Fortinet black logo

FortiWiFi and FortiAP Configuration Guide

Home FortiAP / FortiWiFi 7.4.2 FortiWiFi and FortiAP Configuration Guide
7.4.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.1
7.2.0
7.0.4
7.0.2
7.0.1
7.0.0
6.4.6
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.2
6.2.0
6.0.5
6.0.4
6.0.3
5.6.4
5.4.3

Improve CAPWAP stability over NAT

Improve CAPWAP stability over NAT

To minimize downtime caused by unstable Network Address Translation (NAT) device networks, you can customize an interval at which keep-alive messages are sent from FortiAPs to their managing FortiGate. Once the keep-alive message is sent, FortiAPs will not disconnect from the FortiGate even if there is a session timeout configured on the NAT device. This improves CAPWAP stability for FortiAPs that are managed by a FortiGate behind a NAT device.

CLI syntax

config wireless-controller timers
  set nat-session-keep-alive <integer>
end

set nat-session-keep-alive

Maximal time in seconds between control requests sent by the managed WTP, AP, or FortiAP (0 - 255 seconds, default = 0).

To configure NAT session keep-alive message - CLI

  1. Configure the interval at which NAT session keep-alive messages are sent in seconds.

    config wireless-controller timers
  set nat-session-keep-alive 10
end

  2. Verify the configurations on the FortiAP.

    FortiAP-231F # cw_diag -c acs
WTP Configuration
    name                 : FortiAP-231F
    loc                  : N/A
    ap mode              : thin AP
    led state            : enable
    PWR LED state        : GREEN     REASON: ACS 0 changed in DATA_CHECK state.
    poe mode cal         : full
    poe mode oper        : full
    allowaccess          : 
    lldp enable          : enable
    extension info enable: enable
    radio cnt            : 3
    sta info             : 0/0
    echo-interval        : 30
    nat-sess-keep-alive  : 10
    keep-alive-interval  : 30
...

    From the cwWtpd deamon output, you can see that a FTNT_WTP_NOTIF message is sent every 10 seconds to keep the connection alive if there is no ECHO_REQ sent. The timer of FTNT_WTP_NOTIF is 10 seconds while the timer of ECHO_REQ is 30 seconds.

    [12/5/2023 7:17:46 PM] 15290.608 AC0     msgType       : 3163149 FTNT_WTP_NOTIF      0       10.40.29.57:5246
[12/5/2023 7:17:56 PM] 15300.609 AC0     msgType       : 3163149 FTNT_WTP_NOTIF      0       10.40.29.57:5246
[12/5/2023 7:18:02 PM] 15306.680 AC0     msgType       : 13 ECHO_REQ                 163     10.40.29.57:5246
[12/5/2023 7:18:12 PM] 15316.608 AC0     msgType       : 3163149 FTNT_WTP_NOTIF      0       10.40.29.57:5246
[12/5/2023 7:18:22 PM] 15326.609 AC0     msgType       : 3163149 FTNT_WTP_NOTIF      0       10.40.29.57:5246
[12/5/2023 7:18:32 PM] 15336.608 AC0     msgType       : 3163149 FTNT_WTP_NOTIF      0       10.40.29.57:5246
[12/5/2023 7:18:32 PM] 15336.677 AC0     msgType       : 13 ECHO_REQ                 164     10.40.29.57:5246
[12/5/2023 7:18:46 PM] 15350.609 AC0     msgType       : 3163149 FTNT_WTP_NOTIF      0       10.40.29.57:5246
Previous
Next

Improve CAPWAP stability over NAT

To minimize downtime caused by unstable Network Address Translation (NAT) device networks, you can customize an interval at which keep-alive messages are sent from FortiAPs to their managing FortiGate. Once the keep-alive message is sent, FortiAPs will not disconnect from the FortiGate even if there is a session timeout configured on the NAT device. This improves CAPWAP stability for FortiAPs that are managed by a FortiGate behind a NAT device.

CLI syntax

config wireless-controller timers
  set nat-session-keep-alive <integer>
end

set nat-session-keep-alive

Maximal time in seconds between control requests sent by the managed WTP, AP, or FortiAP (0 - 255 seconds, default = 0).

To configure NAT session keep-alive message - CLI

  1. Configure the interval at which NAT session keep-alive messages are sent in seconds.

    config wireless-controller timers
  set nat-session-keep-alive 10
end

  2. Verify the configurations on the FortiAP.

    FortiAP-231F # cw_diag -c acs
WTP Configuration
    name                 : FortiAP-231F
    loc                  : N/A
    ap mode              : thin AP
    led state            : enable
    PWR LED state        : GREEN     REASON: ACS 0 changed in DATA_CHECK state.
    poe mode cal         : full
    poe mode oper        : full
    allowaccess          : 
    lldp enable          : enable
    extension info enable: enable
    radio cnt            : 3
    sta info             : 0/0
    echo-interval        : 30
    nat-sess-keep-alive  : 10
    keep-alive-interval  : 30
...

    From the cwWtpd deamon output, you can see that a FTNT_WTP_NOTIF message is sent every 10 seconds to keep the connection alive if there is no ECHO_REQ sent. The timer of FTNT_WTP_NOTIF is 10 seconds while the timer of ECHO_REQ is 30 seconds.

    [12/5/2023 7:17:46 PM] 15290.608 AC0     msgType       : 3163149 FTNT_WTP_NOTIF      0       10.40.29.57:5246
[12/5/2023 7:17:56 PM] 15300.609 AC0     msgType       : 3163149 FTNT_WTP_NOTIF      0       10.40.29.57:5246
[12/5/2023 7:18:02 PM] 15306.680 AC0     msgType       : 13 ECHO_REQ                 163     10.40.29.57:5246
[12/5/2023 7:18:12 PM] 15316.608 AC0     msgType       : 3163149 FTNT_WTP_NOTIF      0       10.40.29.57:5246
[12/5/2023 7:18:22 PM] 15326.609 AC0     msgType       : 3163149 FTNT_WTP_NOTIF      0       10.40.29.57:5246
[12/5/2023 7:18:32 PM] 15336.608 AC0     msgType       : 3163149 FTNT_WTP_NOTIF      0       10.40.29.57:5246
[12/5/2023 7:18:32 PM] 15336.677 AC0     msgType       : 13 ECHO_REQ                 164     10.40.29.57:5246
[12/5/2023 7:18:46 PM] 15350.609 AC0     msgType       : 3163149 FTNT_WTP_NOTIF      0       10.40.29.57:5246
Previous
Next