FTNT
Staff
Staff

Created on ‎06-01-2022 10:42 PM

 

Hi,

 

Please note that normally when your are doing failover, the FortiAP will try to discover new controller only when the retrasnmit count (default is 3) configured on the Fortigate fails. It is normally it will take 2 -3 min for the AP to join the new controller.

 

Kindly let us known how much time it is taking to FortiAP joins to new controller. Does both the Fortigate are in sync, when you do the HA failover.

 

You can fine tune to below keep alive settings on the Fortigate.

#config wireless-controller global
#set max-retransmit 3
#end
# config wireless-controller timers
(timers) # set echo-interval 60  (sec)
(timers) # end

 

Regards

Jamal

2286
0 Kudos
hfuentes87
New Contributor

Created on ‎06-05-2022 11:38 AM

Perfect! Indeed, both FG are synchronized, so I am going to review that configuration that you tell me to try to reduce reconnection times.
Thank you in advance for your response, it has been very kind.

Horacio

2257
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.