Region/country code update and DFS certification ... Bluetooth Low Energy (BLE) function of Wi-Fi 6E FortiAP models would stop working sometimes.
Release Notes FortiAP 7.4 .0 FORTINET DOCUMENT LIBRARY https://docs.fortinet.com FORTINET VIDEO GUIDE https://video.fortinet.com FORTINET BLOG https://blog.fortinet.com CUSTOMER SERVICE & SUPPORT https://support.fortinet.com FORTINET TRAINING & CERTIFICATION PROGRAM https://www.fortinet.com/training-certification FORTINET TRAINING INSTITUTE https://training.fortinet.com FORTIGUARD CENTER https://www.fortiguard.com END USER LICENSE AGREEMENT https://www.fortinet.com/doc/legal/EULA.pdf FEEDBACK Email: techdoc@fortinet.com June 1, 2023 FortiAP 7.4.0 Release Notes 20-740-914800-20230601 TABLE OF CONTENTS Change log 4 Introduction 5 Supported models 5 New features or enhancements 6 Region/country code update and DFS certification 7 Changes in CLI 7 Upgrade and downgrade information 8 Upgrading to FortiAP version 7.4.0 8 Downgrading to previous firmware versions 8 Firmware image checksums 8 Supported upgrade paths 8 Product integration support 9 Resolved issues 10 Known issues 11 FortiAP 7.4.0 Release Notes 3 Fortinet Inc. Change log Date 2023-06-01 Change description Initial release. FortiAP 7.4.0 Release Notes 4 Fortinet Inc. Introduction Introduction This document provides release information for FortiAP version 7.4.0, build 0540. For more information about your FortiAP device, see the FortiWiFi and FortiAP Configuration Guide. Supported models FortiAP version 7.4.0, build 0540 supports the following models: Wi-Fi 6 Models FAP-231F, FAP-234F, FAP-23JF, FAP-431F, FAP-432F, FAP-433F, FAP-831F Wi-Fi 6E Models FAP-231G, FAP-233G, FAP-431G, FAP-433G FortiAP 7.4.0 Release Notes 5 Fortinet Inc. New features or enhancements New features or enhancements The following table includes FortiAP version 7.4.0 new features and enhancements: Bug ID 268728 867684 868839 887980 902191 Description Federal Information Processing Standards (FIPS) certification. To enable FIPS mode, run the following commands on the FortiAP CLI: cfg -a FIPS_CC=1 cfg -c To disable FIPS mode, factory reset the FortiAP. Note: FAP-431F and FAP-433F cannot support FIPS mode. Support WPA3-SAE security over the mesh backhaul. On the FortiGate CLI (FortiOS 7.4.0), add one mesh-backhaul vap with security wpa3-sae, and assign it to the mesh-root FortiAP. Note: The "Hash-to-Element (H2E) only" option is mandatory for the mesh backhaul. On the mesh-leaf FortiAP CLI, input the following mesh settings: cfg -a MESH_AP_TYPE=1 cfg -a MESH_AP_SSID=meshssidname cfg -a MESH_AP_SECURITY=2 cfg -a MESH_AP_PASSWD=meshssidpassword cfg -c The wtp-profile of FAP-432F and 433F models can set external antenna parameters when the corresponding external antenna is installed. On the FortiGate CLI, input the following commands: config wireless-controller wtp-profile edit "FAP433F" config radio-1 set optional-antenna none | FANT-04ABGN-0606-O-R | FANT-04ABGN0606-P-R end end Support a new data-channel security option "ipsec-sn". The FortiAP serial number is added to the initial IPsec setup message so that it can be used by a dispatcher to query the destination FortiGate. Then the FortiAP will connect to the FortiGate and encrypt the data channel with an IPsec-VPN tunnel. Wireless bonjour-profile feature supports a new service option for Miracast. FortiAP 7.4.0 Release Notes 6 Fortinet Inc. New features or enhancements Region/country code update and DFS certification Bug ID 825182, 886015 876673 Description Enable "Wi-Fi 6E" 6GHz Channels for supported regions and countries. Enable 5GHz UNII-3 channels in certain European countries. Changes in CLI Bug ID 903756 Description A new cfg variable MESH_AP_SECURITY is added for the security mode of mesh-backhaul SSID. cfg -a MESH_AP_SECURITY=0 | 1 | 2 Input 0 for "Open", 1 for "WPA/WPA2-Personal", or 2 for "WPA3-SAE". The default value is 0. FortiAP 7.4.0 Release Notes 7 Fortinet Inc. Upgrade and downgrade information Upgrade and downgrade information Upgrading to FortiAP version 7.4.0 FortiAP 7.4.0 supports upgrading from FortiAP version 7.2.2 and later. Downgrading to previous firmware versions FortiAP 7.4.0 supports downgrading to FortiAP version 7.2.2 and later. Firmware image checksums To get the MD5 checksum code for a Fortinet firmware image, perform the following steps: 1. Go to the Fortinet Support website. 2. Log in to your account. If you do not have an account, create one and then log in. 3. From the top banner, select Download > Firmware Image Checksums. 4. Enter the image file name, including the extension. For example, FAP_221C-v6-build0030-FORTINET.out. 5. Click Get Checksum Code. Supported upgrade paths To view all previous FortiAP versions, build numbers, and their supported upgrade paths, see the Fortinet Documentation website. FortiAP 7.4.0 Release Notes 8 Fortinet Inc. Product integration support Product integration support The following table lists product integration and support information for FortiAP version 7.4.0: FortiOS Web browsers FortiOS 7.4.0 and later. Microsoft Edge version 41 and later. Mozilla Firefox version 59 and later. Google Chrome version 65 and later. Apple Safari version 9.1 and later (for Mac OS X). Other web browsers may work correctly, but Fortinet does not support them. We recommend that the FortiAP firmware version be matched with the respective FortiOS version, when available. Other variations of FortiOS and FortiAP versions may technically work for the lowest common feature set. However, if problems arise, Fortinet Support will ask that the versions be matched, as recommended, before troubleshooting. FortiAP 7.4.0 Release Notes 9 Fortinet Inc. Resolved issues Resolved issues The following issues have been resolved in FortiAP version 7.4.0. For inquiries about a particular bug, visit the Fortinet Support website. Bug ID 371769 797151, 804661, 806019 878837 879756 883157 884413 885589 885851 894996 Description FortiAP could not suppress ARP poison attacks from wireless devices. Fixed various SNMP daemon crash issues. After the configuration of one SSID was changed, wireless clients on the other SSID got disconnected. Clients connected to one Leaf AP cannot communicate with clients connected to the other Leaf AP on the same Root AP. Wi-Fi clients would randomly get disconnected when FortiAP was sending statistics data to the FortiGate. Fixed a kernel panic issue rgu_preempt self-detected stall on CPU. Fixed a kernel panic issue PC is at __kmalloc+0x114/0x1f0. FortiAP with AP_MGMT_VLAN_ID configured would randomly get a connection loop after a firmware was provisioned from the FortiManager or FortiGate. Fixed a kernel panic issue PC is at ieee80211_node_add_ipv4+0x148/0x160 [umac]. FortiAP 7.4.0 Release Notes 10 Fortinet Inc. Known issues Known issues The following issues have been identified in FortiAP version 7.4.0. For inquiries about a particular bug or to report a bug, visit the Fortinet Support website. Bug ID 692160 761298 873396 Description Wireless packets captured by FortiAP radio in Sniffer mode are corrupted. FAP-234F Bluetooth Low Energy (BLE) function cannot work. Bluetooth Low Energy (BLE) function of Wi-Fi 6E FortiAP models would stop working sometimes. Workaround: Reboot the FortiAP. FortiAP 7.4.0 Release Notes 11 Fortinet Inc. www.fortinet.com Copyright© 2023 Fortinet, Inc. All rights reserved. Fortinet®, FortiGate®, FortiCare® and FortiGuard®, and certain other marks are registered trademarks of Fortinet, Inc., and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. All other product or company names may be trademarks of their respective owners. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions, and actual performance and other results may vary. Network variables, different network environments and other conditions may affect performance results. Nothing herein represents any binding commitment by Fortinet, and Fortinet disclaims all warranties, whether express or implied, except to the extent Fortinet enters a binding written contract, signed by Fortinet's General Counsel, with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and, in such event, only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. For absolute clarity, any such warranty will be limited to performance in the same ideal conditions as in Fortinet's internal lab tests. Fortinet disclaims in full any covenants, representations, and guarantees pursuant hereto, whether express or implied. Fortinet reserves the right to change, modify, transfer, or otherwise revise this publication without notice, and the most current version of the publication shall be applicable.madbuild