config validator for upgrades

Forum|Forum|9 years ago
May 23, 2017
2 replies
7477 views

Hello Forum!

Recently we upgraded a customer's Fortigate from 5.2.7 from 5.6.0, following the upgrade path. There was no problem except for a few address objects (wildcard fqdns) that, apparently, 5.2.x accepted and 5.6.x didn't. Because of this, some policies were not migrated.

Anyway, it isn't really the subject of this post... ¿Is there a kind of "config validator" to test these upgrades? Something that would say "Yo, this address object wont work on 5.6.0"

T.I.A,

FatalHalt

New Member

I'm not sure about a validator that you can run before the ugprade, but you can certainly run the command 'di de config-error-log read' after the upgrade and it should show you anything that didn't convert correctly.

You'll want to run that command between each step of an upgrade process.

Agent_1994Author

New Member

Thanks, that will help a lot.

Toshi_Esumi

SuperUser

Wildcard FQDN wouldn't work as an address object, like source/destination addresses in a policy because it can't be translated to IP addresses. To me it was a sort of bug the previous versions which accepted this type.

emnoc

New Member

Also be sure to read configuration compatibility and known issues b4 any upgrades.

Recently we upgraded a customer's Fortigate from 5.2.7 from 5.6.0,

Since you said 5.2.x to 5.6.x the migration required you to go to at least v5.4.3 . As precaution I like to read the rls notes in the between versions of the origin and target versions.

Ken

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded