Help
Cybersecurity Forum

This forum is for all security enthusiasts to discuss Fortinet's latest & evolving technologies and to connect & network with peers in the cybersecurity hemisphere. Share and learn on a broad range of topics like best practices, use cases, integrations and more. For support specific questions/resources, please visit the Support Forum or the Knowledge Base.

Matt2019
New Contributor

Created on ‎03-03-2022 07:47 AM

Upgrading 100F running 6.2.3 to either 6.2.10 or 6.4.8

Hello All,

We have been told upgrade our 100F running 6.2.3 to 6.2.10 to fix a SSLVPN DHCP issue. I have been reading and a lot of the suggestions are to go with the 6.4.x train. I was wondering if anyone had any issues with moving from 6.2 to 6.4 and if moving to 6.4 is the correct thing to do.

We are running 2 100F's in an HA pair and I would break the HA pair, upgrade one of the 100F's to the latest firmware version (either 6.2.10 or 6.4.8), schedule some downtime and put the upgraded 100F in service to give me a fall-back plan in case there is some issue with the firmware upgraded version.

Thanks for your time,
Matt
Labels:
1882
0 Kudos
5 REPLIES 5
TxAggieEngineer
New Contributor

Created on ‎03-04-2022 12:45 PM

The 6.4 train has been very good.  One of my customers has been running 6.4.8 on a pair of 1800F's for a few months and it's been solid.

I also have a 100F that has been stable since 7.0.5.  I had severe issues with 7.0.2 and 7.0.3 and had to stay on 7.0.1 for a while but everything has been stable in the three weeks since going to 7.0.5.

Regarding your fallback plan another option would be to leave the HA pair intact but download the 6.2.3 image from the Fortinet support site and keep it on hand and proceed with upgrading to 6.4.8 (there will be multiple upgrades required from 6.2.3), taking a backup of the config at each upgrade along the way.  Then, if you have any trouble with 6.4.8, simply load 6.2.3 and restore the config you saved from 6.2.3.
1863
0 Kudos
Matt2019
New Contributor
In response to TxAggieEngineer

Created on ‎03-07-2022 08:03 AM

Thanks Mark. How easy is it to load an older version of firmware? It looks like as long as I have the 6.2.3 firmware file I can downgrade through the GUI.
1863
0 Kudos
TxAggieEngineer
New Contributor
In response to Matt2019

Created on ‎03-07-2022 08:24 AM

Correct, it's very easy to downgrade.  Go to System -> Firmware and upload the 6.2.3 image, which will trigger a reboot.  After the unit comes back up, restore your 6.2.3, which will trigger another reboot and that's it.
1863
0 Kudos
PC
New Contributor III

Created on ‎03-04-2022 12:58 PM

I concur on 6.4.8 being very stable. The lowest risk will be going to 6.2.10. There are also a few security reasons to push up from 6.2.3 to 6.210. You can address your bug issue then plan out the move to 6.4.8 or as Mark said just keep the backups at each point. I like to push up from one code line such as 6.2 to 6.4 only when all starts off running fine and I need a feature, or I deem it is time. I am moving a final group of firewalls this weekend from 6.2.10 to 6.4.8. I have another group on 7.0.5 and all are fine so far but won't move the 6.4.8 ones to 7.0 till more like 7.0.8 unless I need a feature in 7.0.
1863
0 Kudos
Matt2019
New Contributor
In response to PC

Created on ‎03-07-2022 08:06 AM

Thanks Peter. I was thinking of taking this time to get on the 6.4.x since the upgrade path seems to be the same amount of firmware upgrades for 6.2.10 and 6.4.8. 
Hope your upgrades went well this weekend
1863
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.