Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ATC
New Contributor

FortiAPs down after Fortigate update

I upgraded our Fortigate 100E to from 5.4.8 to 5.6.2 then 5.6.3 and after the update, none of the managed APs are working. I'm assuming I should have upgraded the APs first? What can I do now?

6 REPLIES 6
Toshi_Esumi
SuperUser
SuperUser

You should have checked the release notes for 5.6.3 first to see if your current AP firmware was supported. Then if not (it says 5.4.2 and later) you needed to upgrade APs first.

If you haven't changed the original config on the APs, they should still have 192.168.1.2/24 as a management IP. You can directly hook up your PC/laptop (or via a PoE switch) and use GUI to get in and upgrade them.

ATC

I did check the version of the APs first. They were on 5.4.4 and the release notes for the Fortigate upgrade said the APs had to be on at least 5.4.2.

I have now upgraded one of the APs via the CLI to the same version as the Fortigate and it still is not working.

Toshi_Esumi

Then that was not the problem. What part is exactly not working then? Do you see them in Managed FortiAPs. I guess you still seem them active. Do you see SSIDs you're supposed to see? Are they using the same profile? They might be copied to a "Temp" profile during the upgrade especially when the default profile is used.

But fist of all, did you check "diag debug config-error-log read" to see if any config has been thrown out during the upgrade? You should always check it first every time when you upgraded a FortiGate before, or at the same time, backing up the new config file.

ATC

Under "Managed FortiAPs" the STATE is down and no one can connect to it. The AP has an IP address and I can ping it, so I no there are no network issues. I've run execute wireless-controller restart-acd per a KB article, still no go.

alladas
New Contributor

I had the same issue. When I consoled it, I see that all configuration is lost on the FortiAP. I had to reconfigure and it worked fine.

ATC
New Contributor

Well I figured it out, can't believe it took me this long. For some reason, after the firewall upgrade, the time was off on the Fortigate. This is despite the fact that it is set to get its time automatically from the fortiguard NTP servers. It couldn't contact those servers (maybe because the time was off?) so the date on the fortigate was 1970! Obviously the time must be used the in the DTLS negotiation and that is why they were showing down. Can't believe it took me half a day before I realized the time was off.

 

Thanks to all of you for responding here.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors