We're using Fortigate 7.0.12 and most of our FortiAPs are at version 7.0.0. Our main models are 421E and 221E. Our building has two floors. With two AP, on each floor located at the front corners. We've set specific channels and power levels. Everything was fine until this week.
Our Guest Wi-Fi (SSID) uses WPA2-Personal PSK.
Lately, we've noticed a problem. Some clients, like Windows, Android, and IOS devices, are having trouble finishing the 4-way handshake randomly. Looking at the logs, it seems like the AP and client start talking, but when the AP sends the first message in the 4-way handshake, the client doesn't respond. The AP tries three more times, but the client stays quiet. In the end, the client's device shows an authentication error, and our Fortigate log says there's a client-deauthentication error.
The weird part is, if we take the same device to another part of the building and connect to a different AP of the same model and firmware, it works fine.
This situation has us scratching our heads. We've heard about PMF, but our setup doesn't seem to have anything related to it. Any advice would be really helpful. Thanks
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
When you say everything was fine before, what was the last change before the issue started? Any firmware upgrade? Any config change?
No change or anything. It was first reported recently so I was just checking logs and noticed it.
Hi @robert_espi,
You can run the following debugs on the FortiGate (replace xx:xx:xx:xx:xx:xx with clients MAC address):
di deb res
diagnose wireless-controller wlac sta_filter xx:xx:xx:xx:xx:xx 255
diagnose debug console timestamp enable
diagnose debug enable
Regards,
Hey Robert - did you happen to find a resolution on this? Sitting in the same boat at the moment
Created on 07-01-2024 03:33 PM Edited on 07-01-2024 03:34 PM
Hi, there actually isnt a fix to this (that i know of). I had to find a work around, which was to create an automation stitch to reboot the APs every morning. Rebooting the AP resolved the issue, since then I haven't had this issue again ..If anyone finds a permanent fix, feel free to share.
Having the same issue with FAP 431G on 7.4.2. This happens every 2-3 months and our current workaround is a rolling reboot of all FAPs.
Also worth noting, the clients will continue to try to connect to a problematic AP even though an AP that is working normally is within range.
I have about 450 APs in my network (231F, 431F, 433F), the problem is only with 431F and 433F. According to Resolved issues for 7.4.3, the problem should have been solved. I report that the problem is not solved and restarting several tens of APs in continuous operation every few days is a bad solution in my opinion :(
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.