Products

Fortinet FortiAP 431F

This high throughput enterprise class 802.11ax indoor AP provides three radios and 8 spatial streams. This top-of-the line access point supports OFDMA, a 2.5 Gigabit Ethernet port, plus an additional 1 Gbps Ethernet port for PoE diversity. The AP can provide 24/7 scanning across both bands while still providing access on both the 2.4 and 5 GHz bands. The integrated BLE radio can be used for beacons and locationing applications.

  • Unified management console simplifies operations, ensuring consistency in effective policy enforcement and compliance.
  • Wireless LAN security done right, from the leader in network security. Integrated Firewall, IPS, Application Control, and Web Filter protect the wireless LAN from the latest security threats.
  • Protects the network from advanced wireless threats and satisfies PCI DSS compliance.

Key Features:

  • 802.11ax
  • Tri-Radio 2.4 GHz + 5 GHz + scanning
  • 5 Internal/External Antennas
  • 4×4 MU-MIMO
  • Up to 1,147 Mbps + 2,402 Mbps
Fortinet FortiAP-U431F and FortiAP-U433F indoor access points are 802.11ax, 4×4 MIMO, triradio, dual band (2.4GHz/5GHz) access points and are compliant with the IEEE 802.3at PoE specifications. These access points are delivered with dual redundant PoE Ethernet ports and ten internal and external antennas respectively.

Note: FAP-U43xF access points are NOT compliant with IEEE 802.3af PoE specifications. If the FAP-U detects an 802.3af power source, the radios will be disabled.

FortiAP-U43xF supports configuring two radio interfaces in the 5GHz band. This option is supported for FAP-U43xF ONLY and is disabled by default;
The FAP supports MCA (Multi-Channel architecture) deployment options, such as MCA with ARRP (Auto Radio Resource Provisioning). The APs are designed to meet the requirements for even the most challenging deployment scenarios, ) providing greater bandwidths in high density networks and enhancing user experience in data, voice, and video applications in enterprise class deployments.

The FAP-U43xF is compatible with FortiWLC enterprise wireless LAN controllers, integrated FortiGate enterprise firewall LAN controllers, and FortiAPCloud management platform.

The FAP-U43xF radios include the following capabilities:
  • Supports Universal Access
  • Management from on-premise to cloud management
  • IEEE 802.11a/b/g/n/ac/ax compliant, 20/40/80/160 MHz channels DL and UL OFDMA.
  • 802.11ax technology with data rates of up to 4.8 Gbps (4809.3Mbps MCS11 4×4 160Mhz).
  • 4×4 MU-MIMO (up to 4 streams) technology improves client throughput and range
  • Modulation up to 1024 QAM
  • Integrated with Fortinet Security Fabric
Ethernet Ports
  • Supports two Gig-E ports, labeled LAN1 and LAN2
  • Auto-negotiation supported
  • LAN1 2.5G & LAN2 1GEthernet Port (RJ-45) Gigabit Ethernet port with Power over Ethernet (PoE)
  • Console Port (RJ-45) – Optional management computer connection. Provides access to the
    Command-Line Interface (CLI)
  • LACP supported (static Link aggregation not supported).
Power
  • 802.3at (25 Watts)
  • External power supply: 12V/3A DC
  • Power consumption: 23.6 Watts
Supported Controller Types

FAP-U433F and FAP-U431F are compatible with FortiWLC enterprise wireless LAN controllers, integrated FortiGate enterprise firewall LAN controllers, and FortiAPCloud management
platform.

  • If FortiWLC controller is discovered, the unit continues booting up with the default FortiWLC
    image.
  • If the FortiGate controller or the FortiAPCloud management platform is discovered, the unit
    reboots with the FortiAP image.

FortiAP 431F

Hardware
Hardware Type Indoor AP
Number of Radios 3 + 1BLE
Number of Antennas 5 Internal + 1 BLE Internal
Antenna Type and Peak
Gain
PIFA : 4 dBi for 2.4 GHz , 5
dei for 5 GHz
Frequency Bands ( GHz ) * 2.400-2.4835 , 5.150-5.250 ,
5.725-5.850
Radio 1 Capabilities Frequency Band 2.4 GHz
Channel width: 4×4 20/40 MHz
Modulation: BPSK, QPSK, QAM64, QAM256, and QAM1024
MIMO chains: 4×4 service
Radio 2 Capabilities Frequency Band: 5.0 GHz
Channel width: 4×4 20/40/80MHz and 2×2 160MHz
contiguous
Modulation: BPSK, QPSK, QAM64, QAM256, and QAM1024
Mimo chains: 4×4 service
Radio 3 Capabilities Frequency band: 2.4/5.0 GHz
MIMO chains: 1×1 frequency scanning
Maximum Data Rate Radio 1 : up to 1147 Mbps
Radio 2 : up to 2402 Mbps
Radio 3 : scan only
Bluetooth Low Energy Radio Bluetooth scanning and iBeacon advertisement @ 6 dBm
max TX power
Interfaces 1x 100/1000/2500 Base-T RJ45,
1 x 10/100/1000 Base-T RJ45,
1x Type A USB, 1x RS-232 RJ45 Serial Port
MDI / MDIX Supported
Simultaneous SSIDS Up to 16 (14 if background scanning enabled)
EAP Type ( s ) EAP-TLS, EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2,
PEAPv1/EAP-GTC, EAP-SIM, EAP-AKA, EAP-FAST
User / Device Authentication WPA™, WPA2™, and WPA3™ with 802.1x or Preshared key,
WEP, Web Captive Portal, MAC blocklist and allowlist
Maximum Tx Power
( Conducted )
Radio 1: 2.4 GHz 24 dBm / 251 mW (4 chains combined)*
Radio 2: 5 GHz 23 dBm / 200 mW (4 chains combined)*
Radio 3: NA
Kensington Lock Yes
IEEE Standards 802.11a, 802.11b, 802.11d, 802.11e, 802.11g, 802.11h,
802.11i,802.11j, 802.11k, 802.11n, 802.11r, 802.11u, 802.11v,
802.11w, 802.11ac, 802.11ax (Wi-Fi 6), 802.1Q, 802.1X,
802.3ad, 802.3af, 802.3at, 802.3az, 802.3bz
SSID Types Supported Local – Bridge , Mesh , Tunnel
Per Radio Client Capacity 512 per Radiol and Radio2
Cellular Co – existence Yes
Reset Button Yes
LED Off Mode Yes
Advanced 802.11 Features
OFDMA Yes ( UL and DL )
2.4 GHz OFDMA Yes
Spatial Reuse ( BSS
Coloring )
Yes
HE – MU – MIMO Yes
UL – MU – MIMO 802.11ax
mode
Yes
DL – MU – MIMO Yes
Enhanced Target Wake
Time ( TWT )
Yes
ZeroWait DFS / Agile DFS No
Wireless Monitoring Capabilities
Rogue Scan Radio Mode Background , Dedicated
WIPS / WIDS RAdio Modes Background , Dedicated (Recommended)
Packet Sniffer Mode Yes
Spectrum Analyzer Yes
Dimensions
Length x Width x Height 8.27 x 8.27 x 2.22 inches (210 x 210 x 56.5 mm)
Weight 2.16 lbs ( 0.98 kg )
Package ( shipping ) Weight 3.97 lbs ( 18 kg )
Accessories
Mounting Options Ceiling , T – Rail , and Wall
Included Accessories Mount kit for Ceiling , T – Rail
and Wall
Power Supply SP – FAP400 – PA – XX or
GPI – 130
Optional Antennas
( Professional Installer
Required for FCC domains )
N / A
Environment
Power Consumption ( Max ) 24.5 W
PoE Mode 802.3at PoE default
1 port powered by 802.3at or 2 ports powered by 802.3af –
Full System functionality + USB support
1 port is connected to 802.3af – No USB support, Operate
in 2×2 mode with reduced power R1/R2 17dBm(Tx power)
Humidity 5-90 % Non – Condensing
Operating / Storage
Temperature
32–113°F (0–45°C) / -31–-94°F (-35–70°C)
Directives Low Voltage Directive .
RoHS
UL2043 Plenum Material No
Mean Time Between
Failures
> 10 Years
IP Rating
Surge Protection Built in No
Hit – less PoE Failover Yes
Certifications
Wi – Fi Alliance Certified Yes ( includes Passpoint )
DFS FCC , IC , CE , Japan , Brazil
and Taiwan
Warranty
Limited Lifetime Warranty Yes
FAP-431F
802.11ax Deployment

The FAP-U43xF are backward compatible with 802.11ac, 802.11a/n and 802.11b/g/n clients, so you can upgrade your network today, and the existing client base will work with the new FAP-U43xF. Fortinet provides solutions for multi-channel architecture. Enterprises can add the FAP-U to their existing network to support additional capacity as part of their existing deployment. However, there are recommended best practices for operating a network that includes both 11n and 11ac APs.

WLAN Controller

Customers are required to upgrade the controller software, FortiWLC (SD) to version 8.5.1 or later to support the FAP-U43xF.

FAPs support two data plane modes, bridged and tunneled. In bridged mode, also known as the remote AP mode, the data traffic from the client is bridged locally at the access layer or edge switch. Control and AP management traffic is still sent between the AP and the controller in bridged mode. In tunneled mode, all data, AP management, and control traffic is passed through the controller.

Clients per AP

The BYOD phenomenon has changed the enterprise network landscape and has forced IT managers to plan ahead for all types of user-owned mobile devices. BYOD typically means client densities are increasing, as it is not unusual for users to carry two or three WLAN-capable devices at a time. With BYOD, the client count per AP/radio has continued to rise, as one would expect. What follows are some general client density guidelines for the FAP-U43xF.
• Maximum ESS profiles supported – 8/radio
• (ARRP enabled) Maximum number of clients supported – 512 clients/radio
• (ARRP disabled) Maximum number of clients supported – 170 clients/radio The actual number of clients recommended per radio depends on number and types of applications in use, SLAs, client types, etc

Security Profiles

To ensure that you are benefiting from the VHT data rates available in 11ax, your security policies need to be configured to use WPA2 with AES-CCMP. The AES-CCMP requirement is part of the 11ax specification.

Signal Strength

The recommendation for 11n networks is typically that AP signal strength be -65 dBm or greater everywhere that Wi-Fi service is required for voice or video. This recommendation is influenced by the knowledge that 11n uses highest modulation rate of 64-QAM.

With 11ax/ac, a higher signal strength is required to achieve the highest modulation rate of 1024-QAM. This is because 256 and 1024-QAM employs a much denser constellation than 64-QAM, which makes data corruption more likely at lower signal strength when using 256 and 1024-QAM. How much higher signal strength is required depends mainly on channel width. Wider channels will require higher signal strengths to achieve 1024-QAM rates.

For networks using 80 MHz channels, the widest channel width used in Wave 2 APs, a signal strength of approximately -51 dBm or greater is required to support 1024-QAM. For 40 MHz channels, a signal strength of approximately -54 dBm or greater is required to support 1024- QAM.

SNR

Another important metric to consider when building a wireless network is the signal to noiseratio (SNR). With 11n networks, an SNR of 28dB or greater is often recommended, particularly if voice and/or video applications are present. Although this recommendation still applies for 11n clients running on 11ac networks, for 11ac clients to achieve their highest possible data rates, the SNR should be greater than 32dB. For 11ax clients an SNR of -35dBm is recommended.

Switch and PoE Guidelines

In this section, we will provide recommendations for switching and PoE capabilities.

FAP- 431F

The recommendation is to boot up the AP on the 2.5G port to gain the 11ax data rates.

Controller

As mentioned previously, if the data plane is configured for tunneled mode, a 10G uplink from the controller to the connecting switch is recommended, as all data plane traffic will need to pass through the controller’s Ethernet port/s. A 10G uplink can be used for bridged mode deployments as well, but since all data plane traffic avoids passing through the controller’s Ethernet port/s, a 1G controller uplink port will most often be more than adequate for bridged mode deployments.

PoE

FAP-U43xF requires approximately 25W (802.3at) static power supply. Customers that currently have 802.3af power will need to upgrade to 802.3at power. If the FAP-U detects an 802.3af power source, the radios will be disabled. The LAN1 and LAN2 ports are for uplink.
It is recommended to enable LLDP on the switch.

Overview
Fortinet FortiAP-U431F and FortiAP-U433F indoor access points are 802.11ax, 4×4 MIMO, triradio, dual band (2.4GHz/5GHz) access points and are compliant with the IEEE 802.3at PoE specifications. These access points are delivered with dual redundant PoE Ethernet ports and ten internal and external antennas respectively.

Note: FAP-U43xF access points are NOT compliant with IEEE 802.3af PoE specifications. If the FAP-U detects an 802.3af power source, the radios will be disabled.

FortiAP-U43xF supports configuring two radio interfaces in the 5GHz band. This option is supported for FAP-U43xF ONLY and is disabled by default;
The FAP supports MCA (Multi-Channel architecture) deployment options, such as MCA with ARRP (Auto Radio Resource Provisioning). The APs are designed to meet the requirements for even the most challenging deployment scenarios, ) providing greater bandwidths in high density networks and enhancing user experience in data, voice, and video applications in enterprise class deployments.

The FAP-U43xF is compatible with FortiWLC enterprise wireless LAN controllers, integrated FortiGate enterprise firewall LAN controllers, and FortiAPCloud management platform.

The FAP-U43xF radios include the following capabilities:
  • Supports Universal Access
  • Management from on-premise to cloud management
  • IEEE 802.11a/b/g/n/ac/ax compliant, 20/40/80/160 MHz channels DL and UL OFDMA.
  • 802.11ax technology with data rates of up to 4.8 Gbps (4809.3Mbps MCS11 4×4 160Mhz).
  • 4×4 MU-MIMO (up to 4 streams) technology improves client throughput and range
  • Modulation up to 1024 QAM
  • Integrated with Fortinet Security Fabric
Ethernet Ports
  • Supports two Gig-E ports, labeled LAN1 and LAN2
  • Auto-negotiation supported
  • LAN1 2.5G & LAN2 1GEthernet Port (RJ-45) Gigabit Ethernet port with Power over Ethernet (PoE)
  • Console Port (RJ-45) – Optional management computer connection. Provides access to the
    Command-Line Interface (CLI)
  • LACP supported (static Link aggregation not supported).
Power
  • 802.3at (25 Watts)
  • External power supply: 12V/3A DC
  • Power consumption: 23.6 Watts
Supported Controller Types

FAP-U433F and FAP-U431F are compatible with FortiWLC enterprise wireless LAN controllers, integrated FortiGate enterprise firewall LAN controllers, and FortiAPCloud management
platform.

  • If FortiWLC controller is discovered, the unit continues booting up with the default FortiWLC
    image.
  • If the FortiGate controller or the FortiAPCloud management platform is discovered, the unit
    reboots with the FortiAP image.
Specification

FortiAP 431F

Hardware
Hardware Type Indoor AP
Number of Radios 3 + 1BLE
Number of Antennas 5 Internal + 1 BLE Internal
Antenna Type and Peak
Gain
PIFA : 4 dBi for 2.4 GHz , 5
dei for 5 GHz
Frequency Bands ( GHz ) * 2.400-2.4835 , 5.150-5.250 ,
5.725-5.850
Radio 1 Capabilities Frequency Band 2.4 GHz
Channel width: 4×4 20/40 MHz
Modulation: BPSK, QPSK, QAM64, QAM256, and QAM1024
MIMO chains: 4×4 service
Radio 2 Capabilities Frequency Band: 5.0 GHz
Channel width: 4×4 20/40/80MHz and 2×2 160MHz
contiguous
Modulation: BPSK, QPSK, QAM64, QAM256, and QAM1024
Mimo chains: 4×4 service
Radio 3 Capabilities Frequency band: 2.4/5.0 GHz
MIMO chains: 1×1 frequency scanning
Maximum Data Rate Radio 1 : up to 1147 Mbps
Radio 2 : up to 2402 Mbps
Radio 3 : scan only
Bluetooth Low Energy Radio Bluetooth scanning and iBeacon advertisement @ 6 dBm
max TX power
Interfaces 1x 100/1000/2500 Base-T RJ45,
1 x 10/100/1000 Base-T RJ45,
1x Type A USB, 1x RS-232 RJ45 Serial Port
MDI / MDIX Supported
Simultaneous SSIDS Up to 16 (14 if background scanning enabled)
EAP Type ( s ) EAP-TLS, EAP-TTLS/MSCHAPv2, PEAPv0/EAP-MSCHAPv2,
PEAPv1/EAP-GTC, EAP-SIM, EAP-AKA, EAP-FAST
User / Device Authentication WPA™, WPA2™, and WPA3™ with 802.1x or Preshared key,
WEP, Web Captive Portal, MAC blocklist and allowlist
Maximum Tx Power
( Conducted )
Radio 1: 2.4 GHz 24 dBm / 251 mW (4 chains combined)*
Radio 2: 5 GHz 23 dBm / 200 mW (4 chains combined)*
Radio 3: NA
Kensington Lock Yes
IEEE Standards 802.11a, 802.11b, 802.11d, 802.11e, 802.11g, 802.11h,
802.11i,802.11j, 802.11k, 802.11n, 802.11r, 802.11u, 802.11v,
802.11w, 802.11ac, 802.11ax (Wi-Fi 6), 802.1Q, 802.1X,
802.3ad, 802.3af, 802.3at, 802.3az, 802.3bz
SSID Types Supported Local – Bridge , Mesh , Tunnel
Per Radio Client Capacity 512 per Radiol and Radio2
Cellular Co – existence Yes
Reset Button Yes
LED Off Mode Yes
Advanced 802.11 Features
OFDMA Yes ( UL and DL )
2.4 GHz OFDMA Yes
Spatial Reuse ( BSS
Coloring )
Yes
HE – MU – MIMO Yes
UL – MU – MIMO 802.11ax
mode
Yes
DL – MU – MIMO Yes
Enhanced Target Wake
Time ( TWT )
Yes
ZeroWait DFS / Agile DFS No
Wireless Monitoring Capabilities
Rogue Scan Radio Mode Background , Dedicated
WIPS / WIDS RAdio Modes Background , Dedicated (Recommended)
Packet Sniffer Mode Yes
Spectrum Analyzer Yes
Dimensions
Length x Width x Height 8.27 x 8.27 x 2.22 inches (210 x 210 x 56.5 mm)
Weight 2.16 lbs ( 0.98 kg )
Package ( shipping ) Weight 3.97 lbs ( 18 kg )
Accessories
Mounting Options Ceiling , T – Rail , and Wall
Included Accessories Mount kit for Ceiling , T – Rail
and Wall
Power Supply SP – FAP400 – PA – XX or
GPI – 130
Optional Antennas
( Professional Installer
Required for FCC domains )
N / A
Environment
Power Consumption ( Max ) 24.5 W
PoE Mode 802.3at PoE default
1 port powered by 802.3at or 2 ports powered by 802.3af –
Full System functionality + USB support
1 port is connected to 802.3af – No USB support, Operate
in 2×2 mode with reduced power R1/R2 17dBm(Tx power)
Humidity 5-90 % Non – Condensing
Operating / Storage
Temperature
32–113°F (0–45°C) / -31–-94°F (-35–70°C)
Directives Low Voltage Directive .
RoHS
UL2043 Plenum Material No
Mean Time Between
Failures
> 10 Years
IP Rating
Surge Protection Built in No
Hit – less PoE Failover Yes
Certifications
Wi – Fi Alliance Certified Yes ( includes Passpoint )
DFS FCC , IC , CE , Japan , Brazil
and Taiwan
Warranty
Limited Lifetime Warranty Yes
Antenna Radiation Patterns
FAP-431F
Deployment
802.11ax Deployment

The FAP-U43xF are backward compatible with 802.11ac, 802.11a/n and 802.11b/g/n clients, so you can upgrade your network today, and the existing client base will work with the new FAP-U43xF. Fortinet provides solutions for multi-channel architecture. Enterprises can add the FAP-U to their existing network to support additional capacity as part of their existing deployment. However, there are recommended best practices for operating a network that includes both 11n and 11ac APs.

WLAN Controller

Customers are required to upgrade the controller software, FortiWLC (SD) to version 8.5.1 or later to support the FAP-U43xF.

FAPs support two data plane modes, bridged and tunneled. In bridged mode, also known as the remote AP mode, the data traffic from the client is bridged locally at the access layer or edge switch. Control and AP management traffic is still sent between the AP and the controller in bridged mode. In tunneled mode, all data, AP management, and control traffic is passed through the controller.

Clients per AP

The BYOD phenomenon has changed the enterprise network landscape and has forced IT managers to plan ahead for all types of user-owned mobile devices. BYOD typically means client densities are increasing, as it is not unusual for users to carry two or three WLAN-capable devices at a time. With BYOD, the client count per AP/radio has continued to rise, as one would expect. What follows are some general client density guidelines for the FAP-U43xF.
• Maximum ESS profiles supported – 8/radio
• (ARRP enabled) Maximum number of clients supported – 512 clients/radio
• (ARRP disabled) Maximum number of clients supported – 170 clients/radio The actual number of clients recommended per radio depends on number and types of applications in use, SLAs, client types, etc

Security Profiles

To ensure that you are benefiting from the VHT data rates available in 11ax, your security policies need to be configured to use WPA2 with AES-CCMP. The AES-CCMP requirement is part of the 11ax specification.

Signal Strength

The recommendation for 11n networks is typically that AP signal strength be -65 dBm or greater everywhere that Wi-Fi service is required for voice or video. This recommendation is influenced by the knowledge that 11n uses highest modulation rate of 64-QAM.

With 11ax/ac, a higher signal strength is required to achieve the highest modulation rate of 1024-QAM. This is because 256 and 1024-QAM employs a much denser constellation than 64-QAM, which makes data corruption more likely at lower signal strength when using 256 and 1024-QAM. How much higher signal strength is required depends mainly on channel width. Wider channels will require higher signal strengths to achieve 1024-QAM rates.

For networks using 80 MHz channels, the widest channel width used in Wave 2 APs, a signal strength of approximately -51 dBm or greater is required to support 1024-QAM. For 40 MHz channels, a signal strength of approximately -54 dBm or greater is required to support 1024- QAM.

SNR

Another important metric to consider when building a wireless network is the signal to noiseratio (SNR). With 11n networks, an SNR of 28dB or greater is often recommended, particularly if voice and/or video applications are present. Although this recommendation still applies for 11n clients running on 11ac networks, for 11ac clients to achieve their highest possible data rates, the SNR should be greater than 32dB. For 11ax clients an SNR of -35dBm is recommended.

Switch and PoE Guidelines

In this section, we will provide recommendations for switching and PoE capabilities.

FAP- 431F

The recommendation is to boot up the AP on the 2.5G port to gain the 11ax data rates.

Controller

As mentioned previously, if the data plane is configured for tunneled mode, a 10G uplink from the controller to the connecting switch is recommended, as all data plane traffic will need to pass through the controller’s Ethernet port/s. A 10G uplink can be used for bridged mode deployments as well, but since all data plane traffic avoids passing through the controller’s Ethernet port/s, a 1G controller uplink port will most often be more than adequate for bridged mode deployments.

PoE

FAP-U43xF requires approximately 25W (802.3at) static power supply. Customers that currently have 802.3af power will need to upgrade to 802.3at power. If the FAP-U detects an 802.3af power source, the radios will be disabled. The LAN1 and LAN2 ports are for uplink.
It is recommended to enable LLDP on the switch.

Quick Contact
close slider