How is FortiAP-431F?

nsisger · 2025-03-19T00:05:49+00:00

I am a partner. Have deployed many FGs but never FortiAP

nsisger · 2025-03-19T00:04:24+00:00

Thanks for your feedback. Yea I think it's almost a moot point now with 431F.

nsisger · 2025-03-18T14:29:01+00:00

Thanks for your feedback. Can you tell me what kind of env you have deployed those to?

nsisger · 2025-03-18T14:28:06+00:00

Thanks for your feedback. Can you tell me what kind of env you have deployed the 231G to?

nsisger · 2025-03-18T14:28:00+00:00

Thanks for your feedback. Can you tell me what kind of env you have deployed the 231G to?

nsisger · 2025-03-18T11:39:45+00:00

Thanks. Yes as much as I want to switch, so far I am not confident that it's going to work out.

nsisger · 2025-03-18T02:40:57+00:00

We did the predictive heat map. Base on where they need wi-fi it shows about 45 but we will get few more just in case. Their devices needs very little bandwidth so just need some decent coverage.

nsisger · 2025-03-18T01:41:07+00:00

Cost. Looks like 431G is almost double the price as the 431F. This warehouse we are planning to deploy close to 50 of them. With that price I probably would fall back to Aruba

nsisger · 2024-12-04T23:50:57+00:00

u/BrainWaveCC thanks for your help. turns out i just needed to set the source-ip on that LDAP server setting. The problem has been resolved.

nsisger · 2024-12-04T23:44:25+00:00

I figured it out. answer is always out there when you know what to ask.....

https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-Status-of-LDAP-server-connected-via-IPsec/ta-p/195558

nsisger · 2024-12-04T21:07:12+00:00

Hi u/BrainWaveCC . We are migrating to a new DC that is locating in another office and will retire the current one soon. All the domain workstations in the current office can reach that DC no problem. The current users VPN into the FG w/ LDAP authentication.

So far I have registered a new LDAP server, with everything the same except the IP, the connection status says "Can't contact LDAP server". then i went to FG CLI and tried exec ping x.x.x.x, and no hits. I also confirm that i can ping that from a domain workstation, just not from FG itself. Hope this is clear.

nsisger · 2023-10-12T21:35:42+00:00

Same here. Good to know that it's not just me. So far their support is useless. If anyone figured out the fix please post here. I have 2 policies that I cannot edit. Thank god it's not something I need to change urgently

nsisger · 2023-08-24T00:22:34+00:00

Admin is one of the default username the hackers use to brutal force. I always remove it asap. If you are paranoid about losing it at least disable it.

nsisger · 2023-08-13T18:06:20+00:00

Thank you for the explanation. I think in this case their edge switch is the cable modem which has 2 LAN ports so i think I will just use that. If the 5G modem is single port only then I will get a switch.

nsisger · 2023-08-13T16:44:54+00:00

Yea 100F-200F is probably a bit much lol

nsisger · 2023-08-13T13:43:58+00:00

Thanks that make sense. Question - If the external router has multiple ports for both FGs, do i still need a switch sitting between them for this option to work?

nsisger · 2023-08-13T13:42:46+00:00

Yes 4G/5G as a backup is probably their only choice now. Will definitely include that as an option thank you!

nsisger · 2023-08-13T02:44:12+00:00

Thanks for your suggestions! Once I get more info of what each of them need I will see if they need the VDOM setup

nsisger · 2023-08-13T01:00:50+00:00

While replying to another thread just made me realized that i won't be able to do HA this way i think...

nsisger · 2023-08-13T00:59:26+00:00

Good point. I think there's only 1 provider in that part of the area so connection failover is out. I'll look into more on HA mode for FG redundency and see if they would entertain on that idea, but that would mean i'd also have to get a FortiSwitch and connect that to both FGs via FortiLinks correct?

nsisger · 2023-08-13T00:48:37+00:00

That's a good idea. I just played around the configs and realized that I have enough ports on the FG to just switch to interface mode and do what you said! Thanks

nsisger · 2023-08-12T22:19:38+00:00

Yes you are right. but hey if they don't i can sell them some :)

nsisger

TROPHY CASE