Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

Matt2019
New Contributor

Upgrading 100F running 6.2.3 to either 6.2.10 or 6.4.8

Hello All,

We have been told upgrade our 100F running 6.2.3 to 6.2.10 to fix a SSLVPN DHCP issue. I have been reading and a lot of the suggestions are to go with the 6.4.x train. I was wondering if anyone had any issues with moving from 6.2 to 6.4 and if moving to 6.4 is the correct thing to do.

We are running 2 100F's in an HA pair and I would break the HA pair, upgrade one of the 100F's to the latest firmware version (either 6.2.10 or 6.4.8), schedule some downtime and put the upgraded 100F in service to give me a fall-back plan in case there is some issue with the firmware upgraded version.

Thanks for your time,
Matt
5 REPLIES 5
TxAggieEngineer
New Contributor

The 6.4 train has been very good.  One of my customers has been running 6.4.8 on a pair of 1800F's for a few months and it's been solid.

I also have a 100F that has been stable since 7.0.5.  I had severe issues with 7.0.2 and 7.0.3 and had to stay on 7.0.1 for a while but everything has been stable in the three weeks since going to 7.0.5.

Regarding your fallback plan another option would be to leave the HA pair intact but download the 6.2.3 image from the Fortinet support site and keep it on hand and proceed with upgrading to 6.4.8 (there will be multiple upgrades required from 6.2.3), taking a backup of the config at each upgrade along the way.  Then, if you have any trouble with 6.4.8, simply load 6.2.3 and restore the config you saved from 6.2.3.
Matt2019

Thanks Mark. How easy is it to load an older version of firmware? It looks like as long as I have the 6.2.3 firmware file I can downgrade through the GUI.
TxAggieEngineer

Correct, it's very easy to downgrade.  Go to System -> Firmware and upload the 6.2.3 image, which will trigger a reboot.  After the unit comes back up, restore your 6.2.3, which will trigger another reboot and that's it.
PC
New Contributor III

I concur on 6.4.8 being very stable. The lowest risk will be going to 6.2.10. There are also a few security reasons to push up from 6.2.3 to 6.210. You can address your bug issue then plan out the move to 6.4.8 or as Mark said just keep the backups at each point. I like to push up from one code line such as 6.2 to 6.4 only when all starts off running fine and I need a feature, or I deem it is time. I am moving a final group of firewalls this weekend from 6.2.10 to 6.4.8. I have another group on 7.0.5 and all are fine so far but won't move the 6.4.8 ones to 7.0 till more like 7.0.8 unless I need a feature in 7.0.
Matt2019
New Contributor

Thanks Peter. I was thinking of taking this time to get on the 6.4.x since the upgrade path seems to be the same amount of firmware upgrades for 6.2.10 and 6.4.8. 
Hope your upgrades went well this weekend