If upgrade paths are so important (and I believe they are), why does the upgrade screen default to the latest version and not the next step in the path? Or if they can't do that, just add an "Are you sure?" prompt?
I can only guess that they believe (read 'hope') that you are always on the latest stable version so the option would be correct.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Also- the need to step through various firmware levels is a relatively new thing. In general, on older versions of FortiOS you could simply go straight to the latest patch from anywhere on the same release. It seems to have started somewhere during the 5.2 or 5.4 releases.
It's probably one of those things that are still left over from older builds that no one decided to update like some of the screens with an old style UI.
CISSP, NSE4
Force yourself to read release notes. They always specify what the most recent version to version path that is supported. Will save you a lot of trouble. Always good to look at "Known Issues" also. There have been many times in the past that I held back on an update because a known issue would cause more problems than the update resolved.
Seadave--you're missing the point. It's very easy for my customers to hit "Backup and Upgrade" and go from 5.2.4 to 5.2.13 without a chance to cancel.
I'd say, their fault. If you handle/manage one of the central network security devices you should be familiar with the process. I wouldn't let my customers fiddle around with the FGT if I was responsible. If I'm not, and they don't follow the path, I will fix it and charge for it.
Agreed, I also believed in the upgrade process, you have to select it and push okay for the upgrade process to kick off if you do the "new style automated".
Also b4 the upgrade runs, it provides a selection with yet another confirm or ok/start button.
When upgrading a security appliance, "accidental" should not be a word ;)
just my 2cts
Ken
PCNSE
NSE
StrongSwan
That not true--I tested in the shop--if you press Backup and Upgrade it's off to the races.
FYI--most off my clients are lower-level IT--I can't stop them from handling there own equipment--I just think it's a design flaw. Pressing "Backup and Upgrade" sounded like a safer path than Upgrade. Not saying the customer shouldn't have been more careful, but I could understand their reasoning. In this case no harm done--it could have been far worse.
In recent versions of FortiOS, this has been improved in two ways.
1) The upgrade path is now enforced from within the OS, starting with 5.4.5, 5.6.1 and 6.0. If you attempt to upgrade to a version of firmware that does not follow the upgrade path, the OS will guide you to the correct firmware, and help you upgrade in multiple steps. It can be overridden, but this will generate an event log and force a configuration backup.
Note that although this feature is in 5.4.5 and 5.6.1, the path enforcement won't be as noticeable until upgrades are done to 5.4.8 (more than 2 patches), 5.6.4 (same), etc.
2) The same path guidelines are also found on the support site (support.fortinet.com) under Download -> Firmware Images -> Upgrade Path.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.