Introduction
This document provides the following information for FortiAP version 5.4.2:
l Supported models l What’s new in FortiAP 5.4.2 l Upgrade Information l Product Integration and Support l Resolved Issues
For more information on upgrading your FortiAP device, see the Deploying Wireless Networks for FortiOS 5.4 guide in the Fortinet Document Library.
Supported models
FortiAP version 5.4.2 supports the following models:
Model support
| Model | Build |
| FAP-11C, FAP-14C, FAP-21D, FAP-24D, FAP-25D, FAP-112B,
FAP-112D, FAP-221B, FAP-221C, FAP-222B, FAP-222C, FAP-223B, FAP-223C, FAP-224D, FAP-320B, FAP-320C, FAP-321C, FAP-CAM-214B |
0354 |
What’s new in FortiAP 5.4.2
The following is a list of new features and enhancements in FortiAP version 5.4.2:
- Support for DFS channels on more FAP SKUs:
- FAP-321C-S, l FAP-222C-K l FAP-221B-I, FAP-221C-I, FAP-222C-I, FAP-223C-I, FAP-320B-I, FAP-320C-I, FAP-321C-I
- Support for 64-digit hexadecimal passphrase in WPA2-Personal SSID
The following features require FortiCloud 3.1.0:
- OKC support for FortiCloud WPA2-Enterprise SSID with RADIUS authentication l Dynamic VLAN support for FortiCloud WPA2-Enterprise SSID l Support for time zone and day-light-saving settings from FortiCloud l During firmware upgrade, FAP can download firmware image from a HTTPS server as instructed by FortiCloud.
What’s new in FortiAP 5.4.2 Introduction
The following features require FortiGate running FortiOS 5.6.0:
- PMF support for local-standalone SSID with WPA2-Personal/Enterprise security
- New security option for CAPWAP data channel: IPsec VPN
Note: FAP-320B cannot support this feature due to its flash limit. l Support for QoS Profile (rate limits per SSID and per client IP) l Add “lease-time” setting to NAT-mode local-standalone VAP
6
Upgrade Information
Upgrading from FortiAP version 5.4.1
FortiAP 5.4.2 supports upgrading from 5.4.1.
Downgrading to previous firmware versions
FortiAP 5.4.2 does not support downgrading to previous firmware versions.
Firmware image checksums
The MD5 checksums for all Fortinet software and firmware releases are available at the Customer Service & Support portal, https://support.fortinet.com. After logging in select Download > Firmware Image Checksums, enter the image file name including the extension, and select Get Checksum Code.
Supported Upgrade Paths
To view all previous FortiAP versions, build numbers, and their supported upgrade pathways, see the following Fortinet Cookbook link:
http://cookbook.fortinet.com/supported-upgrade-paths-fortiap/
Product Integration and Support
FortiAP 5.4.2 support
The following table lists FortiAP version 5.4.2 product integration and support information.
FortiAP 5.4.2 support
| Web Browsers | l Microsoft Internet Explorer version 11 l Mozilla Firefox version 41 l Google Chrome version 47
l Safari 8 Other web browsers may function correctly, but are not supported by Fortinet. |
| FortiOS | 5.4.2 and later |
| FortiExplorer (Windows/MAC) | 2.6.0 (model FAP-11C only) |
| FortiExplorer iOS | 2.0.0 (models FAP-11C, 21D, 24D, 112D, 320B, and 320C only) |
8
Resolved Issues
The following issues have been fixed in version 5.4.2. For inquires about a particular bug, please contact Customer Service & Support.
| Bug ID | Description |
| 206429 | FAP WIDS function could not detect spoofed de-authentication attack to its operating SSID. |
| 300277 | The NAT setting in FAP was not cleared correctly when VAP configuration in FortiGate has localstandalone disabled. (FortiGate will have the fix in FortiOS 5.6.0.) |
| 369467 | In FortiCloud captive-portal SSID setup, Social Media login page might become inaccessible due to DNS load balancing or rotation. |
| 375543 | FAP reported excess event logs about operating channel and Tx Power on 2.4 GHz radio. |
| 307852 | In FAP GUI, FortiCloud Account field now allows up to 50 characters. |
| 381375 | BPDU frames got truncated by FAP LAN to tunnel SSID when CAPWAP-data is plain text. |
| 381602 | Country code “AUSTRALIA” should be supported by FAP with region code “N “. |
| 390947 | Country code “SAUDI ARABIA” should be supported by FAP with region code “E “. |
| 382926 | Country code “INDONESIA” now is supported by a new region code “F “. |
| 380931 | Schedule of local-standalone SSID did not work when FAP lost connection with FortiCloud. |
| 374626 | Memory usage of IP pool of DHCP server in NAT-mode local-standalone SSID has been improved. |
| 369162 | For dual-radio FAP platforms, when both radios have the same NAT-mode local-standalone SSID configured, they can use the same IP and subnet mask settings now. |
| 379123 | Local-standalone SSID can support pre-authentication now. |
| 391677 | FAP-320C had lower TX power than expected. |
| 281684 | FAP sometimes encountered “PN check failed” issue. |
| 395016 | FAP-320C-E 2.4GHz Radio had inconsistent TX power when configured 1 dBm. |
| 395010 | FAP-320C-E 5Ghz Radio TX power was stuck at 0 once cwWtpd was killed. |
| 395244 | Improvement. Now FAP sends WTP ID information packet to FortiPresence Server more frequently. |
Resolved Issues
| Bug ID | Description |
| 389205 | FortiAP 5.4.2 is no longer vulnerable to the following CVE Reference: 2016-6308, 2016-6307, 2016-6306, 2016-6305, 2016-6304, 2016-6303, 2016-6302, 2016-2183, 2016-2182, 2016-2181, 2016-2180, 2016-2179, 2016-2178, 2016-2177.
Visit https://fortiguard.com/psirt for more information. |
10
Known Issues
The following issues have been identified in version 5.4.2. For inquires about a particular bug or to report a bug, please contact Customer Service & Support.
| Bug ID | Description |
| 301726 | Sniffer mode does not work on 802.11ac radios. Sniffer will be stuck in INIT(0) state and no packets will be captured. |
| 300081 | FortiAPs may encounter high CPU usage intermittently after a FortiGate wireless controller pushes a local-authentication virtual AP (VAP) configuration to them. |
| 245323 | Spectrum analysis may result in high CPU usage on some FortiAP models including the FAP221B, FAP-223B, and FAP-221C. |
| 236312 | Split-tunneling SSIDs do not support VLANs. |