I have been fighting this for so long, I dont know what to do.
I have several sites running FGT and FAPs. Yesterday I made the desition to TFTP new firmware on all the FAPs and FGTs to see if a clean start can fix the problem. The thing is. The setup can work fine, and then all the sudden the speed is terrible. I go inside the FGT and check SNR and stuff like that and everything looks great, but it is not. Once this client had this problem and I tried to change a setting in the AP profile, and after that, poof everything was fine again.
Another client reboots the FAP when it is to slow and all the sudden everything is fine again. So it does seem to be something with the APs. But a user should have to do that.
Has anyone heard of these kind of problems. I have had so many clients having problems with the FAPs, I am att crossroad where I am seriously thinking about exchanging those and never look back. But that would be very expensive.
I spoke to some other IT guy and many of them say FAPs are ****. But I am really wondering. Is it that bad. What do you guys here on the forum think. Do you have setups with FAPs that are working great. How do you setup the FAPs.
For one thing, I noticed when I only run 5GHz on a SSID the handoff from AP to AP does not work. But if I turn on 2,4GHz it works. That seems weird. I also tried setting up different AP profiles for different APs in the same office so that I can choose band and stuff like that. As soon as I do that the users complain about lots of issues. So for now I am running everything very "auto" which I think is weird that I need to do with expensive APs like this.
Please do help out. Even if it is telling me, stay away from FAPs. But if you have a working setup with at least 3 or more APs, how does your AP profile look and things like that.
Thanks, I really hope we can solve this, or I will have a lot of APs to exchange... that will be a big hit for my company, Something I dont think I deserve since I am just trusting my distributor and selling a brand I that thought did proper products.
PS. All my clients are Mac users if that helps in some way.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have been working with FortiAP's and Fortigates for the past 2.5 years. It has been trying to say the least. I have over 100 of the 222B line (outdoor models), paired with 100D, 140D, 80CM, and 90D's.
Before 5.0 build 86, completely broken. Daily/nightly resets to try to get people working. Build 86, mostly stable with weird quirks, usually reset about every week or two. After build 86 (the newest build 98), I reverted back to 86 based on TACs recommendation because everything ground to a halt no matter how many soft resets we did. I wouldn't touch the 5.2.X line with a 10 foot pole (I will maybe try it around 5.2.8 or so).
The problem is there are some things that work absolutely great and other things that completely break the platform.
Resource provisioning - Does not work. I love seeing all 10 of my APs on site boot up and stay on Channel 1
Mesh Backhaul - Works great over 5ghz
AP Quality - Is hit or miss. Some units will drop and need to be powercycled. One month with zero resets and the next month 5 resets. I have begun to doubt their manufacturing source.
Multiple SSIDs - Despite what they say, putting on more than a few will cause you a lot of problems
Signal strength - Great
Single SSID Handoff between APs - Usually pretty good. I have watched a tech walk around and literally jump to different APs as he walked. The only problems you get here is the actual device itself refusing to switch
Working with Controllers - CAPWAP usually works pretty spot on. I do like the ease of pairing it with units, although my main gripe is that a WIFI unit has to use a tunnel SSID versus most of your actual AP's will benefit from bridge mode
Captive Portal with 3rd party radius- Only works with 5.2.X line on Fortigate - See above about firmware
We haven't given up yet, but hope for one day a good firmware without horrible broken bugs in it. I would like to setup a hospitality site without having to worry. After reading this forum I will be trying a couple tweaks but mainly waiting for Fortinet to put some time and effort into their firmware.
wittersjohan wrote:We've got lots of FAP deployed at customers, running all kinds of FOS... At the moment we have little or no trouble, and in most cases where we have issues it's related to client side drivers or Mac's.
We did have some issues in the past due to radio provisioning being enabled or the ap being used as sniffer. But these were bugs in earlier releases of FGT and FAP firmware.
I suggest that you check the FAP's when facing issues to check memory and CPU load. If these are high, try disabling radio provisioning and/or rogue scanning.
Thanks for the comments Johan. We're a Fortinet partner and have numerous FortiAP deployments running without a hitch, this is the first one where we're experiencing such widespread issues. You're comments re the memory and CPU load are certainly valid and was the first variables we excluded (as mentioned we spent about a month working with TAC on this).
The fact that Fortinet provided us with various (3 in total if I remember correctly) private interim builds seems indicative of a bug that they are aware of. I have re-opened my TAC case, I have also requested TAC provided clarity on which firmware build to run on the FAP221C platform. I will keep this thread updated with their feedback.
wittersjohan wrote:We've got lots of FAP deployed at customers, running all kinds of FOS... At the moment we have little or no trouble, and in most cases where we have issues it's related to client side drivers or Mac's.
We did have some issues in the past due to radio provisioning being enabled or the ap being used as sniffer. But these were bugs in earlier releases of FGT and FAP firmware.
I suggest that you check the FAP's when facing issues to check memory and CPU load. If these are high, try disabling radio provisioning and/or rogue scanning.
By the way... since all my clients are Mac users. What kind of drivers did you have problems with?
EDIT: sorry, my mistake, you said client drives or Mac. But still... what did you find out with the Macs. Since that are all my users, I need to get those working as you might understand ;)
The number of interim builds does seem to indicate issues... could also be that they are free wheeling, offering possible fixes without knowing what's the issue and what's causing it..
Johan Witters
Network & Security Engineer
FCNSP V4/V5
BKM NV
I'm not a mac expert, but there are some issues in Mac OS, make sure your customers have the latest patches installed.
In general we have issues with macs and Iphones etc when using anything else than WPA/AES or portal authentication. Issues reported are slow connection, frequent disconnects, not able to connect etc.. According to what I've been able to find on the issue Apple has a different view on wireless security which causes some issues
Johan Witters
Network & Security Engineer
FCNSP V4/V5
BKM NV
wittersjohan wrote:I'm not a mac expert, but there are some issues in Mac OS, make sure your customers have the latest patches installed.
In general we have issues with macs and Iphones etc when using anything else than WPA/AES or portal authentication. Issues reported are slow connection, frequent disconnects, not able to connect etc.. According to what I've been able to find on the issue Apple has a different view on wireless security which causes some issues
What do you mean by WPA/AES. Do you mean the standard WPA2 Personal setting, or was this was solved by choosing any other setting from the CLI?
rbn wrote:Yes, the default WPA(2)-PSK settings work in most cases. But I've had issues too with rogue detect and radio resource provisioning as well and had to disable it to get the macs stable.. Collegues used to configure TKIP, but that turned out to be a bad idea.What do you mean by WPA/AES. Do you mean the standard WPA2 Personal setting, or was this was solved by choosing any other setting from the CLI?
On the most recent builds I've got the impression the default settings work.
Johan Witters
Network & Security Engineer
FCNSP V4/V5
BKM NV
Hi All,
TAC has provided me with interim build 0241, along with the following comments "I notice that the version provided by the previous engineer is 5.2.3 build 239. After that build, several issues have been fixed in that code trunk."
We have deployed this build now - will update on whether or not there's any improvent.
Any updates on this?
I also encounter the same issue on multiple sites especially with Apple devices (Macs and iPhones). There's no way to tell the customer that their devices are faulty because with other wifi solutions (especially Apple AirPort) are working just fine.
The symptoms are frequent temporary freezings of network connections. If I turn wifi off and on on a device, it works ok. I experienced this with FortiAP 221C and controllers ranging from 40C to 200D.
ruan.kotze wrote:Hi All,
TAC has provided me with interim build 0241, along with the following comments "I notice that the version provided by the previous engineer is 5.2.3 build 239. After that build, several issues have been fixed in that code trunk."
We have deployed this build now - will update on whether or not there's any improvent.
Hi i am also having the same issue with OS devices and fortiAPs.
I had tried all the solutions that are described in this thread with no solution.
The fact that annoys me is the fortinet's attitude, I really dont know why do they keep realising new FortiAP firmwares with new "features" when they simply cannot maintain a regular connection with OS devices and the fact that this known issue is never listed in theirs release notes annoys me more
I can confirm that the Ruckus AP's in conjunction with Fortigate works very well and dont have this issues. As everyone had stated before is so embarrassing telling our clients that the solution that supposedly is an enterprise solution had this kind of issues.
I hope that they release a definitive solution and not only a new firmware telling us to "prove it" I had a TAC open ticket with this issue with zero advance
Sorry for my poor english, i'm from Mexico. Gerardo Romero
Network Security Alliance gerardo.romero@networksecurityalliance.com
Curious if anyone has made any progress with these issues in the last few weeks.
I have two FAP-221Cs (v5.2-build0229) controlled by an FGT-60D running v5.2.2,build642. Throughput seems to be fantastic for 5Ghz clients, however, most clients on 2.4Ghz will have their through put drop down to < 200 k/sec if a few users in the same conference room try to access the network at the same time; conference room wall is glass and has line of sight to the FAP about 40 feet away. I've tried disabling radio #2 in the FAP (5Ghz), setting radio #1 to 802.11 n/g, disabling auto TX power, etc. I also had to disable Spectrum analysis in order to get the FAPs to reduce the constant 99-100% CPU usage and random reboots. Sad since this this was one of the features we purchased these for.
I attempted to work with support a few months ago on this, but I don't have the resources to pour into troubleshooting these issues.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.