After a managed FortiGate unit acting as a wireless controller is upgraded to v7.4.2 or above, Policy Package installations might fail with the following error message:
Start installing <FORTIGATE_NAME> config wireless-controller vap <FORTIGATE_NAME> (vap) edit "<SSID_NAME>" <FORTIGATE_NAME> (<SSID_NAME>) set voice-enterprise disable
command parse error before 'voice-enterprise' Command fail. Return code -61
This issue is caused due to configuration changes in the SSID profile. Until v7.4.1, support for both 802.11k and 802.11v protocols was controlled by the 'voice-enterprise' option under 'config wireless-controller vap' (both should be enabled or disabled). Starting with v7.4.2, each one of these protocols can be enabled or disabled individually: 'config wireless-controller vap' has been replaced in v7.4.2 with '80211k' and '80211v'.
v7.4.1 and below:
config wireless-controller vap edit <SSID_NAME> set set voice-enterprise {Enable | disable} next end
v7.4.2 and above:
config wireless-controller vap edit <SSID_NAME> set 80211k {Enable | disable} set 80211v {Enable | disable} next end
To solve the issue, one of the procedures below should be followed:
Method 1: import the AP profile configuration:
- Verify that the ADOM (to which the FortiGate unit is associated) has the FortiAP box checked.
- In Device Manager, perform a 'Retrieve Config' for the FortiGate.
- Select 'Import Configuration' and select 'Import AP Profiles' (follow the steps to import all FortiAP templates).
- OPTIONAL: run the CLI command 'exe fmpolicy print-adom-object <ADOM> 1396 <SSID_NAME>' and verify that 'set voice-enterprise disable' has been removed.
- Re-install Policy Package
Method 2: only import a specific SSID configuration:
- Verify that the ADOM (which the FortiGate unit is associated with) has the FortiAP box checked.
- In Device Manager, perform a 'Retrieve Config' for the FortiGate.
- Go to AP Manager -> SSID, select the impacted SSID -> More -> Import.
- OPTIONAL: run the CLI command 'exe fmpolicy print-adom-object <ADOM> 1396 <SSID_NAME>' and verify that 'set voice-enterprise disable' has been removed.
- Re-install the Policy Package.
Related documents:
FortiOS 7.4.0 New Features - Support individual control of 802.11k and 802.11v protocols
Technical Tip: FortiManager data configuration and synchronization procedures
|