- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Having issues with APs suddenly becoming slow and ...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Having issues with APs suddenly becoming slow and almost unresponsive
I have been fighting this for so long, I dont know what to do.
I have several sites running FGT and FAPs. Yesterday I made the desition to TFTP new firmware on all the FAPs and FGTs to see if a clean start can fix the problem. The thing is. The setup can work fine, and then all the sudden the speed is terrible. I go inside the FGT and check SNR and stuff like that and everything looks great, but it is not. Once this client had this problem and I tried to change a setting in the AP profile, and after that, poof everything was fine again.
Another client reboots the FAP when it is to slow and all the sudden everything is fine again. So it does seem to be something with the APs. But a user should have to do that.
Has anyone heard of these kind of problems. I have had so many clients having problems with the FAPs, I am att crossroad where I am seriously thinking about exchanging those and never look back. But that would be very expensive.
I spoke to some other IT guy and many of them say FAPs are ****. But I am really wondering. Is it that bad. What do you guys here on the forum think. Do you have setups with FAPs that are working great. How do you setup the FAPs.
For one thing, I noticed when I only run 5GHz on a SSID the handoff from AP to AP does not work. But if I turn on 2,4GHz it works. That seems weird. I also tried setting up different AP profiles for different APs in the same office so that I can choose band and stuff like that. As soon as I do that the users complain about lots of issues. So for now I am running everything very "auto" which I think is weird that I need to do with expensive APs like this.
Please do help out. Even if it is telling me, stay away from FAPs. But if you have a working setup with at least 3 or more APs, how does your AP profile look and things like that.
Thanks, I really hope we can solve this, or I will have a lot of APs to exchange... that will be a big hit for my company, Something I dont think I deserve since I am just trusting my distributor and selling a brand I that thought did proper products.
PS. All my clients are Mac users if that helps in some way.
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I have been working with FortiAP's and Fortigates for the past 2.5 years. It has been trying to say the least. I have over 100 of the 222B line (outdoor models), paired with 100D, 140D, 80CM, and 90D's.
Before 5.0 build 86, completely broken. Daily/nightly resets to try to get people working. Build 86, mostly stable with weird quirks, usually reset about every week or two. After build 86 (the newest build 98), I reverted back to 86 based on TACs recommendation because everything ground to a halt no matter how many soft resets we did. I wouldn't touch the 5.2.X line with a 10 foot pole (I will maybe try it around 5.2.8 or so).
The problem is there are some things that work absolutely great and other things that completely break the platform.
Resource provisioning - Does not work. I love seeing all 10 of my APs on site boot up and stay on Channel 1
Mesh Backhaul - Works great over 5ghz
AP Quality - Is hit or miss. Some units will drop and need to be powercycled. One month with zero resets and the next month 5 resets. I have begun to doubt their manufacturing source.
Multiple SSIDs - Despite what they say, putting on more than a few will cause you a lot of problems
Signal strength - Great
Single SSID Handoff between APs - Usually pretty good. I have watched a tech walk around and literally jump to different APs as he walked. The only problems you get here is the actual device itself refusing to switch
Working with Controllers - CAPWAP usually works pretty spot on. I do like the ease of pairing it with units, although my main gripe is that a WIFI unit has to use a tunnel SSID versus most of your actual AP's will benefit from bridge mode
Captive Portal with 3rd party radius- Only works with 5.2.X line on Fortigate - See above about firmware
We haven't given up yet, but hope for one day a good firmware without horrible broken bugs in it. I would like to setup a hospitality site without having to worry. After reading this forum I will be trying a couple tweaks but mainly waiting for Fortinet to put some time and effort into their firmware.
50 REPLIES 50
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No one any thoughts on this? I would love to hear I am wrong... but if I am not, its time I get to know that more people are having problems.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, we were made aware of this post from Fortinet at end of March 2015 (don't know if it has been superseded and not sure of exact source to check) - but we are managing at least one customer running 5.2.3 on firewall but with 5.0.9 (downgraded from 5.2.2) on FAPs to resolve the kind of issue you describe. The downgrade can be performed via the firewall gui in one step:
"Until further notice DO NOT use any 5.2.x version in any of the 11n FAPs models with the exception of the very new models that don’t have builds in the 5.0.x branch.
If a customer is having issues in 5.2.2 in any 11n FAPs check the release notes for downgrade compatibility, if supported, downgrade to the recommended version below.
# For All deployments including Forticloud use 5.0.9 build 86 GA in these models:
FAP_112B, FAP_11C, FAP_14C, FAP_210B, FAP_220B FAP_221B, FAP_222B, FAP_223B, FAP_224D, FAP_25D, FAP_28C, FAP_320B, FK_214B
Alternatively if the above models are already running version 5.0.9 build 86 (GA) but the customer is still experiencing problems that could be related to ARP, DHCP, FAP rejoins and others please upgrade them to build 88.
# For all 11ac models and new FAP that don’t support 5.0.X in all deployment types use 5.2 build 229. These are the models:
FAP_112D, FAP_21D, FAP_221C, FAP_222C, FAP_223C, FAP_24D, FAP_320C, FAP_321C"
Tim
GISS (UK)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you so much Tim for this info.
Lets hope this gets solved. I did have to downgrade a client (downgrade was not possible but I did put the firmware though TFTP back in there) and until now they have not called. So I hope they are not having these issues.
It is terrible that we dont get informed about this. I am a partner to Fortinet so I think they should send these things out, even if it is embarrassing to say this to your clients (unstable uppgrades always is), it is better we know this info and know how to solve the problem instead of the user having lots of issues and becoming very unhappy.
I still dont understand why one of my clients cannot have just 5GHz turned on and still get the handoff to work, so even if they have the new FAP221AC there are still problems with these new ones too.
Tim, what kind of problems did Fortinet say the 11n units had if they where on 5.2?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Still looking for more people... I now have a client complaining about the new 221C. They also have troubles with the wifi suddenly becoming very slow.
Is there no one else with problems, or do you not use FAPs at all? Really need to know if it is worth working on this, or if I just should give up and put som other brand with my clients (with my money, so of course not the greatest solution)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am running 3 FAP 221C's (5.2 build 0245) with a Fortigate 100D (5.2.5 build 701).
I experience these issues often. I have only had the hardware for 1 month, but I've tried messing with the channels and other settings (lower power, auto power, Radio Resource Provision, etc) to no avail. Things will be fine, and all of a sudden things come to a halt or move very slowly, then after waiting a minute or two, things speed up a bit. It's very intermittent. My SNR is somewhere between 26dB and 57dB. Any advice would be helpful.
Thanks, John
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We have many customers with FAPs, two I can think of specifically - a school with about 14 and a marina with about 28 - neither of which are experiencing issues since we made sure they were all on firmware version recommended above. Our view is we always want to assist FortiNet in ironing out any bugs whenever possible (not surprising as most of our many customers have fortinet kit) - no manufacturer ever produces perfect product due to the ever increasing complexity of IT these days. We'd suggest opening a ticket with Fortinet and provided as much information as possible to assist in mutually tracking down the issue to do with this unique environment (every environment is unique in some way). If it seems there is not enough time to do this - then by all means switch manufacturers, with fingers crossed that whatever complexity is causing an issue for Fortinet does not repeat itself in new manufacturer. ;)
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I am experiencing exactly the same issues as you are - we have full signal strength but the we lose connectivity and see lots of random time-outs. Hardware platform is a Fortigate 240D A/P cluster (FortiOS 2.5.3) with FortiAP 221C's.
We have had cases open with TAC for more than a month and they have provided me with two interim builds (0234 and 0238) which have the improved the situation somewhat, but the issues are still such that we cannot put it in production.
The information in this thread is valuable, as this was not mentioned to me by TAC. I will log a new case and reference this.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the feedback Tim. Happy to hear you have setups that work great. That gives me hope :)
namitguy: Not happy to hear you have the same issues, but it is nice to know this is not on me. We ben having so much problems on so many sites, you start to wonder if you do something wrong :)
I just opened a case so lets see what that gives me.... I will keep you posten.
In the meantime, any one reading this post, please do post, good or bad, everything helps!!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
We've got lots of FAP deployed at customers, running all kinds of FOS... At the moment we have little or no trouble, and in most cases where we have issues it's related to client side drivers or Mac's.
We did have some issues in the past due to radio provisioning being enabled or the ap being used as sniffer. But these were bugs in earlier releases of FGT and FAP firmware.
I suggest that you check the FAP's when facing issues to check memory and CPU load. If these are high, try disabling radio provisioning and/or rogue scanning.
Johan Witters
Network & Security Engineer
FCNSP V4/V5
BKM NV
Johan Witters
Network & Security Engineer
FCNSP V4/V5
BKM NV
Related Posts
- Fortigates with PPPoE WAN suddenly need... 343 Views
- FortiGate SSL Inspection suddenly breaking applications. 596 Views
- Weird issue with Fortinet 247 Views
- Not showing intrusion prevention in FortiGate... 152 Views
- Fortigate 200E HIGH CPU USAGE -... 171 Views
Labels
-
FortiGate
6,556 -
FortiClient
1,307 -
5.2
801 -
5.4
639 -
FortiManager
565 -
6.0
416 -
FortiAnalyzer
415 -
5.6
362 -
FortiSwitch
336 -
FortiAP
336 -
FortiClient EMS
264 -
6.2
251 -
FortiMail
243 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
151 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
89 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
71 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
61 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
43 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
32 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
Firewall policy
24 -
FortiConnect
24 -
SD-WAN
24 -
FortiWAN
22 -
VLAN
21 -
FortiConverter
21 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiAuthenticator
15 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
FortiGate v5.0
12 -
Routing
12 -
Interface
12 -
FortiCASB
12 -
Logging
11 -
LDAP
10 -
Virtual IP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
SSL SSH inspection
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
IP address management - IPAM
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Authentication
6 -
FortiBridge
6 -
Fortigate Cloud
6 -
Traffic shaping policy
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Web profile
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiDB
3 -
Port policy
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
Fortinet Engage Partner Program
2 -
TACACS
1 -
4.0MR1
1 -
Schedule
1 -
Users
1 -
SDN connector
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Application signature
1 -
Web rating
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Multicast routing
1 -
Email filter profile
1 -
Zone
1 -
Internet Service Database
1 -
Explicit proxy
1 -
System settings
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.