Technical Tip: Managed FortiAP Firmware Upgrade From FortiGate (Integrated wireless management)

• Option A: Immediate upgrade

• Option B: Schedule a reboot for FortiAP to trigger upgrade using script

1. Connect to the FortiGate that manages the FortiAP.
2. Go to WiFi & Switch Controller > Managed FortiAPs and make sure the device State is Online.
3. Select the FortiAP and select Edit. If new firmware is available, a message from FortiGuard appears. Select Upgrade. You can also upload the firmware manually from your computer.
4. After the FortiAP uploads the firmware and reboots, go to WiFi & Switch Controller > Managed FortiAPs. Confirm that OS Version displays the correct firmware.

• To simplify the operation and maintenance of a Fortinet-powered secure wireless infrastructure, you can have the distributed FortiAP update their own firmware images directly from the system acting as the Wireless Access Controller. To enable this, you need first to add the FortiAP firmware to the FortiGate that is the Access Controller. You do this via TFTP or FTP in a similar manner as applying a firmware update.

• If you are already have an established FortiAP and FortiGate Wireless Controller connection, you can push the firmware from FortiGate when image-download option is enabled global and under the FortiAP unit in the FortiGate at join time.

• Image-download under Global:

• Default setting is enabled. You can confirm the current status by running the following command:

Step 2: Upload FortiAP firmware image to FortiGate

• Place the FortiAP firmware image on a FTP or TFTP server.

• For more information on how to setup TFTP server check https://kb.fortinet.com/kb/documentLink.do?externalID=FD47335

• Each firmware image you upload is only relevant to one FortiAP model. If you have multiple models that is NOT the same image you will need to upload them individually.

• You can upload only one image per model.

• In FortiGate CLI, type the command to upload the image to the FortiGate. Note: If you have multiple VDOMs, you will need to execute the command under global VDOM

or

execute wireless-controller upload-wtp-image ftp <filename> <ftp server>[:ftp port] username password

Step 3: Verify that the image is uploaded

Option A: Immediate Upgrade from FortiGate Wireless controller

• FortiAP OS version v6.0 and onward
• If the FortiGate unit has a more recent version of the FortiAP firmware, the FortiAP unit will download and install it at join time if in global and under the FortiAP profile image-download is enabled.
• To restart managed WTP from the FortiGate: 

• For older versions, it will automatically upload and reboot the FortiAP if in global and under the FortiAP profile image-download is enabled.
• The FortiAP status will change from Online > Image Downloading > Reboot

Option B: Schedule reboot for FortiAP to trigger upgrade from FortiGate Wireless controller using CLI Script

• This script apply only for FortiAP OS version v6.0 and onward.

• From GUI: You can configure script if you want to by going to (Global VDOM if exists) > Security Fabric > Automation > Create new

• The below steps are if you want configure the script via CLI

Step 4-B-1 Configure the script schedule

Step 4-B-2: Configure the script to reset managed FortiAP

Step 4-B-3: After script got executed disable the script

• After the script got executed, delete or disable the script