Fortinet black logo

FortiAP Release Notes

Home FortiAP / FortiWiFi 7.4.0 FortiAP Release Notes
7.4.0
7.4.2
7.4.1
7.4.0
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0

New features or enhancements

New features or enhancements

The following table includes FortiAP version 7.4.0 new features and enhancements:

Bug ID

Description

268728

Federal Information Processing Standards (FIPS) certification.

To enable FIPS mode, run the following commands on the FortiAP CLI:

cfg -a FIPS_CC=1

cfg -c

To disable FIPS mode, factory reset the FortiAP.

Note: FAP-431F and FAP-433F cannot support FIPS mode.

867684

Support WPA3-SAE security over the mesh backhaul.

On the FortiGate CLI (FortiOS 7.4.0), add one mesh-backhaul vap with security wpa3-sae, and assign it to the mesh-root FortiAP.

Note: The "Hash-to-Element (H2E) only" option is mandatory for the mesh backhaul.

On the mesh-leaf FortiAP CLI, input the following mesh settings:

cfg -a MESH_AP_TYPE=1

cfg -a MESH_AP_SSID=meshssidname

cfg -a MESH_AP_SECURITY=2

cfg -a MESH_AP_PASSWD=meshssidpassword

cfg -c

868839

The wtp-profile of FAP-432F and 433F models can set external antenna parameters when the corresponding external antenna is installed.

On the FortiGate CLI, input the following commands:

config wireless-controller wtp-profile

edit "FAP433F"

config radio-1

set optional-antenna none | FANT-04ABGN-0606-O-R | FANT-04ABGN-0606-P-R

end

end

887980

Support a new data-channel security option "ipsec-sn".

The FortiAP serial number is added to the initial IPsec setup message so that it can be used by a dispatcher to query the destination FortiGate. Then the FortiAP will connect to the FortiGate and encrypt the data channel with an IPsec-VPN tunnel.

902191

Wireless bonjour-profile feature supports a new service option for Miracast.

973755

Support new model FAP-234G (build 5578).

Note: FortiGate running FortiOS 7.4.0 and later can manage FAP-234G.

Region/country code update and DFS certification

Bug ID

Description

825182, 886015

Enable "Wi-Fi 6E" 6GHz Channels for supported regions and countries.

876673

Enable 5GHz UNII-3 channels in certain European countries.

Changes in CLI

Bug ID

Description

903756

A new cfg variable MESH_AP_SECURITY is added for the security mode of mesh-backhaul SSID.

cfg -a MESH_AP_SECURITY=0 | 1 | 2

Input 0 for "Open", 1 for "WPA/WPA2-Personal", or 2 for "WPA3-SAE". The default value is 0.

Previous
Next

New features or enhancements

The following table includes FortiAP version 7.4.0 new features and enhancements:

Bug ID

Description

268728

Federal Information Processing Standards (FIPS) certification.

To enable FIPS mode, run the following commands on the FortiAP CLI:

cfg -a FIPS_CC=1

cfg -c

To disable FIPS mode, factory reset the FortiAP.

Note: FAP-431F and FAP-433F cannot support FIPS mode.

867684

Support WPA3-SAE security over the mesh backhaul.

On the FortiGate CLI (FortiOS 7.4.0), add one mesh-backhaul vap with security wpa3-sae, and assign it to the mesh-root FortiAP.

Note: The "Hash-to-Element (H2E) only" option is mandatory for the mesh backhaul.

On the mesh-leaf FortiAP CLI, input the following mesh settings:

cfg -a MESH_AP_TYPE=1

cfg -a MESH_AP_SSID=meshssidname

cfg -a MESH_AP_SECURITY=2

cfg -a MESH_AP_PASSWD=meshssidpassword

cfg -c

868839

The wtp-profile of FAP-432F and 433F models can set external antenna parameters when the corresponding external antenna is installed.

On the FortiGate CLI, input the following commands:

config wireless-controller wtp-profile

edit "FAP433F"

config radio-1

set optional-antenna none | FANT-04ABGN-0606-O-R | FANT-04ABGN-0606-P-R

end

end

887980

Support a new data-channel security option "ipsec-sn".

The FortiAP serial number is added to the initial IPsec setup message so that it can be used by a dispatcher to query the destination FortiGate. Then the FortiAP will connect to the FortiGate and encrypt the data channel with an IPsec-VPN tunnel.

902191

Wireless bonjour-profile feature supports a new service option for Miracast.

973755

Support new model FAP-234G (build 5578).

Note: FortiGate running FortiOS 7.4.0 and later can manage FAP-234G.

Region/country code update and DFS certification

Bug ID

Description

825182, 886015

Enable "Wi-Fi 6E" 6GHz Channels for supported regions and countries.

876673

Enable 5GHz UNII-3 channels in certain European countries.

Changes in CLI

Bug ID

Description

903756

A new cfg variable MESH_AP_SECURITY is added for the security mode of mesh-backhaul SSID.

cfg -a MESH_AP_SECURITY=0 | 1 | 2

Input 0 for "Open", 1 for "WPA/WPA2-Personal", or 2 for "WPA3-SAE". The default value is 0.

Previous
Next