How to Fix Forti AP Rebooting Loop – Fail to Write the Image

Leave a Comment / By /

Environment

Forti AP U431F – WiFi 6/AX enabled access points

FortiGate Firewall is used as Wireless Controller to upgrade the firmware for Forti AP

FortiGate Firewall and Forti AP are on different VLAN/Networks

DHCP Option 138 is configured on Windows Server 2022 to point to the FortiGate (Wireless Controller) address

Issue

PU431Fxxxxxxxxxxx login:
Upgrading: ............................................................................................................................................................................................................................................................
*OK*
**ret=0
 
*** Fail to write the image. (written 66296310 bytes, 253 blocks with size 262144)
Sent SIGTERM to all processes
Sent SIGKILL to all processes
Requesting system reboot

PU431Fxxxxxxxxx# print_boot
meru default image status:
len 0x2640014, crc 0x0
AP version is 0.0.0
image status: New image
image try count is 0
fortinet default image status:
len 0x2e00014, crc 0xb37aef52
AP version is 6.2.dc
image status: New image
image try count is 0
fortinet primary image status:
len 0x2a3b290, crc 0xd4eb84db
AP version is 6.2.133
image status:  BAD image
image try count is 1
Image ID             :fortinet default image
Previous Image ID    :fortinet primary image
Auto-learning        : Turn ON

Solution

Go to the FortiGate Firewall CLI and remove the WTP images and it is triggering the reboot loop: Forti AP will try to upgrade the firmware from FortiGate Firewall once the WTP image on the firewall is newer than the running firmware.

FW01-ICTFella # exec wireless-controller list-wtp-image 
WTP Images on AC:
ImageName                              ImageSize(B)   ImageInfo             ImageMTime     
PU431F-v6.2-build0307-IMG.wtp          66198789       PU431F-v6.2-build0307  Wed Oct  5 15:46:39 2022
 
FW01-ICTFella # 
FW01-ICTFella # 
FW01-ICTFella # 
FW01-ICTFella # exec wireless-controller delete-wtp-image 
<all>|<image-name>    Delete all images or specific image.
 
FW01-ICTFella # exec wireless-controller delete-wtp-image all
This operation will remove all specified WTP images!
Do you want to continue? (y/n)y
 
Removing PU431F-v6.2-build0307-IMG.wtp ...
Successful!
 
FW01-ICTFella # exec wireless-controller list-wtp-image 
There is no WTP Images stored on the AC.

Correct upgrade path for Forti AP U431F and U433F

Please refer to the Forti AP release note for firmware upgrade, the Forti AP U431F has a special requirement for firmware upgrade, particularly with firmware version 6.2.2, you will notice 2 firmware available in the Firmware download portal

The correct firmware upgrade path for Forti AP 431F and 433F is as below, jumping across versions for this model with end with “rebooting loops

  1. 6.2.1 GA build 0237
  2. 6.2.2 Build 4001
  3. 6.2.2 Build 0267
  4. 6.2.3 Build 0281
  5. 6.2.4 Build 0307

Useful link

https://fortinetweb.s3.amazonaws.com/docs.fortinet.com/v2/attachments/8391206d-966e-11eb-b70b-00505692583a/FortiWiFi_and_FortiAP-7.0.0-Configuration_Guide.pdf

Related Posts

Leave a Comment

Your email address will not be published. Required fields are marked *