Help
FortiAP
FortiAP devices are thin wireless access points (AP) supporting the latest Wi-Fi technologies (multi-user MIMO 802.11ac Wave 1 and Wave 2, 4x4), as well as 802.11n, 802.11AX , and the demand for plug and play deployment.
kjamshir
Staff
Staff

Created on ‎01-08-2021 01:55 PM Edited on ‎12-19-2024 09:44 PM By Community Manager

Article Id 197337

Technical Tip: Managed FortiAP Firmware Upgrade From FortiGate (Integrated wireless management)

Description

  • Via GUI for individual FortiAP
  • Via CLI for individual, all, or group of FortiAPs
  • Option A: Immediate upgrade
  • Option B: Schedule a reboot for FortiAP to trigger upgrade using script


Solution

Via GUI individual FortiAP

 

 

  1. Connect to the FortiGate that manages the FortiAP.
  2. Go to WiFi & Switch Controller > Managed FortiAPs and make sure the device State is Online.
  3. Select the FortiAP and select Edit. If new firmware is available, a message from FortiGuard appears. Select Upgrade. It is  also possible upload the firmware manually from the computer.
  4. After the FortiAP uploads the firmware and reboots, go to WiFi & Switch Controller > Managed FortiAPs. Confirm that OS Version displays the correct firmware.

Via CLI for individual, all or group of FortiAP

  • To simplify the operation and maintenance of a Fortinet-powered secure wireless infrastructure, it is possible to have the distributed FortiAP update their own firmware images directly from the system acting as the Wireless Access Controller. To enable this, add the FortiAP firmware to the FortiGate that is the Access Controller. it is possible to do it  via TFTP or FTP in a similar manner as applying a firmware update.

Step 1: Confirm the network requirements

  • If there is already an established FortiAP and FortiGate Wireless Controller connection, it is possible to push the firmware from FortiGate when image-download option is enabled global and under the FortiAP unit in the FortiGate at join time.
  • Image-download under Global:
    • Default setting is enabled. It is possible to confirm the current status by running the following command:
# get wireless-controller global
    • To change the setting:
config global
config wireless-controller global
set image-download {enable | disable}
end
  • Image-download under Specific FortiAP or FortiAP group:
    • To do not upgrade FortiAP image on all the units at the join time, keep it enabled in global but disable it for the specific FortiAP which is the only member of a "wtp" group or group of FortiAPs which share the same "wtp" group.
    • Default setting is enabled. 
    • To change the settings:
config wireless-controller wtp
edit <name>
set image-download {enable | disable}
end

Step 2: Upload FortiAP firmware image to FortiGate

  • Place the FortiAP firmware image on a FTP or TFTP server.
  • Each firmware image uploaded is only relevant to one FortiAP model. If there are multiple models that are NOT the same image upload them individually.
  • It is possible to upload only one image per model.
  • In FortiGate CLI, type the command to upload the image to the FortiGate. Note: If there are multiple VDOMs, execute the command under global VDOM
execute wireless-controller upload-wtp-image tftp <filename> <TFTP server address>

or

execute wireless-controller upload-wtp-image ftp <filename> <ftp server>[:ftp port] username password

Step 3: Verify that the image is uploaded

execute wireless-controller list-wtp-image

  • To deleted an old images:

execute wireless-controller delete-wtp-image <all>|<image-name> 

Step 4 : FortiAP firmware automatically uploaded from FortiGate to FortiAP at join time.

Option A: Immediate Upgrade from FortiGate Wireless controller

  • FortiAP OS version v6.0 and onward
    • If the FortiGate unit has a more recent version of the FortiAP firmware, the FortiAP unit will download and install it at join time if in global and under the FortiAP profile image-download is enabled.
    • To restart managed WTP from the FortiGate: 

execute wireless-controller reset-wtp <all>|<SN>|<wtp-group> 

  • For older versions, it will automatically upload and reboot the FortiAP if in global and under the FortiAP profile image-download is enabled.
    • The FortiAP status will change from Online > Image Downloading > Reboot

Option B: Schedule reboot for FortiAP to trigger upgrade from FortiGate Wireless controller using CLI Script

  • This script apply only for FortiAP OS version v6.0 and onward.
  • From GUI: configure script by going to (Global VDOM if exists) > Security Fabric > Automation > Create new
  • The below steps are to configure the script via CLI

Step 4-B-1 Configure the script schedule

config global

config system automation-trigger

edit "Wifi-Upgrade-trigger"

set trigger-type scheduled

set trigger-frequency weekly

set trigger-weekday saturday

set trigger-hour 2

set trigger-minute 5

next

end

Step 4-B-2: Configure the script to reset managed FortiAP

config global

config system automation-action

edit "Reset-FortiAP"

set action-type cli-script

set required enable

set script "config vdom

edit root

execute wireless-controller reset-wtp <all>|<SN>|<wtp-group> 

end"

next

end

config system automation-stitch

edit "Wifi-Upgrade-Schedule"

set trigger "Wifi-Upgrade-trigger"

set action "Reset-FortiAP"

end

Step 4-B-3: After script got executed disable the script

  • After the script got executed, delete or disable the script

config global

config system automation-stitch

edit "Wifi-Upgrade-Schedule"

set status disable

end

Labels:
8570
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.