FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
vkulik
Staff
Staff
Article Id 197336

Description

 

This article provides generic recommendations on how to perform firmware updates of Fortinet products, explains the order in which to upgrade different devices, and provides a guide to determine the correct upgrade path.

After a product update, it is often necessary to upgrade other related devices to maintain compatibility.  

 

Scope

 

FortiGate.


Solution

 

If multiple different Fortinet devices are being used then they should always be updated in the order: 
 
FortiAnalyzer -> FortiManager -> FortiGate devices -> Managed FortiExtender devices -> Managed FortiSwitch devices -> Managed FortiAP devices -> FortiClient EMS -> FortiClient -> FortiSandbox -> FortiMail -> FortiWeb -> FortiNAC -> FortiVoice -> FortiDeceptor ->  FortiAI ->  FortiTester ->  FortiMonitor -> FortiPolicy. 
 
 
As a rule of thumb, the FortiManager and the FortiAnalyzer must be at the same or higher version as the most updated managed device otherwise some functionality may not work correctly. 
 
When upgrading the Security Fabric, devices that manage other devices should be upgraded first. 

Note: When using FortiClient with FortiAnalyzer, it is necessary to upgrade both to their latest versions. The versions of the two products should match. For example, if using FortiAnalyzer v7.2.0, use FortiClient v7.2.0. 
 
To view supported upgrade path information: 

 

  1. Go to https://support.fortinet.com. 
  2. From the Download menu, select Firmware Images. 
  3. Check that the Selected Product is FortiGate. 
  4. Select the Upgrade Path tab and select the following: 
          Current Product. 
          Current FortiOS Version. 
          Upgrade To FortiOS Version. 
  5. Select Go. 

When upgrading from a very old build no direct upgrade path may be available. In this case, the upgrade will have to be performed using a few intermediate steps to retain the configuration. 
 
Ensure that a backup is taken of the configuration file before each upgrade step. In the event of a problem during the upgrade, this will allow a rollback with the installation of the latest stable build and restoration of the configuration from the backup. 
 
When upgrading FortiAnalyzer consider also a backup of logs before the upgrade in addition to a backup of the configuration file. The CLI guide in the FortiAnalyzer section of the Fortinet Technical Documentation website provides additional details regarding the backup of logs.