I have been fighting this for so long, I dont know what to do.
I have several sites running FGT and FAPs. Yesterday I made the desition to TFTP new firmware on all the FAPs and FGTs to see if a clean start can fix the problem. The thing is. The setup can work fine, and then all the sudden the speed is terrible. I go inside the FGT and check SNR and stuff like that and everything looks great, but it is not. Once this client had this problem and I tried to change a setting in the AP profile, and after that, poof everything was fine again.
Another client reboots the FAP when it is to slow and all the sudden everything is fine again. So it does seem to be something with the APs. But a user should have to do that.
Has anyone heard of these kind of problems. I have had so many clients having problems with the FAPs, I am att crossroad where I am seriously thinking about exchanging those and never look back. But that would be very expensive.
I spoke to some other IT guy and many of them say FAPs are ****. But I am really wondering. Is it that bad. What do you guys here on the forum think. Do you have setups with FAPs that are working great. How do you setup the FAPs.
For one thing, I noticed when I only run 5GHz on a SSID the handoff from AP to AP does not work. But if I turn on 2,4GHz it works. That seems weird. I also tried setting up different AP profiles for different APs in the same office so that I can choose band and stuff like that. As soon as I do that the users complain about lots of issues. So for now I am running everything very "auto" which I think is weird that I need to do with expensive APs like this.
Please do help out. Even if it is telling me, stay away from FAPs. But if you have a working setup with at least 3 or more APs, how does your AP profile look and things like that.
Thanks, I really hope we can solve this, or I will have a lot of APs to exchange... that will be a big hit for my company, Something I dont think I deserve since I am just trusting my distributor and selling a brand I that thought did proper products.
PS. All my clients are Mac users if that helps in some way.
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
I have been working with FortiAP's and Fortigates for the past 2.5 years. It has been trying to say the least. I have over 100 of the 222B line (outdoor models), paired with 100D, 140D, 80CM, and 90D's.
Before 5.0 build 86, completely broken. Daily/nightly resets to try to get people working. Build 86, mostly stable with weird quirks, usually reset about every week or two. After build 86 (the newest build 98), I reverted back to 86 based on TACs recommendation because everything ground to a halt no matter how many soft resets we did. I wouldn't touch the 5.2.X line with a 10 foot pole (I will maybe try it around 5.2.8 or so).
The problem is there are some things that work absolutely great and other things that completely break the platform.
Resource provisioning - Does not work. I love seeing all 10 of my APs on site boot up and stay on Channel 1
Mesh Backhaul - Works great over 5ghz
AP Quality - Is hit or miss. Some units will drop and need to be powercycled. One month with zero resets and the next month 5 resets. I have begun to doubt their manufacturing source.
Multiple SSIDs - Despite what they say, putting on more than a few will cause you a lot of problems
Signal strength - Great
Single SSID Handoff between APs - Usually pretty good. I have watched a tech walk around and literally jump to different APs as he walked. The only problems you get here is the actual device itself refusing to switch
Working with Controllers - CAPWAP usually works pretty spot on. I do like the ease of pairing it with units, although my main gripe is that a WIFI unit has to use a tunnel SSID versus most of your actual AP's will benefit from bridge mode
Captive Portal with 3rd party radius- Only works with 5.2.X line on Fortigate - See above about firmware
We haven't given up yet, but hope for one day a good firmware without horrible broken bugs in it. I would like to setup a hospitality site without having to worry. After reading this forum I will be trying a couple tweaks but mainly waiting for Fortinet to put some time and effort into their firmware.
If your clients connect to an ap at the end of the building, it looks like your cells are overlapping way to much. Wifi cells should not overlap by more than 10%, radio provisioning can help if your wifi profile on the fgt has automatic power levels configured. If however the fgt has to power down the ap's to much it would indicate you have to much ap's and/or they are too close to each other. I can recommend performing a wifi survey to check on overlap.
Keep in mind that wifi problems in many cases are related to client issues: the client ultimately decides on which ap to connect, and how long it stays connected to that ap. You can "tweak" this a little on the fgt by configuring ap handoff, but if you have stubborn smartphones your in for a treat.
We have by now >2000 ap's deployed with our customers, all possible types and have little issues with these. Most issues we had were due to bad design (too few/many ap's) until we made wifi surveys mandatory, a few times a bug gave us some headaches. But mostly the issues are related to smartphones not wanting to connect (iPhones not accepting @ or * in a psk, clients refusing to roam even if signal strength is -85dbm, etc)
Johan Witters
Network & Security Engineer
FCNSP V4/V5
BKM NV
hey guys,
Yesterday we had the Campus meeting with ICT Team. They all complained about the disconnects and the bad performece after the Upgrade. We Upgraded the FW 300D (5.2.4 build 688) and the FAP to the new and v5.2-build0245! the performance is noticeably worser!
What is your advice? should i downgrade the FAP?
Guys need a solutions! quickly!
raffa
thanks in advanced Rafael
Hi Raffa,
It's difficult to give advice without digging into details. it might be related to your specific config/radio environment/user traffic etc since we have numerous customers using similar HW/SW combinations without issues. You can post some basic config related to wireless here if you don't mind. Otherwise, I suggest you open a Fortinet support ticket so our folks can better assist you.
Thanks
No channels selected? Do you have other APs/profiles?
Here are some thoughts.
FortiAP's have CPUs/Memory. You can check this by going directly to the IP address http://<ipaddress>
I have found that enabling the spectrum analyzer really eats CPU cycles and can have drastic effects.
Other thoughts
[ul]config wireless-controller timers[ul]
set darrp-optimize 28800
WiFI is an "art"... not an exact process. I've used hundreds of different wifi products and they all have their strengths/weaknesses. WiFi only thrives in mobile environments and it will never be as stable as an ETHERNET CABLE! ;)
Best Regards,
Chris
My settings are almost the exact same as Stephen's post above. 5.0.10-12, and build 86 on the AP. I've gone farther and done custom AP profiles for each and every AP on the network to control what channel and power it will broadcast on (based on a RF survey I can then assign accordingly for the best wireless coexistence), disabling radio resource provisioning. I have not played with the DARRP, but instead take the route of setting everything manually. If you have 1-3 AP's this may work, but I always go with wireless survey.
I'm in a situation a lot of the time where I have to use the mesh and utilize the backhaul as 5Ghz. Saying that, wireless coexistence is a high priority on my list. I stick with 20mhz channel width. Every wireless printer (even if hardwired), Dect6.0 phone, and who knows what else device is broadcasting on 2.4 or 5. Even when using the 5Ghz band for client side, I still stick with 20mhz, as the source feed is less than 50Mbps, so giving a wireless client a speed of 150-300Mbps is waste of airspace. The best way is to be efficient and use the medium to higher products with MIMO, unless you are in a small office spare area where you will never have more than 10 clients connected.
Watching your CPU and memory use is key. You have to remember that even though you have a max value table for most AP listing max clients as "50", rule of thumb is half what the manufacturer says. You have to factor that in if using mesh, as "root" radio will be doing double duty, processing its own clients, plus streaming from 1-3 other radios and their clients.
Do not try to do VOIP/SIP/HQ dedicated video conference over wireless unless it is a dedicated point to point link/AP to client connection. You will forever be troubleshooting why calls random cut in and out, or are "choppy"
Hi Anyone still experiencing this issues?
Yes, when you don't choose any channels, the FAP will select automatically a channel!
raffa
thanks in advanced Rafael
Hi Guys,
This problem I had some month ago.
Infrastructure:
#1 cluster of 2 fortigate 60D
#2 FortiAP 24D
After upgrade e downgrade of the firmware both fgt and fortiap the problem is the same. The support doesn't solve the problem...
When one day I set 100 MBps port of my switch (HP Gigabit), where is connected the fortiAP and the problem is solved it!!!
You try it!
---
Davide
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1733 | |
1106 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.