Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
xavidpr4
New Contributor

Fortiwifi upgrade path

Hi,

 

I have two FortiWifi 60C, currently at FWF60C-4.00-FW-build482 firmware. What could happen if I don't follow the recommended upgrade path? Can I upgrade them directly to v5.0 without risk of bricking the devices?

 

At this moment both firewalls are almost factory default so, there is no need to preserve the configuration.

 

Thanks in advance.

6 REPLIES 6
Toshi_Esumi
Esteemed Contributor II

Likely you would lose a chunk of configuration because the new software doesn't understand the config on the old software, then that part would be thrown away. I don't recommend it unless you don't have to keep the old config and are planning configure it from scratch after the upgrade.

Also 5.0 started checking more for config inconsistency and automatically correct them during upgrade, while 4.x had less check. If there was a conflict, upgrade process might throw a legit one and keep not-legit-anymore one. If that happens, you need to recover the thrown-out one after removing the not-legit-anymore one. The keys to solve those puzzles are in "diag debug config-error-log read" CLI output after each upgrade step.

FortiOSman

Bricking the device isn't the concern, it's your running configuration that can be altered. 

 

If you do decide to skip versions, thoroughly compare your config files before an after. Like the user above said, you will most likely lose some configuration because it is not directly compatible in the new version. Following the recommended upgrade path ensures your configuration is properly updated through each version.

 

I've jumped firmware versions in the past. It's definitely not recommended, but as long as you are aware of what changed in your config and you go back and correct it, you should be fine.

 

 

FortiOSman,

Up, Up, and Away!

MikePruett

Not following the proper upgrade path can cause........unexpected....results.

localhost

I am wondering the same thing myself.

 

What if I don't care about the current running config, and I want to do a factory reset anyway.

 

Maybe someone can comment on what is actually technically happening during a firmware upgrade, besides making the current running config compatible with the new release.

What would be the reason to follow the upgrade path?

rwpatterson
Valued Contributor III

localhost wrote:

...making the current running config compatible with the new release.

What would be the reason to follow the upgrade path?

That is the only reason. If you're going to flatten it, drive on. If you have the ability, I would format the flash and upload the new version via TFTP. Besides having a really fresh unit to work from, you'll gain some experience making that configuration upload procedure during a slower predetermined time (rather than when the flames are licking your backside...).

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

MikePruett

During firmware upgrades it will migrate the existing configuration from version to version (making changes to ensure the configuration uses non deprecated commands, new OS config requirements etc).

 

If you skip steps, certain sections of code may not migrate properly and weird things can happen (IPSec tunnels flapping even though they are setup properly etc).

 

It sucks.