top of page
Writer's pictureMatt Sherif

UltraNote: APs don't reconnect after upgrading to 7.0

I have been running 7.0 on one of my lab units since the beta, but was strictly focus on the FortiOS feature set. With GA happening last Tuesday, I decided to expand what I had, though didn't go full 7.0 - my main FortiGate is still on 6.4.5.


I noticed that my WiFi didn't come back after the upgrade, and when I logged into the FortiGate I noticed my APs were down. Then I remembered something in the release notes.


FortiOS 7.0.0 has reinforced strong cryptographic ciphers. As a result, legacy FortiAP models using weak ciphers are blocked from connecting with FortiGates running FortiOS 7.0.0.

To workaround this issue, enter the following in FortiOS:

config system global
    set ssl-static-key-ciphers enable
    set strong-crypto disable
end

One more thing I'd like to add, is that the minimum FortiAP code version for "strong-crypto enable" will be FortiAP version 7.0, I found this out after contacting my Fortinet Switch and Wireless Team SE. So you probably want to do this right after upgrade and then reboot your APs.


While easily referenced I have seen a lot of other folks asking about this lately. So I wanted to include this on the site. Also please follow these simple rules when upgrading:


  • Look up the upgrade path

  • Read the release notes for each step of the upgrade path

  • Make backups of your configuration during each step of the upgrade path. If you have FortiManager you can skip this step if you have a proper revision for each step

  • Read the release notes for each step in the upgrade path

You'll notice I put "Read the release notes for each step in the upgrade path" twice, this is important, as device behavior changes from version to version (see 6.2.2 -> 6.2.3 with CAPWAP vs Security Fabric Connection). If you don't read the release notes, you're upgrading blindly, and that could be a can of worms you really don't want to deal with.


Thank you for reading, I hope this has been helpful.

853 views0 comments

Recent Posts

See All

Comments


bottom of page