Skip to main content
vshahrokhkhani
Staff
vshahrokhkhani
Staff
July 29, 2025

Troubleshooting Tip: FortiAP central management compatibility issue with ADOM and FortiOS version mismatch

  • July 29, 2025
  • 0 replies
  • 1190 views
Description This article describes a compatibility issue that occurs when installing the configuration of a FortiGate running v7.4 (which acts as the controller of FortiAPs), if it is part of an ADOM with v7.2 and with FortiAP central management enabled. This behavior may also be observed in similar scenarios where FortiGate devices on lower firmware (e.g., v7.2) are managed by higher ADOM versions (e.g., v7.4), due to similar syntax and validation differences.
Scope FortiManager v7.4.
Solution

Installing configuration for a FortiGate that manages FortiAPs running version v7.4 while the FortiGate is still in a v7.2 ADOM can fail due to syntax differences between FortiAP profile definitions across ADOM and FortiOS versions. Similar behavior can also occur when managing FortiGate devices running FortiOS v7.2 from an ADOM on v7.4. In such cases, FortiManager may still encounter validation or install failures when pushing FortiAP profiles because FortiAP profile definitions and validation logic differ between FortiOS versions, which can lead to install failures when pushed from a mismatched ADOM.

 

The error can be similar to the following log ('channel X is not supported') (this is an example - actual results will differ based on FortiAP models, bands, countries, etc):

 

error radio-1 channel- 1:-999 - channel 1 is not supported. dfs=yes,region=,plat=431F,cnty=US,band=802.11ac,bond=20MHz - channel 1 is not supported. dfs=yes,region=,plat=431F,cnty=US,band=802.11ac,bond=20MHz

 

Or: 

 

Post vdom failed:
error radio-2 channel- 36:-999 - channel 36 is not supported. dfs=yes,region=,plat=U231F,cnty=DE,band=,bond=40MHz - (in Template 7622-3) channel 36 is not supported. dfs=yes,region=,plat=U231F,cnty=DE,band=,bond=40MHz

 

This indicates that FortiAP profile deployment is sensitive to ADOM and FortiOS version alignment, and mismatches in either direction may lead to install failures.

 

To overcome this issue, three workarounds can be used:

  1. Upgrading ADOM to v7.4 if Centralized Management for FortiAP is enabled in an ADOM managing a v7.4 FortiGate. If the issue occurs when using a v7.4 ADOM with FortiGate devices on v7.2, upgrading the FortiGate to match the ADOM version can help avoid these compatibility limitations.
  2. Disabling central management for FortiAP, creating new FortiAP profiles/templates to be assigned to the v7.4/v7.2 FortiGate and its FortiAPs. This can be the last option in case central AP management is required.
  3. Using a CLI/Jinja script to override the band configuration using syntax compatible with the target FortiGate firmware version, and then install. This will be the most convenient option until the ADOM upgrade is performed to mitigate the syntax mismatch.

 

For example, a CLI template can be used to override the band configuration. Refer to the below CLI template as an example (It needs to be changed based on ADOM/FortiGate version, configuration, and FortiAP profile):

config wireless-controller wtp-profile
    edit "FAP431F-default"
        config radio-1
            set band 802.11b 802.11g 802.11n-2G
        end

        config radio-2
            set band 802.11a 802.11n-5G 802.11ax-5G 802.11ac-5G
        end
    next
end

  • Assign the CLI template to the FortiGates managing FortiAPs.
  • On the next install, FortiManager will push this change along with the configuration present in the FortiAP Template.
  • The CLI template has precedence over all other configurations in FortiManager.
    Terms & ConditionsAccessibility statement