Products
Fortinet FortiAP 431F
This high throughput enterprise class 802.11ax indoor AP provides three radios and 8 spatial streams. This top-of-the line access point supports OFDMA, a 2.5 Gigabit Ethernet port, plus an additional 1 Gbps Ethernet port for PoE diversity. The AP can provide 24/7 scanning across both bands while still providing access on both the 2.4 and 5 GHz bands. The integrated BLE radio can be used for beacons and locationing applications.
- Unified management console simplifies operations, ensuring consistency in effective policy enforcement and compliance.
- Wireless LAN security done right, from the leader in network security. Integrated Firewall, IPS, Application Control, and Web Filter protect the wireless LAN from the latest security threats.
- Protects the network from advanced wireless threats and satisfies PCI DSS compliance.
Key Features:
- 802.11ax
- Tri-Radio 2.4 GHz + 5 GHz + scanning
- 5 Internal/External Antennas
- 4×4 MU-MIMO
- Up to 1,147 Mbps + 2,402 Mbps
Fortinet FortiAP-U431F and FortiAP-U433F indoor access points are 802.11ax, 4×4 MIMO, triradio, dual band (2.4GHz/5GHz) access points and are compliant with the IEEE 802.3at PoE specifications. These access points are delivered with dual redundant PoE Ethernet ports and ten internal and external antennas respectively.
Note: FAP-U43xF access points are NOT compliant with IEEE 802.3af PoE specifications. If the FAP-U detects an 802.3af power source, the radios will be disabled.
FortiAP-U43xF supports configuring two radio interfaces in the 5GHz band. This option is supported for FAP-U43xF ONLY and is disabled by default;
The FAP supports MCA (Multi-Channel architecture) deployment options, such as MCA with ARRP (Auto Radio Resource Provisioning). The APs are designed to meet the requirements for even the most challenging deployment scenarios, ) providing greater bandwidths in high density networks and enhancing user experience in data, voice, and video applications in enterprise class deployments.
The FAP-U43xF is compatible with FortiWLC enterprise wireless LAN controllers, integrated FortiGate enterprise firewall LAN controllers, and FortiAPCloud management platform.
The FAP-U43xF radios include the following capabilities:
- Supports Universal Access
- Management from on-premise to cloud management
- IEEE 802.11a/b/g/n/ac/ax compliant, 20/40/80/160 MHz channels DL and UL OFDMA.
- 802.11ax technology with data rates of up to 4.8 Gbps (4809.3Mbps MCS11 4×4 160Mhz).
- 4×4 MU-MIMO (up to 4 streams) technology improves client throughput and range
- Modulation up to 1024 QAM
- Integrated with Fortinet Security Fabric
Ethernet Ports
- Supports two Gig-E ports, labeled LAN1 and LAN2
- Auto-negotiation supported
- LAN1 2.5G & LAN2 1GEthernet Port (RJ-45) Gigabit Ethernet port with Power over Ethernet (PoE)
- Console Port (RJ-45) – Optional management computer connection. Provides access to the
Command-Line Interface (CLI) - LACP supported (static Link aggregation not supported).
Power
- 802.3at (25 Watts)
- External power supply: 12V/3A DC
- Power consumption: 23.6 Watts
Supported Controller Types
FAP-U433F and FAP-U431F are compatible with FortiWLC enterprise wireless LAN controllers, integrated FortiGate enterprise firewall LAN controllers, and FortiAPCloud management
platform.
- If FortiWLC controller is discovered, the unit continues booting up with the default FortiWLC
image. - If the FortiGate controller or the FortiAPCloud management platform is discovered, the unit
reboots with the FortiAP image.
FortiAP 431F |
|
Hardware | |
Hardware Type | Indoor AP |
Number of Radios | 3 + 1BLE |
Number of Antennas | 5 Internal + 1 BLE Internal |
Antenna Type and Peak Gain |
PIFA : 4 dBi for 2.4 GHz , 5 dei for 5 GHz |
Frequency Bands ( GHz ) * | 2.400-2.4835 , 5.150-5.250 , 5.725-5.850 |
Radio 1 Capabilities | Frequency Band 2.4 GHz Channel width: 4×4 20/40 MHz Modulation: BPSK, QPSK, QAM64, QAM256, and QAM1024 MIMO chains: 4×4 service |
Radio 2 Capabilities | Frequency Band: 5.0 GHz Channel width: 4×4 20/40/80MHz and 2×2 160MHz contiguous Modulation: BPSK, QPSK, QAM64, QAM256, and QAM1024 Mimo chains: 4×4 service |
Radio 3 Capabilities | Frequency band: 2.4/5.0 GHz MIMO chains: 1×1 frequency scanning |
Maximum Data Rate | Radio 1 : up to 1147 Mbps Radio 2 : up to 2402 Mbps Radio 3 : scan only |
Bluetooth Low Energy Radio | Bluetooth scanning and iBeacon advertisement @ 6 dBm max TX power |
Interfaces | 1x 100/1000/2500 Base-T RJ45, 1 x 10/100/1000 Base-T RJ45, 1x Type A USB, 1x RS-232 RJ45 Serial Port |
MDI / MDIX | Supported |
Simultaneous SSIDS | Up to 16 (14 if background scanning enabled) |
EAP Type ( s ) | EAP-TLS, EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2, PEAPv1/EAP-GTC, EAP-SIM, EAP-AKA, EAP-FAST |
User / Device Authentication | WPA™, WPA2™, and WPA3™ with 802.1x or Preshared key, WEP, Web Captive Portal, MAC blocklist and allowlist |
Maximum Tx Power ( Conducted ) |
Radio 1: 2.4 GHz 24 dBm / 251 mW (4 chains combined)* Radio 2: 5 GHz 23 dBm / 200 mW (4 chains combined)* Radio 3: NA |
Kensington Lock | Yes |
IEEE Standards | 802.11a, 802.11b, 802.11d, 802.11e, 802.11g, 802.11h, 802.11i,802.11j, 802.11k, 802.11n, 802.11r, 802.11u, 802.11v, 802.11w, 802.11ac, 802.11ax (Wi-Fi 6), 802.1Q, 802.1X, 802.3ad, 802.3af, 802.3at, 802.3az, 802.3bz |
SSID Types Supported | Local – Bridge , Mesh , Tunnel |
Per Radio Client Capacity | 512 per Radiol and Radio2 |
Cellular Co – existence | Yes |
Reset Button | Yes |
LED Off Mode | Yes |
Advanced 802.11 Features | |
OFDMA | Yes ( UL and DL ) |
2.4 GHz OFDMA | Yes |
Spatial Reuse ( BSS Coloring ) |
Yes |
HE – MU – MIMO | Yes |
UL – MU – MIMO 802.11ax mode |
Yes |
DL – MU – MIMO | Yes |
Enhanced Target Wake Time ( TWT ) |
Yes |
ZeroWait DFS / Agile DFS | No |
Wireless Monitoring Capabilities | |
Rogue Scan Radio Mode | Background , Dedicated |
WIPS / WIDS RAdio Modes | Background , Dedicated (Recommended) |
Packet Sniffer Mode | Yes |
Spectrum Analyzer | Yes |
Dimensions | |
Length x Width x Height | 8.27 x 8.27 x 2.22 inches (210 x 210 x 56.5 mm) |
Weight | 2.16 lbs ( 0.98 kg ) |
Package ( shipping ) Weight | 3.97 lbs ( 18 kg ) |
Accessories | |
Mounting Options | Ceiling , T – Rail , and Wall |
Included Accessories | Mount kit for Ceiling , T – Rail and Wall |
Power Supply | SP – FAP400 – PA – XX or GPI – 130 |
Optional Antennas ( Professional Installer Required for FCC domains ) |
N / A |
Environment | |
Power Consumption ( Max ) | 24.5 W |
PoE Mode | 802.3at PoE default 1 port powered by 802.3at or 2 ports powered by 802.3af – Full System functionality + USB support 1 port is connected to 802.3af – No USB support, Operate in 2×2 mode with reduced power R1/R2 17dBm(Tx power) |
Humidity | 5-90 % Non – Condensing |
Operating / Storage Temperature |
32–113°F (0–45°C) / -31–-94°F (-35–70°C) |
Directives | Low Voltage Directive . RoHS |
UL2043 Plenum Material | No |
Mean Time Between Failures |
> 10 Years |
IP Rating | – |
Surge Protection Built in | No |
Hit – less PoE Failover | Yes |
Certifications | |
Wi – Fi Alliance Certified | Yes ( includes Passpoint ) |
DFS | FCC , IC , CE , Japan , Brazil and Taiwan |
Warranty | |
Limited Lifetime Warranty | Yes |
802.11ax Deployment
The FAP-U43xF are backward compatible with 802.11ac, 802.11a/n and 802.11b/g/n clients, so you can upgrade your network today, and the existing client base will work with the new FAP-U43xF. Fortinet provides solutions for multi-channel architecture. Enterprises can add the FAP-U to their existing network to support additional capacity as part of their existing deployment. However, there are recommended best practices for operating a network that includes both 11n and 11ac APs.
WLAN Controller
Customers are required to upgrade the controller software, FortiWLC (SD) to version 8.5.1 or later to support the FAP-U43xF.
FAPs support two data plane modes, bridged and tunneled. In bridged mode, also known as the remote AP mode, the data traffic from the client is bridged locally at the access layer or edge switch. Control and AP management traffic is still sent between the AP and the controller in bridged mode. In tunneled mode, all data, AP management, and control traffic is passed through the controller.
Clients per AP
The BYOD phenomenon has changed the enterprise network landscape and has forced IT managers to plan ahead for all types of user-owned mobile devices. BYOD typically means client densities are increasing, as it is not unusual for users to carry two or three WLAN-capable devices at a time. With BYOD, the client count per AP/radio has continued to rise, as one would expect. What follows are some general client density guidelines for the FAP-U43xF.
• Maximum ESS profiles supported – 8/radio
• (ARRP enabled) Maximum number of clients supported – 512 clients/radio
• (ARRP disabled) Maximum number of clients supported – 170 clients/radio The actual number of clients recommended per radio depends on number and types of applications in use, SLAs, client types, etc
Security Profiles
To ensure that you are benefiting from the VHT data rates available in 11ax, your security policies need to be configured to use WPA2 with AES-CCMP. The AES-CCMP requirement is part of the 11ax specification.
Signal Strength
The recommendation for 11n networks is typically that AP signal strength be -65 dBm or greater everywhere that Wi-Fi service is required for voice or video. This recommendation is influenced by the knowledge that 11n uses highest modulation rate of 64-QAM.
With 11ax/ac, a higher signal strength is required to achieve the highest modulation rate of 1024-QAM. This is because 256 and 1024-QAM employs a much denser constellation than 64-QAM, which makes data corruption more likely at lower signal strength when using 256 and 1024-QAM. How much higher signal strength is required depends mainly on channel width. Wider channels will require higher signal strengths to achieve 1024-QAM rates.
For networks using 80 MHz channels, the widest channel width used in Wave 2 APs, a signal strength of approximately -51 dBm or greater is required to support 1024-QAM. For 40 MHz channels, a signal strength of approximately -54 dBm or greater is required to support 1024- QAM.
SNR
Another important metric to consider when building a wireless network is the signal to noiseratio (SNR). With 11n networks, an SNR of 28dB or greater is often recommended, particularly if voice and/or video applications are present. Although this recommendation still applies for 11n clients running on 11ac networks, for 11ac clients to achieve their highest possible data rates, the SNR should be greater than 32dB. For 11ax clients an SNR of -35dBm is recommended.
Switch and PoE Guidelines
In this section, we will provide recommendations for switching and PoE capabilities.
FAP- 431F
The recommendation is to boot up the AP on the 2.5G port to gain the 11ax data rates.
Controller
As mentioned previously, if the data plane is configured for tunneled mode, a 10G uplink from the controller to the connecting switch is recommended, as all data plane traffic will need to pass through the controller’s Ethernet port/s. A 10G uplink can be used for bridged mode deployments as well, but since all data plane traffic avoids passing through the controller’s Ethernet port/s, a 1G controller uplink port will most often be more than adequate for bridged mode deployments.
PoE
FAP-U43xF requires approximately 25W (802.3at) static power supply. Customers that currently have 802.3af power will need to upgrade to 802.3at power. If the FAP-U detects an 802.3af power source, the radios will be disabled. The LAN1 and LAN2 ports are for uplink.
It is recommended to enable LLDP on the switch.
- Overview
-
Fortinet FortiAP-U431F and FortiAP-U433F indoor access points are 802.11ax, 4×4 MIMO, triradio, dual band (2.4GHz/5GHz) access points and are compliant with the IEEE 802.3at PoE specifications. These access points are delivered with dual redundant PoE Ethernet ports and ten internal and external antennas respectively.
Note: FAP-U43xF access points are NOT compliant with IEEE 802.3af PoE specifications. If the FAP-U detects an 802.3af power source, the radios will be disabled.
FortiAP-U43xF supports configuring two radio interfaces in the 5GHz band. This option is supported for FAP-U43xF ONLY and is disabled by default;
The FAP supports MCA (Multi-Channel architecture) deployment options, such as MCA with ARRP (Auto Radio Resource Provisioning). The APs are designed to meet the requirements for even the most challenging deployment scenarios, ) providing greater bandwidths in high density networks and enhancing user experience in data, voice, and video applications in enterprise class deployments.The FAP-U43xF is compatible with FortiWLC enterprise wireless LAN controllers, integrated FortiGate enterprise firewall LAN controllers, and FortiAPCloud management platform.
The FAP-U43xF radios include the following capabilities:
- Supports Universal Access
- Management from on-premise to cloud management
- IEEE 802.11a/b/g/n/ac/ax compliant, 20/40/80/160 MHz channels DL and UL OFDMA.
- 802.11ax technology with data rates of up to 4.8 Gbps (4809.3Mbps MCS11 4×4 160Mhz).
- 4×4 MU-MIMO (up to 4 streams) technology improves client throughput and range
- Modulation up to 1024 QAM
- Integrated with Fortinet Security Fabric
Ethernet Ports
- Supports two Gig-E ports, labeled LAN1 and LAN2
- Auto-negotiation supported
- LAN1 2.5G & LAN2 1GEthernet Port (RJ-45) Gigabit Ethernet port with Power over Ethernet (PoE)
- Console Port (RJ-45) – Optional management computer connection. Provides access to the
Command-Line Interface (CLI) - LACP supported (static Link aggregation not supported).
Power
- 802.3at (25 Watts)
- External power supply: 12V/3A DC
- Power consumption: 23.6 Watts
Supported Controller Types
FAP-U433F and FAP-U431F are compatible with FortiWLC enterprise wireless LAN controllers, integrated FortiGate enterprise firewall LAN controllers, and FortiAPCloud management
platform.- If FortiWLC controller is discovered, the unit continues booting up with the default FortiWLC
image. - If the FortiGate controller or the FortiAPCloud management platform is discovered, the unit
reboots with the FortiAP image.
- Specification
-
FortiAP 431F
Hardware Hardware Type Indoor AP Number of Radios 3 + 1BLE Number of Antennas 5 Internal + 1 BLE Internal Antenna Type and Peak
GainPIFA : 4 dBi for 2.4 GHz , 5
dei for 5 GHzFrequency Bands ( GHz ) * 2.400-2.4835 , 5.150-5.250 ,
5.725-5.850Radio 1 Capabilities Frequency Band 2.4 GHz
Channel width: 4×4 20/40 MHz
Modulation: BPSK, QPSK, QAM64, QAM256, and QAM1024
MIMO chains: 4×4 serviceRadio 2 Capabilities Frequency Band: 5.0 GHz
Channel width: 4×4 20/40/80MHz and 2×2 160MHz
contiguous
Modulation: BPSK, QPSK, QAM64, QAM256, and QAM1024
Mimo chains: 4×4 serviceRadio 3 Capabilities Frequency band: 2.4/5.0 GHz
MIMO chains: 1×1 frequency scanningMaximum Data Rate Radio 1 : up to 1147 Mbps
Radio 2 : up to 2402 Mbps
Radio 3 : scan onlyBluetooth Low Energy Radio Bluetooth scanning and iBeacon advertisement @ 6 dBm
max TX powerInterfaces 1x 100/1000/2500 Base-T RJ45,
1 x 10/100/1000 Base-T RJ45,
1x Type A USB, 1x RS-232 RJ45 Serial PortMDI / MDIX Supported Simultaneous SSIDS Up to 16 (14 if background scanning enabled) EAP Type ( s ) EAP-TLS, EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2,
PEAPv1/EAP-GTC, EAP-SIM, EAP-AKA, EAP-FASTUser / Device Authentication WPA™, WPA2™, and WPA3™ with 802.1x or Preshared key,
WEP, Web Captive Portal, MAC blocklist and allowlistMaximum Tx Power
( Conducted )Radio 1: 2.4 GHz 24 dBm / 251 mW (4 chains combined)*
Radio 2: 5 GHz 23 dBm / 200 mW (4 chains combined)*
Radio 3: NAKensington Lock Yes IEEE Standards 802.11a, 802.11b, 802.11d, 802.11e, 802.11g, 802.11h,
802.11i,802.11j, 802.11k, 802.11n, 802.11r, 802.11u, 802.11v,
802.11w, 802.11ac, 802.11ax (Wi-Fi 6), 802.1Q, 802.1X,
802.3ad, 802.3af, 802.3at, 802.3az, 802.3bzSSID Types Supported Local – Bridge , Mesh , Tunnel Per Radio Client Capacity 512 per Radiol and Radio2 Cellular Co – existence Yes Reset Button Yes LED Off Mode Yes Advanced 802.11 Features OFDMA Yes ( UL and DL ) 2.4 GHz OFDMA Yes Spatial Reuse ( BSS
Coloring )Yes HE – MU – MIMO Yes UL – MU – MIMO 802.11ax
modeYes DL – MU – MIMO Yes Enhanced Target Wake
Time ( TWT )Yes ZeroWait DFS / Agile DFS No Wireless Monitoring Capabilities Rogue Scan Radio Mode Background , Dedicated WIPS / WIDS RAdio Modes Background , Dedicated (Recommended) Packet Sniffer Mode Yes Spectrum Analyzer Yes Dimensions Length x Width x Height 8.27 x 8.27 x 2.22 inches (210 x 210 x 56.5 mm) Weight 2.16 lbs ( 0.98 kg ) Package ( shipping ) Weight 3.97 lbs ( 18 kg ) Accessories Mounting Options Ceiling , T – Rail , and Wall Included Accessories Mount kit for Ceiling , T – Rail
and WallPower Supply SP – FAP400 – PA – XX or
GPI – 130Optional Antennas
( Professional Installer
Required for FCC domains )N / A Environment Power Consumption ( Max ) 24.5 W PoE Mode 802.3at PoE default
1 port powered by 802.3at or 2 ports powered by 802.3af –
Full System functionality + USB support
1 port is connected to 802.3af – No USB support, Operate
in 2×2 mode with reduced power R1/R2 17dBm(Tx power)Humidity 5-90 % Non – Condensing Operating / Storage
Temperature32–113°F (0–45°C) / -31–-94°F (-35–70°C) Directives Low Voltage Directive .
RoHSUL2043 Plenum Material No Mean Time Between
Failures> 10 Years IP Rating – Surge Protection Built in No Hit – less PoE Failover Yes Certifications Wi – Fi Alliance Certified Yes ( includes Passpoint ) DFS FCC , IC , CE , Japan , Brazil
and TaiwanWarranty Limited Lifetime Warranty Yes - Antenna Radiation Patterns
-
- Deployment
-
802.11ax Deployment
The FAP-U43xF are backward compatible with 802.11ac, 802.11a/n and 802.11b/g/n clients, so you can upgrade your network today, and the existing client base will work with the new FAP-U43xF. Fortinet provides solutions for multi-channel architecture. Enterprises can add the FAP-U to their existing network to support additional capacity as part of their existing deployment. However, there are recommended best practices for operating a network that includes both 11n and 11ac APs.
WLAN Controller
Customers are required to upgrade the controller software, FortiWLC (SD) to version 8.5.1 or later to support the FAP-U43xF.
FAPs support two data plane modes, bridged and tunneled. In bridged mode, also known as the remote AP mode, the data traffic from the client is bridged locally at the access layer or edge switch. Control and AP management traffic is still sent between the AP and the controller in bridged mode. In tunneled mode, all data, AP management, and control traffic is passed through the controller.
Clients per AP
The BYOD phenomenon has changed the enterprise network landscape and has forced IT managers to plan ahead for all types of user-owned mobile devices. BYOD typically means client densities are increasing, as it is not unusual for users to carry two or three WLAN-capable devices at a time. With BYOD, the client count per AP/radio has continued to rise, as one would expect. What follows are some general client density guidelines for the FAP-U43xF.
• Maximum ESS profiles supported – 8/radio
• (ARRP enabled) Maximum number of clients supported – 512 clients/radio
• (ARRP disabled) Maximum number of clients supported – 170 clients/radio The actual number of clients recommended per radio depends on number and types of applications in use, SLAs, client types, etcSecurity Profiles
To ensure that you are benefiting from the VHT data rates available in 11ax, your security policies need to be configured to use WPA2 with AES-CCMP. The AES-CCMP requirement is part of the 11ax specification.
Signal Strength
The recommendation for 11n networks is typically that AP signal strength be -65 dBm or greater everywhere that Wi-Fi service is required for voice or video. This recommendation is influenced by the knowledge that 11n uses highest modulation rate of 64-QAM.
With 11ax/ac, a higher signal strength is required to achieve the highest modulation rate of 1024-QAM. This is because 256 and 1024-QAM employs a much denser constellation than 64-QAM, which makes data corruption more likely at lower signal strength when using 256 and 1024-QAM. How much higher signal strength is required depends mainly on channel width. Wider channels will require higher signal strengths to achieve 1024-QAM rates.
For networks using 80 MHz channels, the widest channel width used in Wave 2 APs, a signal strength of approximately -51 dBm or greater is required to support 1024-QAM. For 40 MHz channels, a signal strength of approximately -54 dBm or greater is required to support 1024- QAM.
SNR
Another important metric to consider when building a wireless network is the signal to noiseratio (SNR). With 11n networks, an SNR of 28dB or greater is often recommended, particularly if voice and/or video applications are present. Although this recommendation still applies for 11n clients running on 11ac networks, for 11ac clients to achieve their highest possible data rates, the SNR should be greater than 32dB. For 11ax clients an SNR of -35dBm is recommended.
Switch and PoE Guidelines
In this section, we will provide recommendations for switching and PoE capabilities.
FAP- 431F
The recommendation is to boot up the AP on the 2.5G port to gain the 11ax data rates.
Controller
As mentioned previously, if the data plane is configured for tunneled mode, a 10G uplink from the controller to the connecting switch is recommended, as all data plane traffic will need to pass through the controller’s Ethernet port/s. A 10G uplink can be used for bridged mode deployments as well, but since all data plane traffic avoids passing through the controller’s Ethernet port/s, a 1G controller uplink port will most often be more than adequate for bridged mode deployments.
PoE
FAP-U43xF requires approximately 25W (802.3at) static power supply. Customers that currently have 802.3af power will need to upgrade to 802.3at power. If the FAP-U detects an 802.3af power source, the radios will be disabled. The LAN1 and LAN2 ports are for uplink.
It is recommended to enable LLDP on the switch.