Producent oprogramowania Fortinet opublikował najnowszą aktualizację dla FortiAP / FortiWiFi w wersji 7.2.3 a w niej kilka nowości. Spośród nowych funkcji możemy wyróżnić obsługę nowej opcji zabezpieczeń kanału danych „ipsec-sn”. Dla urządzeń FortiAP dodano funkcję automatycznej kontroli stanu CAPWAP i możliwość konfiguracji przepustowości łączenia kanałów dla identyfikatora SSID. Więcej informacji można znaleźć w artykule poniżej.
Wspierane modele:
| Wi-Fi 6 Models |
|---|
| FAP-231F, FAP-234F, FAP-23JF,
FAP-431F, FAP-432F, FAP-432FR, FAP-433F, FAP-831F |
Co nowego:
| Bug ID | Description | Supported FortiOS Versions |
|---|---|---|
| 868839 | The wtp-profile of FAP-432F and 433F models can set external antenna parameters when the corresponding external antenna is installed. | 7.2.5 and later |
| 887980 | Support a new data-channel security option „ipsec-sn„.
The FortiAP serial number is added to the initial IPsec setup message so that it can be used by a dispatcher to query the destination FortiGate. Then the FortiAP will connect to the FortiGate and encrypt the data channel with an IPsec-VPN tunnel. |
7.4.0 and later |
| 902191 | Wireless bonjour-profile feature supports a new service option for Miracast. | 7.4.0 and later |
| 920073 | Configure channel-bonding bandwidth for site survey SSID.
New CLI variables are added for 2.4GHz and 5GHz bandwidth respectively: SURVEY_CW_24 = 0(20MHz) | 1(40MHz) SURVEY_CW_50 = 0(20MHz) | 1(40MHz) | 2(80MHz) | 3(160MHz) |
Feature only in FortiAP |
| 931158 | CAPWAP Auto Health Check feature.
FortiAP periodically checks the real-time status of CAPWAP connections to the AP controllers. In the FortiAP CLI, enter For additional diagnosis, use |
Feature only in FortiAP |
Region/country code update and DFS certification
| Bug ID | Description | Supported FortiOS Versions |
|---|---|---|
| 601676 | Enable 5GHz UNII-1 and UNII-2 channels and adjust transmit power for region code „F” (Indonesia). | Update only in FortiAP |
| 876673 | Enable 5GHz UNII-3 channels in certain European countries. | 7.4.0 and later |
| 913393 | Enable DFS channels for FAP-432F with region code „K”. | 7.4.1 and later |
Rozwiązane problemy:
| Bug ID | Description |
|---|---|
| 371769 | FortiAP could not suppress ARP poison attacks from wireless devices. |
| 784096 | Fixed a kernel panic issue PC is at _ieee80211_free_node+0x2d0/0x678 [umac]. |
| 797151, 804661, 806019 | Fixed various SNMP daemon crash issues. |
| 844578 | Fixed FAP-231F wireless coverage issue caused by relatively low transmit power. |
| 847492 | Fixed a kernel panic issue PC is at __dma_inv_range+0x20/0x50. |
| 878837 | After the configuration of one SSID was changed, wireless clients on the other SSID got disconnected. |
| 879756 | Clients connected to one Leaf AP cannot communicate with clients connected to the other Leaf AP on the same Root AP. |
| 880083 | Fixed a kernel panic issue Excep :0 Exception caught param0 :zero, param1 :zero, param2 :zero. |
| 883157 | Wi-Fi clients would randomly get disconnected when FortiAP was sending statistics data to the FortiGate. |
| 884413 | Fixed a kernel panic issue rgu_preempt self-detected stall on CPU. |
| 885589 | Fixed a kernel panic issue PC is at __kmalloc+0x114/0x1f0. |
| 885851 | FortiAP with AP_MGMT_VLAN_ID configured would randomly get a connection loop after a firmware was provisioned from the FortiManager or FortiGate. |
| 890425 | FortiAP would sometimes not forward packets from wireless clients to the Ethernet side. |
| 894996 | Fixed a kernel panic issue PC is at ieee80211_node_add_ipv4+0x148/0x160 [umac]. |
| 912812 | Fixed a kernel panic issue PC is at bstm_disassociation+0x2c/0x1f0 [umac]. |
| 914341 | LLDP daemon should be started by factory default. |
| 938988 | Wi-Fi clients could not connect after the FortiAP has been running for 24 hours with dtls-policy ipsec-vpn. |
Notatki producenta: FortiAP / FortiWiFi 7.2.3
Pozdrawiamy,
Zespół B&B
Bezpieczeństwo w biznesie
