cancel
Showing results for 
Search instead for 
Did you mean: 

Slow in exiting to internet gateway after connected to AP while vSZ is in remote Cloud

net_admin_elken
New Contributor

I've been haunted by the issue as describe in the topic.
My company has recently migrated all of our vm servers to cloud. This includes our vSZ as well.
vSZ is behind a VM fortigate firewall .
Our APs are behind a switch and sophos xg firewall.
Both firewalls has an ipsec tunnel linked.

DHCP server was set on the core switch .
When endpoint devices connected to the SSID of the AP, it has no problem getting IP from the DHCP servers in less than a few seconds. However, it'll show no internet for 4-5 mins.
After sometime, it'll suddenly be with internet.
Although devices connected with the ssid retries connection, it'll immediately have internet connection.
Only for new devices, it'll have a 4-5mins issue without internet .

Anything i need to set on AP side or vSZ side ?

14 REPLIES 14

Image_ images_messages_606bde8f6520893fc15d4a38_538b819b63258a33a7031dfcf60b06b1_AAA-2d87a85c-dba9-4286-85c2-e048dd572f57-519435148.JPG


I did some basic troubleshooting.
I'm not sure is this the cause of problem.
It's referring to an AAA server.
Despite we don't have any radius server.

Client connection to WiFi looks good to me, at least as per above screenshot.

Info tag is not on AAA but on DHCP.


Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn

the column looks kind of vague. I pretty much assume the Client tries to sent something over to an imaginary AAA connection.
Anyway, this troubleshoot results was only shown after the device got itself registered to the wireless controller. Which is exactly after 5 mins later the device could get to internet.
Like i mentioned, all devices had this issue for the first time it's connected to the AP's SSID.
All devices have some sort of delay when trying to register itself first time to the wireless controller at the other end of the cloud's wireless controller.

I think this is the point where you may need to open a case with support for further troubleshooting.

or if you want to troubleshoot further without involving support then below are the possible next troubleshooting steps.

  • Setup AP for packet captures (this option is available on vSZ GUI).
  • Use APs wired port for the packet capture and add client's MAC in filter.
  • Setup capture on gateway as well, using port mirror or if it is firewall, then it should not be a difficult task.
  • Run two ping tests from test client, one for gateway IP and other one for any public website like google, etc.
  • Start packet captures on both ends and connect the test client.
  • Stop captures once client is able to reach internet.
  • Analyze/compare captures between AP - gateway and find out at what point traffic is dropping.

Syamantak Omer
Sr.Staff TSE | CWNA | CCNA | RCWA | RASZA | RICXI
RUCKUS Networks, CommScope!
Follow me on LinkedIn

I've been checking with the vendor and ruckus support as well.
Seems both could not find the problem. Vendor seems to believe the firewall and switch is the culprit. While ruckus support trying to check on the logs for the source of problem. The wireless controller itself wasn't able to the capture sufficient evidence of the root problem.

So far base on tones of implementations out there ?
Isn't there anyone facing the same issue ?
I believe it's quite common to have a wireless controller in cloud servers while the AP were in a remote office location these days.

Noone face that issue ? I've found that Wireless devices connected to the SSID doesnt have issue getting an IP .
However after connected, it'll be connected without internet for 2mins . After 2 mins, there'll be internet access.
This only applies to devices that go onto the SSID for the first time.
After that, the devices that reconnect to the same SSID do not have the issue.