FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
vpatil
Staff
Staff
Article Id 193709
Description
This article describes how to interpret FortiWiFi or FortiAP various 'Health Status' reasons and the best practices to optimize 'Health Status' to ‘Good’.



Solution
FortiAP ‘Health Status’ reasons and their screenshots.
   

From GUI go to Managed APs, select the required FortiAP, select 'View More Details' to view summary of FortiAP health status as shown below inline:











1) AC daemon reset timer expired (Fair Health).
2) ECHO req is missing (Fair Health).
3) 80211 WLAN del error (Fair Health).
4) Control message max. re-transmission limit reached (Fair Health).
5) Connection Uptime (Fair Health).

Answer and best-practices.
All the above reasons are linked to FortiAP uplink connectivity/connection uptime and it implies that FortiAP connection with FortiGate is NOT stable, it is possible to incorporate below best-practices to mitigate such issues:

- Check if the Ethernet connection between FortiAP and FortiGate has any Network congestion/packet-loss/latency.
- Check if FortiAP uplink switchport is flapping or uplink Switch is rebooting/crashing or there’s STP loop in Network.
- For "ECHO req is missing" and "Control message max. re-transmission limit reached" try mitigation steps mentioned in the below KB link.
- Collect 'kp' and 'crash' command outputs from FortiAP CLI to validate if there’s any crash.
- Collect 'perf' command output from FortiAP CLI for about 5 consecutive times and check if FortiAP CPU/Memory utilization is constantly high causing FortiAP crash .
- Collect 'diagnose debug crashlog read' command output from FortiGate CLI – to verify if ‘cw_acd’ process is crashing/restarting automatically causing FortiAP connection issues.
- Check FortiAP ethernet port negotiated speed is greater than or equal to 1 Gbps speed for connection to be considered as ‘Good’. Collect 'wcfg | grep eth' or 'pbond' command outputs on FortiAP CLI to validate ethernet port speed.

6) Interfering FortiAPs (Poor Health).
7) Channel utilization (Fair Health).




Answer and best-practices: If FortiAPs are deployed without proper RF Survey, one may encounter such issues on WiFi and we can incorporate below best-practices to mitigate such issues:

- If the setup has more than 3 x FortiAPs then conduct proper RF Site Survey for best WiFi User experience.
- If neighbor FortiAPs or 3rd Party APs in the FortiAP vicinity are operating on same Channel as FortiAPs then it results in co-channel and adjacent channel interference issues, therefore ensure FortiAPs are operating on non-overlapping channel and enable DARRP feature, refer below link for more:
https://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-wireless-54/wifi-arrp.htm
- In the WiFi environment ensure there’s no non-WiFi Radio equipment such as Bluetooth/Cordless Phones/Microwave ovens/Radar System/Audio or Video Transmitter or Music Player with Antennas/Signal Jammer and other such units causing Interference on WiFi.
- If WiFi System is near Airport/Harbor/Military establishment – avoid using DFS channels on 5 GHz band.

Current Metrics (Tentative)

Overall FortiAP Health.

The 'Health' value of managed FAP is overall health status from 'WiFi Radios' and 'General Health':

1) Only when all health values are 'Good', the Health of managed FortiAP is 'Good'.
2) If there is at least one 'Fair' value in all, then the Health of managed FortiAP is 'Fair'.
3) If there is at least one 'Poor' value in all, then Health of managed FortiAP is 'Poor'.

Note.
The below numbers/values are tentative in nature and the values may change with newer firmware updates.

Country/Region code.
If Global/Profile country differs from FAP regulatory domain.

Channel Utilization.
0-30%: Good.
30-50%: Fair.
50-100%: Poor.

Clients.
0-20: Good.
20-35: Fair.
>35: Poor.

Interfering FortiAPs.
0-1: Good.
1-10: Fair.
>10: Poor.

CPU.
0-50%: Good.
50-90%: Fair.
90-100%: Poor.

Memory.
0-80%: Good.
80-90%: Fair.
90-100%: Poor.

Uptime.
> 1 day: Good.
< 1 day: Fair.

Connection Uptime.
> 1 day: Good.
< 1 day: Fair.

LAN Uplink connectivity.

 - Greater than or equal to 1Gbps negotiated speed is considered as GOOD.
 - Anything lower is considered FAIR.

WiFi.

 - 5 GHz band connection is considered GOOD.
 - 2.4 GHz band connection is considered FAIR.
 - Unused interfaces are greyed out to indicate non-availability.


Contributors