FortiAP v5.0 Patch Release 6Release Notes
FortiAP v5.0 Patch Release 6 Release Notes
April 21, 2014
20-506-220170-20140421
Copyright© 2014 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and
FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other
Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All
other product or company names may be trademarks of their respective owners. Performance
and other metrics contained herein were attained in internal lab tests under ideal conditions,
and actual performance and other resultsmay vary. Network variables, different network
environments and other conditions may affect performance results. Nothing herein represents
any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or
implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet’s
General Counsel, with a purchaser that expressly warrants that the identified product will
perform according to certain expressly-identified performance metrics and, in such event, only
the specific performance metrics expressly identified in such binding written contract shall be
binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the
same ideal conditions as in Fortinet’s internal lab tests. Fortinet disclaims in full any covenants,
representations,and guarantees pursuant hereto, whether express or implied. Fortinet reserves
the right to change, modify, transfer, or otherwise revise this publication without notice, and the
most current version of the publication shall be applicable.
Technical Documentation docs.fortinet.com
Knowledge Base kb.fortinet.com
Customer Service & Support support.fortinet.com
Training Services training.fortinet.com
FortiGuard fortiguard.com
Document Feedback [email protected]
Table of Contents
Change Log....................................................................................................... 4
Introduction....................................................................................................... 5
Supported models ................................................................................................... 5
Summary of enhancements..................................................................................... 6
Special Notices................................................................................................. 7
Before any upgrade ................................................................................................. 7
Upgrade Information ........................................................................................ 8
Upgrading from FortiAP v5.0.0 or later.................................................................... 8
Upgrading from FortiAP v4.0 MR3 Patch Release 9 ............................................... 8
Upgrading the FortiAP device.................................................................................. 8
Downgrading to previous firmware versions ........................................................... 9
Product Integration and Support .................................................................. 10
Web browser support ............................................................................................ 10
FortiOS support ..................................................................................................... 10
FortiExplorer support ............................................................................................. 11
FortiExplorer iOS support ...................................................................................... 11
Resolved Issues.............................................................................................. 12
Resolved OpenSSL Issue in FortiOS v5.0 Patch Release 7 (wireless controller) .. 12
Known Issues.................................................................................................. 14
Firmware Image Checksums......................................................................... 15
Page 3
Change Log
Date Change Description
April 21, 2014 Updated FAP-221C and FAP-320C support in “Supported models” on
page 5.
Added new section “Resolved OpenSSL Issue in FortiOS v5.0 Patch
Release 7 (wireless controller)” on page 12.
February 28, 2014 Initial release.
Page 4
Introduction
This document provides a summary of enhancements, support information, installation
instructions, integration, resolved and known issues in FortiAP v5.0 Patch Release 6 build 0060.
Please review all sections of this document prior to upgrading your device. For more
information on upgrading your FortiAP device, see the Deploying Wireless Networks for FortiOS 5.0 guide at http://docs.fortinet.com/fgt/handbook/50/fortigate-wireless-50.pdf.
This document includes the following sections:
• Introduction
• Special Notices
• Upgrade Information
• Product Integration and Support
• Resolved Issues
• Known Issues
• Firmware Image Checksums
Supported models
The following models are supported on FortiAP v5.0 Patch Release 6:
FAP-11C, FAP-14C, FAP-28C, FAP-112B, FAP-210B, FAP-220B, FAP-221B, FAP-222B,
FAP-223B, and FAP-320B.
See http://docs.fortinet.com/fortiap/admin-guides for additional documents on FortiAP v5.0.
FAP-221C and FAP-320C
These models are released on a special branch based off of FAP v5.0 Patch Release 6. The
branch point reads 060. The FAP-221C firmware has build number 4049. The FAP-320C
firmware has build number 4050.
All FortiAP models require a special FortiOS build for wireless controller support (FortiOS v5.0
Patch Release 7, branch point 271, build 4457). Firmware images for this special FortiOS build
are available from the following directory in the firmware images page of the Customer Service
& Support site:
FortiAP/v5.00/5.0/5.0.6/Wireless_controller/
To access this firmware, find the support.fortnet.com page for downloading firmware images,
select FortiAP and click the Download button. Then navigate to the folder
support.fortinet.com/FortiAP/v5.00/5.0/5.0.6/Wireless_controller/ and download the firmware
image for the FortiGate unit that you will be using to manage your FortiAP unit. Install this
firmware image on your FortiGate unit before installing and managing your FortiAP unit.
Introduction Page 5 FortiAP v5.0 Patch Release 6 Release Notes
Summary of enhancements
The following is a list of enhancements in FortiAP v5.0 Patch Release 6:
• The second radio in models FortiAP-221C and FortiAP-320C supports IEEE 802.11ac and
maximal 80MHz channel width.
• FortiAP-11C, 14C and 28C LAN port support - The Ethernet LAN ports on these devices can
be connected to an Ethernet network. Wired clients connected to this Ethernet network can
communicate through the FortiAP to the FortiGate unit that is controlling the FortiAP. Wired
client traffic can be merged with or kept separate from the SSIDs on the FortiAP device.
• Options to improve performance by preventing packet fragmentation of CAPWAP traffic
between the FortiAP and the FortiGate unit. You can:
• Set the MTU size of uplink and downlink CAPWAP packets,
• Configure the FortiAP to adjust the Maximum Segment Size (MSS) of TCP packets sent
by wireless clients
• Cause the FortiAP unit to block TCP and UDP packets that are too large and would cause
packet fragmentation.
• Support long-distance wireless links between FortiAPs and stations
Introduction Page 6 FortiAP v5.0 Patch Release 6 Release Notes
Special Notices
This section highlights operational changes that administrators should be aware of prior to
upgrading to FortiAP v5.0 Patch Release 6.
Before any upgrade
Save a copy of your FortiAP unit configuration prior to upgrading. In the FortiAP Web-based
Manager, select the System Information tab, in the Status section select Backup, and save the
configuration file to your management computer.
Figure 1: FortiAP Web-based Manager
Special Notices Page 7 FortiAP v5.0 Patch Release 6 Release Notes
Upgrade Information
Upgrading from FortiAP v5.0.0 or later
FortiAP v5.0 Patch Release 6 build 0060 officially supports upgrade from FortiAP v5.0.0 or later.
Upgrading from FortiAP v4.0 MR3 Patch Release 9
FortiAP v5.0 Patch Release 6 build 0060 officially supports upgrade from FortiAP v4.0 MR3
Patch Release 9 or later.
Upgrading the FortiAP device
The FortiAP device can be upgraded using the Web-based Manager, automatically through the
FortiGate controller, or directly using a telnet connection to the device.
Upgrade using the FortiAP Web-based Manager:
1. Change your computer’s IP address to 192.168.1.3.
2. Launch a web browser and browse to the FortiAP default local IP address
http://192.168.1.2.
3. Login to the FortiAP with username: admin and no password.
4. Browse to System Information > Status, and select Update in the Firmware Version field.
5. In the Firmware Upgrade/Downgrade page, select Browse to locate the firmware image that
you downloaded from the Customer Service & Support portal.
6. Select Update to start the firmware upgrade.
7. Once the upgrade is complete, a pop-up message will be displayed noting that the firmware
update is complete.
Upgrade through the FortiGate controller:
1. Place the FortiAP firmware image on a TFTP server on your computer.
2. From the FortiGate Command Line Interface (CLI), enter the following command:
execute wireless-controller upload-wtp-image tftp <fap-imagename> <tftp-server-ip>
3. Verify that the image shows what image is uploaded:
execute wireless-controller list-wtp-image4. Upgrade the FortiAP from the CLI.
Use the all variable to upgrade all FortiAPs, or enter a specific serial number:
execute wireless-controller reset-wtp <all | SN>
FortiAP v5.0.0 or later includes a Web-based Manager. You can backup and restore a system
configuration file, edit network configuration, edit WTP configuration, upgrade FortiAP
firmware, and perform other administrative tasks.
Upgrade Information Page 8 FortiAP v5.0 Patch Release 6 Release Notes
5. From the Web-based Manager, verify that all access points are running the new firmware.
Upgrade using a telnet connection:
1. Place the FortiAP firmware image on a TFTP server on your computer.
2. Connect the FortiAP to a separate private switch or hub, or directly connect it to your
computer using a cross-over cable.
3. Change your computer’s IP address to 192.168.1.3.4. Telnet to IP address 192.168.1.2. This IP address is overwritten if the FortiAP is
connected to a DHCP environment. Ensure that FortiAP is in a private network with no
DHCP server for the static IP address to be accessible.
5. Login to the FortiAP with username: admin and no password.
6. Enter the following CLI command, replacing <tftp-server-ip> with 192.168.1.3:restore <fap-image-name> <tftp-server-ip>
Downgrading to previous firmware versions
FortiAP v5.0 Patch Release 6 does not support downgrading to previous firmware versions.
Upgrade Information Page 9 FortiAP v5.0 Patch Release 6 Release Notes
Product Integration and Support
Web browser support
FortiAP v5.0 Patch Release 6 supports the following web browsers:
• Microsoft Internet Explorer version 9
• Mozilla Firefox version 18
• Google Chrome version 25
Other web browsers may function correctly, but are not supported by Fortinet.
FortiOS support
FortiAP v5.0 Patch Release 6 is supported by FortiOS v5.0.0 or later and FortiOS v4.0 MR3
Patch Release 14 or later.
FortiOS v4.0 MR3 Patch Release 14 does not support the FAP-11C, FAP-14C, and FAP-28C.
FortiOS v5.0 Patch Release 3 or later is required to utilize the new features in FortiAP v5.0 Patch
Release 4 or later.
The FAP-320C and FAP-221C require a special FortiOS build for wireless controller support
(FortiOS v5.0 Patch Release 5, branch point 252, build 4396). Firmware images for this special
FortiOS build are available from the following directory in the firmware images page of the
Customer Service & Support site:
FortiAP/v5.00/5.0/5.0.6/Wireless_controller/
To access this firmware, find the support.fortnet.com page for downloading firmware images,
select FortiAP and click the Download button. Then navigate to the folder
support.fortinet.com/FortiAP/v5.00/5.0/5.0.6/Wireless_controller/ and download the firmware
image for the FortiGate unit that you will be using to manage your FAP-320C or FAP-221C unit.
Install this firmware image on your FortiGate unit before installing and managing your FAP-320C
or FAP-221C unit.
Product Integration and Support Page 10 FortiAP v5.0 Patch Release 6 Release Notes
FortiExplorer support
FortiAP v5.0 Patch Release 6 is supported by FortiExplorer v2.3 build 1052 for the FAP-11C and
FAP-28C.
FortiExplorer iOS support
FortiAP v5.0 Patch Release 6 is supported by FortiExplorer (iOS) v1.0.4 or newer for the
FAP-11C, FAP-28C, FAP-210B, FAP-220B, FAP-320B, FAP-320C.
FortiExplorer v2.3 build 1052 does not support the FAP-11C and FAP-28C Web-based
Manager. Only the command line interface is supported.
Product Integration and Support Page 11 FortiAP v5.0 Patch Release 6 Release Notes
Resolved Issues
The resolved issues table listed below does not list every bug that has been corrected with
FortiAP v5.0 Patch Release 6 build 0060. For inquires about a particular bug, please contact
Customer Service & Support.
Resolved OpenSSL Issue in FortiOS v5.0 Patch Release 7 (wireless controller)
Table 1: Resolved issues
Bug ID Description
196696 FortiAP units can now re-acquire networking information from a DHCP server
when connectivity to a FortiGate unit acting as a wireless controller is lost.
200633
214126
The FortiAP-11C, FortiAP-14C, and FortiAP-28C LAN ports are now available.
214013 Resolved an issue that caused upload throughput reductions on a FortiAP unit
configured as a wireless mesh leaf.
214358 Resolved an issue that could cause a FortiAP unit configured as a wireless
mesh leaf to crash.
214470 Resolved a compatibility issue with iOS devices (iPad, iPhone) that would
interrupt communication.
216706 Resolved an ARP issue that affected a FortiAP unit configured as a wireless
mesh leaf.
217529
218672
218668
Resolved issues resulting from the FortiAP-320B Wi-Fi Alliance certification.
218898
220118
Resolved issues that caused the FortiAP-221B to stop receiving traffic.
Table 2: Resolved OpenSSL issue
Bug ID Description
237976 The OpenSSL library used for the FortiOS GUI and for SSL VPN has been
upgraded to the most recent version (openssl 1.0.1g).
An information disclosure vulnerability has been discovered in OpenSSL
version 1.0.1 up to 1.0.1f. This vulnerability may allow an attacker to access
sensitive information from memory by sending crafted TLS heartbeat
requests. This vulnerability has been fixed in openssl 1.0.1g.
Resolved Issues Page 12 FortiAP v5.0 Patch Release 6 Release Notes
Known Issues
The known issues table listed below does not list every bug that has been identified with
FortiAP v5.0 Patch Release 6 build 0060. For inquires about a particular bug or to report a bug,
please contact Customer Service & Support.
Table 3: Known issues
Bug ID Description
219967 The new TCP-MSS adjust and MTU discovery features will not work when the
CAPWAP data channel uses DTLS encryption.
222157 When the FortiAP LAN port is bridged to a tunnel SSID the FortiAP does not
encrypt traffic between the FortiAP and the FortiGate unit.
225550 The second radio in the FAP-221C and FAP-320C models does not support
Rogue AP Monitoring.
Known Issues Page 14 FortiAP v5.0 Patch Release 6 Release Notes
Firmware Image Checksums
The MD5 checksums for all Fortinet software and firmware releases are available at the
Customer Service & Support portal located at https://support.fortinet.com. After logging in,
click on Download > Firmware Image Checksum, enter the image file including the extension,
and select Get Checksum Code.
Figure 2: Firmware image checksum tool
Firmware Image Checksums Page 15 FortiAP v5.0 Patch Release 6 Release Notes