Thanks for your interest. For the document for upgrading legacy OS I understand I should upgrade from 5.2.3 to 5.2.5, (I think I can do this directly without go through 5.2.4). Then, once upgraded to 5.2.5 I upgrade to 5.2.7, and then to 5.2.9. Once upgraded to 5.2.9 I can follow the path according to the Upgrade Path Tool. Am I correct?
Please note that if your firewall is in production it is recommended to follow upgrade path (in this case legacy os) .If firewall is not in production you can flash format Device and directly upgrade firewall to latest upgrade patch.
Why can't I go from 5.2.3 to 5.2.5 directly and I can go from 5.2.5 to 5.2.7, and from 5.2.7 to 5.2.9 directly? This is not indicated in the document for upgrading legacy OS. According to FortiOS 5.2.5 Release Notes: "FortiOS version 5.2.5 officially supports upgrade from version 5.2.3 or later.".
Last question. Now I have some security profiles which are flow-based and others that are proxy-based. When I upgrade from 5.2.13 to 5.4.10 (according to the upgrade path tool), how will the system inspection mode be? Because in version 5.2.x the inspection mode is set per security profile, and in version 5.4.x the inspection mode is set per system/VDOM. I investigated in Fortinet guides and release notes but I find nothing which explain this.