Documentation Downloads Knowledge How-To Hub Forums Cases Assets Warranty
Skip to main content
N
net_admin_elken
75 Points
100 Points

5 Messages

 • 

110 Points

Fri, Apr 2, 2021 8:08 AM

Slow in exiting to internet gateway after connected to AP while vSZ is in remote Cloud

I've been haunted by the issue as describe in the topic.
My company has recently migrated all of our vm servers to cloud. This includes our vSZ as well.
vSZ is behind a VM fortigate firewall .
Our APs are behind a switch and sophos xg firewall.
Both firewalls has an ipsec tunnel linked.

DHCP server was set on the core switch .
When endpoint devices connected to the SSID of the AP, it has no problem getting IP from the DHCP servers in less than a few seconds. However, it'll show no internet for 4-5 mins.
After sometime, it'll suddenly be with internet.
Although devices connected with the ssid retries connection, it'll immediately have internet connection.
Only for new devices, it'll have a 4-5mins issue without internet .

Anything i need to set on AP side or vSZ side ?

Question

 • 

Updated 

5 d ago

22

1

0

Responses

syamantak_omer

Official Rep

 • 

885 Messages

 • 

13K Points

9 d ago

Hi,

Please use troubleshoot utility in vSZ GUI and check the connection flow for a new client. It will help you to find if connection having any issues while connecting to wireless and get IP address.

I think issue could be related to DHCP.

Also confirm if force DHCP is enabled on WLAN settings.

Regards,

Syamantak Omer

7

0

net_admin_elken

5 Messages

 • 

110 Points

the column looks kind of vague. I pretty much assume the Client tries to sent something over to an imaginary AAA connection.
Anyway, this troubleshoot results was only shown after the device got itself registered to the wireless controller. Which is exactly after 5 mins later the device could get to internet.
Like i mentioned, all devices had this issue for the first time it's connected to the AP's SSID.
All devices have some sort of delay when trying to register itself first time to the wireless controller at the other end of the cloud's wireless controller.

Like

5 d ago

0

syamantak_omer

Official Rep

 • 

885 Messages

 • 

13K Points

I think this is the point where you may need to open a case with support for further troubleshooting.

or if you want to troubleshoot further without involving support then below are the possible next troubleshooting steps.

  • Setup AP for packet captures (this option is available on vSZ GUI).
  • Use APs wired port for the packet capture and add client's MAC in filter.
  • Setup capture on gateway as well, using port mirror or if it is firewall, then it should not be a difficult task.
  • Run two ping tests from test client, one for gateway IP and other one for any public website like google, etc.
  • Start packet captures on both ends and connect the test client.
  • Stop captures once client is able to reach internet.
  • Analyze/compare captures between AP - gateway and find out at what point traffic is dropping.

Regards,

Syamantak Omer

Like

5 d ago

0

Was this helpful?