Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
vshahrokhkhani
Staff
Staff

Created on ‎07-28-2025 10:11 PM Edited on ‎07-29-2025 08:50 AM By Moderator

Article Id 403920

Troubleshooting Tip: Compatibility Issue of ADOM v7.2 where FortiAP central Management is enabled, with FortiGates in v7.4

Description This article describes a compatibility issue that occurs when installing the configuration of a FortiGate running v7.4 (which acts as the controller of FortiAPs), if it is part of an ADOM with v7.2 and with FortiAP central management enabled.
Scope FortiManager v7.4.
Solution

Installing configuration for a FortiGate running v7.4 version, which manages FortiAPs, while the FortiGate is still in a v7.2 ADOM, can fail, due to syntax differences of FortiAP profile in v7.4 ADOM and v7.4 FortiGate.

To be more specific, FortiAP profiles use different bands in v7.2 and 7.4, and the failure happens when pushing these profiles, while central management is enabled.

 

The error can be similar to the following log ('channel X is not supported') (this is an example - actual results will differ based on FortiAP models, bands, countries, etc):

 

error radio-1 channel- 1:-999 - channel 1 is not supported. dfs=yes,region=,plat=431F,cnty=US,band=802.11ac,bond=20MHz - channel 1 is not supported. dfs=yes,region=,plat=431F,cnty=US,band=802.11ac,bond=20MHz

 

or 

 

Post vdom failed:
error radio-2 channel- 36:-999 - channel 36 is not supported. dfs=yes,region=,plat=U231F,cnty=DE,band=,bond=40MHz - (in Template 7622-3) channel 36 is not supported. dfs=yes,region=,plat=U231F,cnty=DE,band=,bond=40MHz

 

To overcome this issue, three workarounds can be used:

  1. Upgrading ADOM to v7.4 if Centralized Management for FortiAP is enabled in an ADOM.
  2. Disabling central management for FortiAP, creating new FortiAP profiles/templates to be assigned to the v7.4/v7.2 FortiGate and its FortiAPs." This can be least option in case central AP management is required " 
  3. Using a CLI/Jinja script to override the band configuration and then install , This will be most convenient option until ADOM upgrade is performed to mitigate the syntax mismatch.

For example, a CLI template can be used to override the band configuration. Refer to the below CLI template as an example (It needs to be changed based on configuration and FortiAP profile):

config wireless-controller wtp-profile
    edit "FAP431F-default"
        config radio-1
            set band 802.11b 802.11g 802.11n-2G
        end

        config radio-2
            set band 802.11a 802.11n-5G 802.11ax-5G 802.11ac-5G
        end
    next
end

  • Assign the CLI template to the FortiGates managing FortiAPs.
  • On the next install, FortiManager will push this change along with the configuration present in the FortiAP Template.
  • The CLI template has precedence over all other configurations in FortiManager.
136
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.