SA Query Timeout on its own is not an issue, unless it is truly excessive.
In short - this means that the client left the router range, AP sent an information request in order to check, if the client is still present and did not receive an answer. Thus - the client has left the range. Completely normal debug log message - this is not an error or warning. Just an informational message.
In greater detail:
SA Query Timeout is a normal part of wireless behavior. It is a security feature.
SA Query is triggered in the following scenario:
- On AP there is a valid security association for the station
- AP receives an Association request from an already associated station
- AP responds with Association request rejected - “Association Comeback interval” Status Code:30. - this is done in order for AP to understand if the association request came from an attacker, or if it came from a station that got out of range, and was not able to disassociate beforehand.
- AP sends SA Query Request to the station. Using original encryption that was used with the client beforehand. If the client sends SA Query Response, it will mean that the initial association request came from Attacker.
- If the Client doesn’t give SA Query response, it means that the real client got disconnected, or rather was out of range, and didn’t disassociate from AP properly, and restarted association to AP - no attacker is present in this case. And at this point, you will see SA Query Timeout in the log.
That’s just to say that if you notice some timeouts, it’s not necessarily an issue, but if they are constant, especially for a client that was not moved out of range, then a deeper investigation should be done. In such cases, where it’s constant or seems excessive, please create a support ticket, with supout.rif file made after the issue appears, along information about the wireless client and it’s the wireless network card that had this issue.