Hi,
We want to replace our Fortinet AP FAP221C with something better. We have problems with Apple devices like iPhone and laptops they frequently disconnects from access points. Can someone recommend more reliable Fortinet model?
Thanks,
Aigars
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
You can use whatever AP you want really. FortiAP integrates directly to the Gate which is nice. The 221C is good for most home\business users. If you have a ton of clients (and I mean A TON) you can look at the 320/321 but it is usually too expensive and overkill for home use needs.
Mike Pruett
Hi Algars,
Can you post wireless related config here so we can see whether some parameters can be fine tuned?
Thanks,
Okay:
------------------------------------------------
config wireless-controller wids-profile edit "default-wids-apscan-enabled" set ap-scan enable set wireless-bridge enable set deauth-broadcast enable set null-ssid-probe-resp enable set long-duration-attack enable set invalid-mac-oui enable set weak-wep-iv enable set auth-frame-flood enable set assoc-frame-flood enable set spoofed-deauth enable set asleap-attack enable set eapol-start-flood enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-fail-flood enable set eapol-pre-succ-flood enable set eapol-pre-fail-flood enable next edit "default" set comment "default wids profile" set ap-scan enable set wireless-bridge enable set deauth-broadcast enable set null-ssid-probe-resp enable set long-duration-attack enable set invalid-mac-oui enable set weak-wep-iv enable set auth-frame-flood enable set assoc-frame-flood enable set spoofed-deauth enable set asleap-attack enable set eapol-start-flood enable set eapol-logoff-flood enable set eapol-succ-flood enable set eapol-fail-flood enable set eapol-pre-succ-flood enable set eapol-pre-fail-flood enable next end config wireless-controller wtp-profile edit "**********" config platform set type 221C end set ap-country US config radio-1 set band 802.11n-only set powersave-optimize no-11b-rate set auto-power-level enable set auto-power-high 20 set wids-profile "default" set darrp enable set frequency-handoff enable set vap-all disable set vaps "Guest" "TT***" set channel "6" end config radio-2 set band 802.11ac,n-only set short-guard-interval enable set channel-bonding 80MHz set auto-power-level enable set auto-power-high 18 set auto-power-low 7 set darrp enable set frequency-handoff enable set vap-all disable set vaps "TT****" "TT2*****" set channel "108" end next edit "TennantWifi" set ap-country US config radio-1 set band 802.11n-5G set channel-bonding 40MHz set vap-all disable set vaps "TT***" "TT2*****" set channel "36" "40" "44" "48" "149" "153" "157" "161" end config radio-2 set band 802.11n,g-only set vap-all disable set vaps "Guest" "TennantWifi" "TT****" "TT2*****" set channel "1" "6" "11" end next edit "Kitchen" config platform set type 221C end set ap-country US config radio-1 set band 802.11n-only set auto-power-level enable set wids-profile "default" set darrp enable set frequency-handoff enable set vap-all disable set vaps "Guest" "TT****" set channel "6" end config radio-2 set band 802.11ac,n-only set short-guard-interval enable set channel-bonding 40MHz set frequency-handoff enable set vap-all disable set vaps "TT****" "TT2*****" set channel "36" end next edit "Brrrrrr corner" config platform set type 221C end set ap-country US config radio-1 set band 802.11n-only set power-level 80 set wids-profile "default" set darrp enable set frequency-handoff enable set vap-all disable set vaps "Guest" "TT****" end config radio-2 set band 802.11ac,n-only set short-guard-interval enable set channel-bonding 40MHz set frequency-handoff enable set vap-all disable set vaps "TT****Sawyer" "TT****" set channel "44" end next edit "Finance corner" config platform set type 221C end set ap-country US config radio-1 set band 802.11n-only set power-level 82 set wids-profile "default" set darrp enable set frequency-handoff enable set vap-all disable set vaps "Guest" "TT****" end config radio-2 set band 802.11ac,n-only set short-guard-interval enable set channel-bonding 40MHz set frequency-handoff enable set vap-all disable set vaps "TT****" "TT****" set channel "60" end next end config wireless-controller wtp edit "FP221C3X14018643" set wtp-profile "Finance corner" config radio-1 end config radio-2 end next edit "FP221C3X14018541" set wtp-profile "Brrrrrr corner" config radio-1 end config radio-2 end next edit "FP221C3X14019457" set location "Kitchen" set wtp-profile "Kitchen" config radio-1 end config radio-2 end next end
I loved my 321C that I had deployed at my house. Pushed 50 or so of them to a university client as well and they have nothing but great things to say.
Mike Pruett
We have 221B and 221C in our office. One Macbook Air user keeps complaining frequent drops. But I haven't gotten any complaint so far from iPhone users yet.
The Macbook Air is regularly connected to 5GHz radio on 221C, while two more Win laptops are connected to the same radio with the same SSID, which never experienced the problem the Macbook user is experiencing.
I researched on Google and found similar symptoms but all seem to be related to Mac OS X side.
For the recommendation, I don't have anything else tested. But if you can afford I would recommend 3x3 MIMO models for better "air" performance.
How good are Aruba and Rokus working with Apple hardware?
Some general suggestions based on config
1) if WIDS is a function you need, you can consider to have some dedicated radios with mode set to monitor to do that. When radio is put into access point mode with WIDS enabled, it does off-channel scan while it serves client
2) if DFS channel is used, you can consider to add a couple of more channels in the available channel list just in case there is radar signal in that area which AP has to wait until it can use that channel. During that time, there might be a coverage hole
3) When DARRP is enabled on AP and it decides to change channel, AP will send a standard channel switch announcement frame to let clients know. Some apple clients don't take that well. The symptom could be the wireless icon showing connected/greyed out. To workaround the issue, you can use fixed channels as you did for some of your APs or enable DARRP with an off-hour schedule
4) not sure about your VAP config. If you by any chance use enterprise mode, please disable gtk/ptk rekey or set it to a longer duration. Some clients don't work well with that either.
If you still have issues after considering above, I suggest open a support ticket with Fortinet TAC who can help take a further look at your particular deployment such as network topology/radio environment/broadcast-multicast traffic volume etc.
Thanks
I have no knowledge of either situation. I don't have any Apple devices myself.
I don't want to discourage anybody but with my experiences I have to be very patient to work with TAC for WiFi related issues(FAPs, FWFs), compared to the patience to take when I open cases for other FW/routing issues with FGs.
When I complained about it to one of Wireless SEs, he mentioned they were working on org change to make their support team closer to development/SE teams to provide better support. Hoping it would happen in Q1 or Q2 this year.
Avoid using 2.4 GHz channel 1 with Apple devices. Especially in the later iPads, the chipset freaks out when using channel 1. Dropping connections, authenticating correctly and then going offline/not receiving an IP, ...
I'm running 2 FAP-221C at home and use 2 Macbooks, 2 iPads and an iMAc without issues, but had to disable channel 1. There are several posts out there but Apple is ignoring the message...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1663 | |
1077 | |
752 | |
446 | |
220 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.