Fortinet black logo

Strong cryptographic cipher requirements for FortiAP

Strong cryptographic cipher requirements for FortiAP

FortiOS 7.0.0 has removed 3DES and SHA1 from the list of strong cryptographic ciphers. To satisfy the cipher requirement, current FortiAP models whose names end with letter E or F should be upgraded to the following firmware versions:

  • FortiAP (F models): version 6.4.3 and later
  • FortiAP-S and FortiAP-W2 (E models): version 6.2.4, 6.4.1, and later
  • FortiAP-U (EV and F models): version 6.0.3 and later
  • FortiAP-C (FAP-C24JE): version 5.4.3 and later

If FortiGates running FortiOS 7.0.1 and later need to manage FortiAP models that cannot be upgraded or legacy FortiAP models whose names end with the letters B, C, CR, or D, administrators can allow those FortiAPs' connections with weak cipher encryption by using compatibility mode:

config wireless-controller global
    set tunnel-mode compatible
end

Strong cryptographic cipher requirements for FortiAP

FortiOS 7.0.0 has removed 3DES and SHA1 from the list of strong cryptographic ciphers. To satisfy the cipher requirement, current FortiAP models whose names end with letter E or F should be upgraded to the following firmware versions:

  • FortiAP (F models): version 6.4.3 and later
  • FortiAP-S and FortiAP-W2 (E models): version 6.2.4, 6.4.1, and later
  • FortiAP-U (EV and F models): version 6.0.3 and later
  • FortiAP-C (FAP-C24JE): version 5.4.3 and later

If FortiGates running FortiOS 7.0.1 and later need to manage FortiAP models that cannot be upgraded or legacy FortiAP models whose names end with the letters B, C, CR, or D, administrators can allow those FortiAPs' connections with weak cipher encryption by using compatibility mode:

config wireless-controller global
    set tunnel-mode compatible
end