Skip to main content
Jadron
Jadron
New Member
September 4, 2019
Solved

FortiAP Firmware Best Practice questions.

  • September 4, 2019
  • 1 reply
  • 3781 views

We manage quite a few fortigate's, over time life cycles of the Firewall vs. AP's with some of our clients got staggered. So for example, we have some FortiGate 60E's running FortiAP321C's.....not ideal I know, just the situation that we're in.

 

What that above scenario seems to have created:

Fortigate 60E - Latest firmware supported is 6.2.0+

FortiAP 321C - Latest Firmware revision is 6.0.0 (Can't go to 6.2.0). 

 

The general consensus among colleagues and myself is we try to follow is matching the FortiAP/Fortigate Firmware, no exceptions. However I can't seem to find any official Fortinet documentation suggesting they need to match. A lot of here-say, and in most cases people are not in this staggered situation we're in.

 

Is it a sin to exceed the capable maximum FortiAP firmware revision with the Fortigate leaving the AP stuck on an older release? 

 

What is the best practice in this scenario? Do we:

A) Keep our 60E's one major firmware revision behind and stay in the 6.0.0 Series?

OR

B) Let the Fortigate exceed the AP's maximum firmware level?

 

Lets assume buying new AP's is not an option here please.

 

Sorry if the (official Fortinet) answer is somewhere simple, I've been digging through guides, update paths, admin pdf's, searches - this info may be readily available some where.... the ever shifting documentation platforms of the Forti-products has me bamboozled. 

 

Thanks,

 

 

    Best answer by Toshi_Esumi

    First of all, FortiOS 6.2.1 Release Notes [https://docs.fortinet.com...ntegration-and-support] says below under "Product Integration and Support" section:

     

    FortiAP

    [ul]5.4.2 and later5.6.0 and later[/ul]

    So doesn't have to be "Wave 2" version of AP.

     

    But, yes, we keep all our fleet of FGTs running with the latest 6.0, one major version behind the latest to avoid new major issues.

     

     

    1 reply

    Toshi_Esumi
    SuperUser
    Toshi_EsumiAnswer
    SuperUser
    September 4, 2019

    First of all, FortiOS 6.2.1 Release Notes [https://docs.fortinet.com...ntegration-and-support] says below under "Product Integration and Support" section:

     

    FortiAP

    [ul]5.4.2 and later5.6.0 and later[/ul]

    So doesn't have to be "Wave 2" version of AP.

     

    But, yes, we keep all our fleet of FGTs running with the latest 6.0, one major version behind the latest to avoid new major issues.

     

     

    Jadron
    JadronAuthor
    New Member
    September 4, 2019

    Thank you, I had actually just found the Integration section of the Fortigate's 6.2.0 notes and saw this. Completly forgot about this.

     

    So yes, we can exceed the AP's firmware in my scenario (as long as the AP is running those versions+). 

     

    I hear you on the best practice of matching, It's what we've been accustomed to. 

     

     

    Terms & ConditionsAccessibility statement