Skip to main content
make
make
New Member
March 12, 2018
Solved

FortiGate FortiOS release madness

  • March 12, 2018
  • 1 reply
  • 45155 views

Hello Everyone,

 

I'm wondering what is Fotinet up to with all their current releases branches. This is absolutely madness.

- 5.2.x finally works stable on most of the FortiGate units but it's already End of Engineering Support and the end of support Date is 2018-12-13. It's also not available for the E/F series.

- 5.4.x received the most updates from the newer releases but ist still full of bugs.

- 5.6.x is patched to version 3 from 2017-12-05 and contains really a lot of bugs (Month of post: March). It seems like it doesn't get a lot of attention from Fortinet.

- The upcoming 6.0.0 release will also be full of bugs and most likely not recommend/suitable for prod environments. IMO most of the customers should wait at least 1 year of development and bug fixes before using it.

 

So what is your strategy for 2018 and FortiOS? Are you using FortiGate D Series with FortiOS 5.2 even after EoS or are you using 5.4/5.6 with the need to frequently bother the bug-tracker and/or support?

 

Thank you all

Best answer by SMabille

Hi,

 

Fully agree, lack of "long term" sustained engineering version is a real issue.

5.4.x prior to 5.4.8 was not production ready at all (is it now? It's probably getting were 5.2.5-5.2.7 was), so we didn't recommended large critical customer for whom stability is primordial to upgrade yet.

Now we got (very weird) performance issue on 5.2 (likely IPS/IPS Engine) but end of engineering means pushing the customer to upgrade, putting us in a very awkward situation. 

 

In perfect world (not driven by marketing), in my opinion, we need 5.2.x fully supported for at least another 12 to 18 months.

 

5.4, 5.6, 6.0 don't, in my opinion warrant three major revisions. Most of 5.4 and 5.6 under one version, with security fabrics and internet services, and another version with NGFW Policy mode and 6.0 new features.

 

More efforts should be in stabilising current version, with longer term support, and less new branches.

1 reply

SMabille
SMabilleAnswer
New Member
March 12, 2018

Hi,

 

Fully agree, lack of "long term" sustained engineering version is a real issue.

5.4.x prior to 5.4.8 was not production ready at all (is it now? It's probably getting were 5.2.5-5.2.7 was), so we didn't recommended large critical customer for whom stability is primordial to upgrade yet.

Now we got (very weird) performance issue on 5.2 (likely IPS/IPS Engine) but end of engineering means pushing the customer to upgrade, putting us in a very awkward situation. 

 

In perfect world (not driven by marketing), in my opinion, we need 5.2.x fully supported for at least another 12 to 18 months.

 

5.4, 5.6, 6.0 don't, in my opinion warrant three major revisions. Most of 5.4 and 5.6 under one version, with security fabrics and internet services, and another version with NGFW Policy mode and 6.0 new features.

 

More efforts should be in stabilising current version, with longer term support, and less new branches.

emnoc
emnoc
New Member
March 12, 2018

You do know hat 5.2 has been out now for over 4 years? So that's impressive from that standpoint. As far as  v5.4 and  v5.6 goes these are newier trains that are not deep in sub-build but they will  continual to be supported and groom for more fixes.

 

Ken

 

tanr
tanr
New Member
March 12, 2018

Hi Ken,

 

I think auto-correct munged your last post.  What did you mean by "Newier trains"?

Terms & ConditionsAccessibility statement