Also- the need to step through various firmware levels is a relatively new thing. In general, on older versions of FortiOS you could simply go straight to the latest patch from anywhere on the same release. It seems to have started somewhere during the 5.2 or 5.4 releases.

It's probably one of those things that are still left over from older builds that no one decided to update like some of the screens with an old style UI.

Force yourself to read release notes.  They always specify what the most recent version to version path that is supported.  Will save you a lot of trouble.  Always good to look at "Known Issues" also.  There have been many times in the past that I held back on an update because a known issue would cause more problems than the update resolved.

Seadave--you're missing the point.  It's very easy for my customers to hit "Backup and Upgrade" and go from 5.2.4 to 5.2.13 without a chance to cancel.

I'd say, their fault. If you handle/manage one of the central network security devices you should be familiar with the process. I wouldn't let my customers fiddle around with the FGT if I was responsible. If I'm not, and they don't follow the path, I will fix it and charge for it.

Agreed, I also believed in the upgrade process,  you have to select it and push okay for the  upgrade process to kick off if you do the "new style automated".

Also b4 the upgrade runs, it provides a selection with  yet another confirm or ok/start button.

When upgrading a  security appliance, "accidental" should not be a word ;)

just my 2cts

Ken

That not true--I tested in the shop--if you press Backup and Upgrade it's off to the races.

FYI--most off my clients are lower-level IT--I can't stop them from handling there own equipment--I just think it's a design flaw.  Pressing "Backup and Upgrade" sounded like a safer path than Upgrade.  Not saying the customer shouldn't have been more careful, but I could understand their reasoning.  In this case no harm done--it could have been far worse.

In recent versions of FortiOS, this has been improved in two ways.

1) The upgrade path is now enforced from within the OS, starting with 5.4.5, 5.6.1 and 6.0. If you attempt to upgrade to a version of firmware that does not follow the upgrade path, the OS will guide you to the correct firmware, and help you upgrade in multiple steps. It can be overridden, but this will generate an event log and force a configuration backup.

Note that although this feature is in 5.4.5 and 5.6.1, the path enforcement won't be as noticeable until upgrades are done to 5.4.8 (more than 2 patches), 5.6.4 (same), etc.

2) The same path guidelines are also found on the support site (support.fortinet.com) under Download -> Firmware Images -> Upgrade Path.