This is something that has happened on my home and work network. Perhaps you set up a personal website on a raspberry pie that is inside your home network. You get everything up and running, you have destination NAT or port forwarding configured on your home router. You buy a domain and set up A-record with your home’s internet IP. Everything is great and you can access your website from the internet....
Asymmetric routing means that the request packets are sent to one gateway, but the response packets are received from another gateway, that is, the returning packets are taking a different path. Normally this wouldn’t be problematic as the end devices don’t really care about which gateway they receive the packets from. However, asymmetric routes become a problem when NAT is used or having a firewall in between the network. When a firewall receives a response packet that it’s unaware of the original flow, it may consider the response packet invalid and drops it....
On my previous post I wrote about how an unmanaged layer 2 switch is possibly the culprit of AP failures. My solution is to connect the APs directly into the Fortigate firewall. Since our topology is simple it only requires a simple solution. This post I will walk through that solution step by step. There is already an offical document from Fortinet on how to do so. However, it only explains how to connect 1 AP to the Fortigate....
I was troubleshooting the wireless network for a remote office because lot of users were complaining the WiFi is unstable and their devices got randomly disconnected. I checked the log and found out some APs are disconnected from the controller due to “Control message maximal retransmission limit reached”. And I came cross this document from Fortinet: https://kb.fortinet.com/kb/documentLink.do?externalID=FD40970 These messages imply that the keep alive packets ‘ECHO REQ (FGT)’ and ‘ECHO RESPONSE (FAP))’ were not successful or complete....