This document provides the following information for FortiAP version 5.4.2:
l Supported models l What’s new in FortiAP 5.4.2 l Upgrade Information l Product Integration and Support l Resolved Issues
FortiAP version 5.4.2 supports the following models:
|FAP-11C, FAP-14C, FAP-21D, FAP-24D, FAP-25D, FAP-112B,
FAP-112D, FAP-221B, FAP-221C, FAP-222B, FAP-222C,
FAP-223B, FAP-223C, FAP-224D, FAP-320B, FAP-320C,
What’s new in FortiAP 5.4.2
The following is a list of new features and enhancements in FortiAP version 5.4.2:
- Support for DFS channels on more FAP SKUs:
- FAP-321C-S, l FAP-222C-K l FAP-221B-I, FAP-221C-I, FAP-222C-I, FAP-223C-I, FAP-320B-I, FAP-320C-I, FAP-321C-I
- Support for 64-digit hexadecimal passphrase in WPA2-Personal SSID
The following features require FortiCloud 3.1.0:
- OKC support for FortiCloud WPA2-Enterprise SSID with RADIUS authentication l Dynamic VLAN support for FortiCloud WPA2-Enterprise SSID l Support for time zone and day-light-saving settings from FortiCloud l During firmware upgrade, FAP can download firmware image from a HTTPS server as instructed by FortiCloud.
What’s new in FortiAP 5.4.2 Introduction
The following features require FortiGate running FortiOS 5.6.0:
- PMF support for local-standalone SSID with WPA2-Personal/Enterprise security
- New security option for CAPWAP data channel: IPsec VPN
Note: FAP-320B cannot support this feature due to its flash limit. l Support for QoS Profile (rate limits per SSID and per client IP) l Add “lease-time” setting to NAT-mode local-standalone VAP
Upgrading from FortiAP version 5.4.1
FortiAP 5.4.2 supports upgrading from 5.4.1.
Downgrading to previous firmware versions
FortiAP 5.4.2 does not support downgrading to previous firmware versions.
Firmware image checksums
The MD5 checksums for all Fortinet software and firmware releases are available at the Customer Service & Support portal, https://support.fortinet.com. After logging in select Download > Firmware Image Checksums, enter the image file name including the extension, and select Get Checksum Code.
Supported Upgrade Paths
To view all previous FortiAP versions, build numbers, and their supported upgrade pathways, see the following Fortinet Cookbook link:
Product Integration and Support
FortiAP 5.4.2 support
The following table lists FortiAP version 5.4.2 product integration and support information.
FortiAP 5.4.2 support
|Web Browsers||l Microsoft Internet Explorer version 11 l Mozilla Firefox version 41 l Google Chrome version 47
l Safari 8
Other web browsers may function correctly, but are not supported by Fortinet.
|FortiOS||5.4.2 and later|
|FortiExplorer (Windows/MAC)||2.6.0 (model FAP-11C only)|
|FortiExplorer iOS||2.0.0 (models FAP-11C, 21D, 24D, 112D, 320B, and 320C only)|
|206429||FAP WIDS function could not detect spoofed de-authentication attack to its operating SSID.|
|300277||The NAT setting in FAP was not cleared correctly when VAP configuration in FortiGate has localstandalone disabled. (FortiGate will have the fix in FortiOS 5.6.0.)|
|369467||In FortiCloud captive-portal SSID setup, Social Media login page might become inaccessible due to DNS load balancing or rotation.|
|375543||FAP reported excess event logs about operating channel and Tx Power on 2.4 GHz radio.|
|307852||In FAP GUI, FortiCloud Account field now allows up to 50 characters.|
|381375||BPDU frames got truncated by FAP LAN to tunnel SSID when CAPWAP-data is plain text.|
|381602||Country code “AUSTRALIA” should be supported by FAP with region code “N “.|
|390947||Country code “SAUDI ARABIA” should be supported by FAP with region code “E “.|
|382926||Country code “INDONESIA” now is supported by a new region code “F “.|
|380931||Schedule of local-standalone SSID did not work when FAP lost connection with FortiCloud.|
|374626||Memory usage of IP pool of DHCP server in NAT-mode local-standalone SSID has been improved.|
|369162||For dual-radio FAP platforms, when both radios have the same NAT-mode local-standalone SSID configured, they can use the same IP and subnet mask settings now.|
|379123||Local-standalone SSID can support pre-authentication now.|
|391677||FAP-320C had lower TX power than expected.|
|281684||FAP sometimes encountered “PN check failed” issue.|
|395016||FAP-320C-E 2.4GHz Radio had inconsistent TX power when configured 1 dBm.|
|395010||FAP-320C-E 5Ghz Radio TX power was stuck at 0 once cwWtpd was killed.|
|395244||Improvement. Now FAP sends WTP ID information packet to FortiPresence Server more frequently.|
|389205||FortiAP 5.4.2 is no longer vulnerable to the following CVE Reference: 2016-6308, 2016-6307, 2016-6306, 2016-6305, 2016-6304, 2016-6303, 2016-6302, 2016-2183, 2016-2182, 2016-2181, 2016-2180, 2016-2179, 2016-2178, 2016-2177.
Visit https://fortiguard.com/psirt for more information.
|301726||Sniffer mode does not work on 802.11ac radios. Sniffer will be stuck in INIT(0) state and no packets will be captured.|
|300081||FortiAPs may encounter high CPU usage intermittently after a FortiGate wireless controller pushes a local-authentication virtual AP (VAP) configuration to them.|
|245323||Spectrum analysis may result in high CPU usage on some FortiAP models including the FAP221B, FAP-223B, and FAP-221C.|
|236312||Split-tunneling SSIDs do not support VLANs.|
Having trouble configuring your Fortinet hardware or have some questions you need answered? Ask your questions in the comments below!!! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To Buy Your Fortinet Hardware From The Fortinet GURU