Forti migration best practices

Forum|Forum|8 years ago
June 23, 2017
1 reply
4027 views

Hi Guys,

My customer is going through a large Fortimanager import of all their devices and had run into some technical roadblocks. Those have been ironed out but the net is they need to migrate from their current 5.2 database version for all thier devices to 5.4. They have about 100 devices currently set to migrate, all of which have global policies and regular policy packages associated with them. looking for a step by step order of operations MOP that they could use to ensure they don’t run into issues? as well as any gotchas or best practices. Fairly straightforward normally but with the global object DB and policies associated i was hoping for a heads up on the best way to do this. Thanks, patrick

ergotherego

New Member

We also have this concern, but mostly just with how to handle tenant ADOMs that run both version 5.2 and 5.4 when you rely on the Global ADOM.

My SE's have stated one of the FortiManager SE expert guys is working on the official supported solution for this, and some type of cookbook video for it as well. He is also testing/validating this procedure. No ETA yet.

What they tell me is you just upgrade your Global ADOM to 5.4 and it's backwards compatible with tenant ADOMs running 5.2.

As far as handling firewalls/VDOMs split across major releases, your only option is to create another ADOM running 5.4. After upgrading a device to 5.4, delete the device and policy package from the 5.2 ADOM, and re-add/import it to the 5.4 one. Obviously they are not sharing objects at that point, so being able to complete upgrades quickly is important.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded