Description
This article describes several different methods to install FortiAP firmware when it needs to be reloaded, upgraded or downgraded. The following methods can be used:
- Through FortiGate Wireless Controller using FortiGate GUI.
- Through FortiGate Wireless Controller using FortiGate CLI.
- Direct from FortiAP GUI.
- Direct from FortiAP CLI.
- TFTP server during FortiAP boot sequence.
Solution
Download the required FortiAP firmware matching the intended model and release version. Login to support.fortinet.com, go to Support -> Firmware Download -> Select Product.
Specify the FortiAP product matching the FortiAP model and download the desired FortiAP firmware image to a local PC. For FortiAP-221E, the matching FortiAP product is FortiAP-W2.
After downloading the image, upgrade the FortiAP using one of the methods below.
Method 1: FortiGate GUI
If FortiAP is using FortiGate as a wireless controller, the firmware can be pushed from FortiGate.
- Login to the FortiGate GUI, navigate to WiFi & Switch Controller -> Managed FortiAPs
- Select the FortiAP unit from the list and edit it. In the Firmware section, select Upgrade.
- Select Browse and upload the firmware upgrade file. Verify the intended FortiAPs are selected and select Upgrade.
- FortiGate uploads the file to FortiAP. FortiAP reboots for upgrade.
Method 2: FortiGate CLI
If FortiAP is using FortiGate as wireless controller, the firmware can be pushed from FortiGate.
- Place the FortiAP firmware image on a TFTP server.
- In FortiGate CLI, type the command to obtain the image onto the FortiGate.
FortiGate # execute wireless-controller upload-wtp-image tftp <filename> <TFTP server address>
- Upgrade the FortiAP by using the following command. A specific FortiAP or all FortiAPs can be selected.
FortiGate # execute wireless-controller reset-wtp <S/N | all | wtp-group>
The following methods interact with the FortiAP directly.
Direct Method 1: FortiAP GUI
This method is available if the FortiAP supports HTTPS administrative access.
- Enable HTTPS administrative access for FortiAP, see the article HTTPS and SSH administrative access for FortiAP.
- Login to FortiAP GUI using the FortiAP's IP address and credential. Select Upload/Upgrade from the admin dropdown.
- Browse to the firmware file and Select 'Upload'. FortiAP reboots to upgrade.
Direct Method 2: FortiAP CLI
The firmware can be loaded by using FortiAP CLI commands from SSH or console access.
- Place the FortiAP firmware image on a TFTP server.
- Configure network configuration (IP address and default gateway if needed) of the FortiAP. Ensure the connection with TFTP server.
- Type the following command:
FortiAP # restore <filename> <TFTP server address>
Direct Method 3: TFTP image load during FortiAP boot sequence.
Unplug the FortiAP's power cable or POE cable and plug in, or run 'reboot' command to start the boot sequence. Steps to load the firmware are shown below. At the end of the firmware load, FortiAP configuration is reset to factory default values.
FortiAP # reboot
The system is going down NOW !!
The system is going down NOW !!
Sending SIGTERM to all processes.
Sending SIGTERM to all processes.
Please stand by while rebooting the system.
Restarting system.
FortiAP-220B (Aug 25 2010 - 11:26:25)
Ver:04000008
Serial number: FAP22B3U1000****
DRAM: b8050000: 0xc0140180
64 MB
id read 0x100000ff
flash size 16MB, sector count = 256
Flash: 16 MB
Using default environment
In: serial
Out: serial
Err: serial
Net: ag7100_enet_initialize...
ATHRF1E:
No phy found for unit 0
eth0: 00:09:0f:**:**:**
eth0 up
ATHRF1E: Port 1, Negotiation timeout
ATHRF1E: unit 1 phy addr 0 ATHRF1E: reg0 3100
eth1: 00:09:0f:**:**:**
eth1 up
eth0, eth1
Hit any key to stop autoboot: 4 <----- Hit any key
[G]: Get OS image from TFTP server.
[Q]: Quit menu and continue to boot with default OS.
[H]: Display this list of options.
Enter G,Q,or H: <----- Input 'G' key
Please connect TFTP server to Ethernet port 'eth1'.
Enter TFTP server address [192.168.1.1]: <----- Input TFTP server address
Enter local address [192.168.1.2]: <----- Input local address
Enter firmware image file name [image.out]: <----- Input firmware file name
Note:
Older FortiAP BIOS such as 04000008 do not support a 1000Mbps link during boot. When such units connect to a 1000Mbps switch, the Ethernet link is not established and the connection to the TFTP server fails. In this case link speed of the port connected to FortiAP should be temporarily changed to 10/100Mbps.