FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
GusZ
Staff
Staff
Article Id 370876
Description This article describes a FortiAP-related error message and how to prevent or solve it.
Scope FortiManager v7.4, managing FortiAP and FortiGate units acting as wireless controller upgraded to v7.4.2 and newer.
Solution

After a managed FortiGate unit acting as a wireless controller is upgraded to v7.4.2 or above, Policy Package installations might fail with the following error message:


Start installing
<FORTIGATE_NAME> config wireless-controller vap
<FORTIGATE_NAME> (vap) edit "<SSID_NAME>"
<FORTIGATE_NAME> (<SSID_NAME>) set voice-enterprise disable

command parse error before 'voice-enterprise'
Command fail. Return code -61


This issue is caused due to configuration changes in the SSID profile. Until v7.4.1, support for both 802.11k and 802.11v protocols was controlled by the 'voice-enterprise' option under 'config wireless-controller vap' (both should be enabled or disabled). Starting with v7.4.2, each one of these protocols can be enabled or disabled individually: 'config wireless-controller vap' has been replaced in v7.4.2 with '80211k' and '80211v'.

 

v7.4.1 and below:

 

config wireless-controller vap
    edit <SSID_NAME>
        set set voice-enterprise {Enable | disable}
    next
end

 

v7.4.2 and above:

 

config wireless-controller vap
    edit <SSID_NAME>
        set 80211k {Enable | disable}
        set 80211v {Enable | disable}
    next
end


To solve the issue, one of the procedures below should be followed:

Method 1: import the AP profile configuration:

  1. Verify that the ADOM (to which the FortiGate unit is associated) has the FortiAP box checked.
  2. In Device Manager, perform a 'Retrieve Config' for the FortiGate.
  3. Select 'Import Configuration' and select 'Import AP Profiles' (follow the steps to import all FortiAP templates).
  4. OPTIONAL: run the CLI command 'exe fmpolicy print-adom-object <ADOM> 1396 <SSID_NAME>' and verify that 'set voice-enterprise disable' has been removed.
  5. Re-install Policy Package


Method 2: only import a specific SSID configuration:

  1. Verify that the ADOM (which the FortiGate unit is associated with) has the FortiAP box checked.
  2. In Device Manager, perform a 'Retrieve Config' for the FortiGate.
  3. Go to AP Manager -> SSID, select the impacted SSID -> More -> Import.
  4. OPTIONAL: run the CLI command 'exe fmpolicy print-adom-object <ADOM> 1396 <SSID_NAME>' and verify that 'set voice-enterprise disable' has been removed.
  5. Re-install the Policy Package.


Related documents:

FortiOS 7.4.0 New Features - Support individual control of 802.11k and 802.11v protocols

Technical Tip: FortiManager data configuration and synchronization procedures