FortiAP Deployment - opinions on a hardware refresh

Jump to latest Follow Reply
O

oikjn

Ars Scholae Palatinae
969
Subscriptor++
  • #1
    Is anyone here using and happy with a FortiAP deployment in their environment? We are using them, but they are all very old 231C and C24JE units. They are setup managed by the firewall in tunnel mode. I can't say I love the performance or roaming experience, but I don't know if that is just a function of them being really old and unable to update past v6.0.x and 5.4.x firmwares . This hasn't really been an issue at the moment because the wifi is just a courtesy for employees (no customer's in the area), but we are looking at going digital with our paperwork and adding a bunch of tablets and I want those to work without issue. My thought is that I would like to put in either 6E or 7 if possible just because I assume whatever we put in will be there for a decade like the 231C units already in their place, but it seems like that wifi7 equipment is rather limited. I can wait a bit before purchasing, but wanted the Hive-mind's thoughts on current FortiAPs in general and second what they would rather do.

    We only have a little over a dozen APs and its only covering maybe 100 devices, but its an industrial building with high power and thick internal walls which break up transmission pretty effectively. Most current devices are iPhones / iPads and in the future I assume something like a Zebra tablet or other handheld device. Nothing fancy on wifi security right now and I expect minimal change on that other than having the devices have highly limited local access and just internet access through that tunnel. I was thinking of also looking at the aruba instanton devices as an alternative, but if there virtually equivalent and there is no compelling reason to switch, then I'd sooner stick to a single management window for everything.
     
    Paladin

    Paladin

    Ars Legatus Legionis
    32,552
    Subscriptor
  • #2
    Wifi is wifi. I would concentrate more on your management and gateway needs as a first concern.

    What I mean is that if you have a Fortigate now and you intend to keep it but replace the wifi APs then you likely might as well go with more that integrate with your desired gateway security device. Single pane of management is nice and integrated security is nice.

    Aruba doesn't have a firewall/router option as far as I have seen so you're looking at 2 management interfaces, 2 places to sort out blame when something goes wrong.

    As for the differences, your 'C' generation APs are 802.11AC Wave 1 capable, which is as you say, about 10 years old now. Most consumer devices are still AC or AX capable. AX access points will be very viable for your needs for a long time, I would guess, unless you intend to have a LOT of devices in use at the same time. Even then, enterprise level access points can usually support between 100 and 200 devices per AP and your physical environment probably needs one AP per 'room' since 5 Ghz and 6 Ghz will penetrate pretty terribly given your description.

    Fortinet has or will shortly have Wifi 7 access points if you prefer to go for those. One of the major benefits of Wifi 7 is the ability to use more than one radio channel at the same time to enhance performance. You probably don't need that. You just need a lot of APs for basically line of site coverage in your segmented areas.


    Nothing wrong with getting the current 6e ones or waiting for the 7 ones. Depends on budget really, I would guess the slightly older gen ones will be much cheaper than the latest.
     
    O

    oikjn

    Ars Scholae Palatinae
    969
    Subscriptor++
  • #3
    @Paladin Thanks. I agree the single pane is a nice benefit, but I'm also hoping that if done correctly, the wifi level isn't something I should need to be actively managing nearly to the level I get into at the firewall. The FortiAP series appears to be at pretty high premium price compared to the InstantOn series and others and I'd be ok with that if there was that good solid performance with that single management pane. I can say right now with the old generation gear, that it is definitely frustrating at times where things like AP handoff when moving between rooms is generally terrible to the point most devices show a loss of signal and then a few seconds to reconnect. The software config through the firewall is pretty basic and anything that is "advanced" in settings or functionality is rather a pain if you are trying to troubleshoot anything. Thats all good when it just works, but at least with the old devices I can see definite room for improvement. If Aruba performs better and is reliable on its own, I'd take having one more management interface to learn and deal with if I really don't NEED to be in it much after initial setup. #1 priority here is making sure the user experience is good followed slightly behind with price. When we do bring devices onto the shop floor I can't have lots of pissed off people complaining that their devices aren't working as I know the change of going from paper to handheld is going to have its own resistance already.
     
    Paladin

    Paladin

    Ars Legatus Legionis
    32,552
    Subscriptor
  • #4
    I would setup a 'bake off' with Aruba and Fortigate, in that case. Tell a sales rep from each that you are looking for a build out and the number of APs, switches, and PoE equipment you anticipate needing and then ask them why you should prefer their solution over the other and which will be easier to tune to fit your needs. The idea of being able to walk from room to room with a seamless roaming experience despite those rooms being each built as a kind of signal blocking exercise will be a bit of a tough thing to handle out of the box. They/you will need to spend a lot of time on tuning the setup for proper power levels, features for improved handoff (802.11r and 802.11k etc.), and testing. The devices you intend to use with it will make a difference too. If you get to choose mainstream mobile devices (apple or samsung or whatever recent model devices) then you should be all set but if you have to use special devices from a specialized provider (meaning: old, outdated but hardened devices [they come in a rubber case basically]) then things are much harder because they might not even support 802.11AC or whatever.

    If you let them know you are comparing the 2 options, they should improve their prices, and try to help you understand why their solution is better at meeting your needs. Just get it all in writing. ;)
     
    • Like
    Reactions: tiredoldtech
    Paladin

    Paladin

    Ars Legatus Legionis
    32,552
    Subscriptor
  • #6
    Maybe but not from the manufacturer directly I would guess. Probably a systems integrator or VAR of some kind. If you can find someone who sells both, they might be able to give you help on picking one over the other or you can find 2 VARs to bounce off each other if they each prefer one platform over the other.

    Remember that 5 ghz and even more so for 6 ghz, wall penetration is very poor and metal penetration is basically zero so you might need a lot of APs depending on the number of places you need to provide service.
     
    O

    oikjn

    Ars Scholae Palatinae
    969
    Subscriptor++
  • #8
    ahmerali said:
    Even the Wifi 6 APs are nice in my opinion. We just deployed five for a customer in their warehouse, where previously they had 17 of the older (but not as old as yours) generation and were getting spotty coverage. No complaints since we replaced the five with the newer ones.
    Click to expand...
    Thanks. That is nice to hear.
     
    O

    oikjn

    Ars Scholae Palatinae
    969
    Subscriptor++
  • #10
    well... given I currently have 221C units that are 9+ years old, I'm going to say that I don't expect another major hardware refresh for at least 5-6 years unless there is something highly compelling reason to change.

    I have a call in for Aruba to see how that will look. I'm hesitant about the instantOn, but its cheap enough, I might get 3-5 as a trial to just play around with. Damn unifi just released all their wifi7 gear and that looks soooo tempting on paper, but...:cautious:

    Fortinet was not "interested" in our project either because its too small or they assume they have lock-in advantage. Their "tradeup discount" was a joke of maybe 5% and at 10k+ for the 6E APs before annual support, its really hard to make the case for it when the actual experience with them is that APs are a secondary function to their core "competencies"
     
    You must log in or register to reply here.
    Jump to latest Follow Reply
    Jump to latest Follow Reply