- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Advice on Upgrading FortiOS & Migrating Firewalls
Hi there,
I have to perform the FortiOS upgrade on multiple devices across the Fortinet Fabric. The following is the list of devices present in the infrastructure:
- 2xFortiGate 200D in HA (v. 6.x.x)
- FortiManager (v. 6.x.x)
- FortiAnalyzer (v. 6.x.x)
- Standalone FortiGate 200E (v. 6.x.x)
The desired OS version is 7.0 for all the appliances. Moreover, the 2xFortiGate 200D is about to be switched to the new 2xFortiGate200F stack (already installed with FortiOS 7.0).
Question: what is the best approach to upgrading the FortiOS among these devices (keeping in mind that the transition from 2x200D to 2x200F needs to occur)?
- Labels:
-
FortiGate
-
FortiManager
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Appreciate your help! As far as I understand, the proper way would be to upgrade all the appliances to version 7.x in the following order: FortiAnalyzer - FortiManager - FortiGates, correct?
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correct.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
For transition from 2x200D to 2x200F you should use the Forticonverter.
Release notes:
https://docs.fortinet.com/document/fortianalyzer/7.0.1/release-notes/492625/fortianalyzer-7-0-1-rele...
https://docs.fortinet.com/document/fortimanager/7.0.1/release-notes/723553/fortimanager-7-0-1-releas...
https://docs.fortinet.com/document/fortigate/7.0.1/fortios-release-notes/289806
BR
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the assistance! I was wondering if the convertion and new firewall introduction to the FortiManager should take place before or after upgrading the FortiManager to 7.x? As per the documentation you shared, the management devices should be upgraded first. But is there a compatability between the FortiManager running 7.x and the FortiGate(-s) still running 6.x?
Created on ‎07-14-2023 01:36 PM Edited on ‎07-14-2023 01:43 PM
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ndumaj can correct me if I'm wrong, but outside of FortiOS in your situation, you only need to confirm compatibility of FortiAnalyzer and FortiManager with the fortiOS you are on. Here are pdf links to that compatibility matrix for both
https://docs.fortinet.com/document/fortianalyzer/7.4.0/compatibility-with-fortios
https://docs.fortinet.com/document/fortimanager/latest/compatibility-with-fortios
So based on the matrix, if for example you were upgrading your FAZ and FMG to 7.0.8, your fortiOS would need to be at minimum 6.2.0. Of course, to maintain security fabric on fortiOS, all of the FortiGates will need to be the exact same rev once you are done with your upgrades...and as always, consult the upgrade path utility for your model and current rev of 6.X to get you to your desired outcome of 7.0.X (as you probably will have to hop/upgrade through a several revs of code).
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Correct, You are right.
Base on Matrix if you will upgrade for example to FAZ and FMG to 7.0.8, your fortiOS would need to be at minimum 6.2.0:
https://docs.fortinet.com/document/fortianalyzer/7.4.0/compatibility-with-fortios
https://docs.fortinet.com/document/fortimanager/latest/compatibility-with-fortios
BR
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
To upgrade the FortiOS on the devices in your Fortinet Fabric, including the transition from the FortiGate 200D to the FortiGate 200F, you can follow this recommended approach:
-
Pre-upgrade Tasks:
---- Backup Configuration: Take a backup of the configuration for each device (FortiGate 200D, FortiManager, and FortiAnalyzer) to ensure you can restore settings if needed
---- Review Release Notes: Carefully review the release notes for FortiOS 7.0 to understand any specific upgrade requirements, known issues, or feature changes that may impact your environment.
---- Compatibility Check: Verify that all the devices in your infrastructure (including FortiManager and FortiAnalyzer) are compatible with FortiOS 7.0. Consult the Fortinet documentation or contact Fortinet support if needed. -
Upgrade FortiManager and FortiAnalyzer:
Upgrade FortiManager: Follow the FortiManager upgrade path recommended by Fortinet. - Upgrade FortiAnalyzer: Similarly, upgrade FortiAnalyzer to a version compatible with FortiOS 7.0.
-
Upgrade the Standalone FortiGate 200E:
Upgrade the FortiGate 200E device to FortiOS 7.0 using the recommended upgrade path -
Upgrade the FortiGate 200D HA Pair
-
Post-upgrade Tasks:
- Test and Verify: After the upgrade, thoroughly test the functionality of each device and verify that the desired configurations are applied correctly.
- Restore Configuration: If necessary, restore the backed-up configurations on each device to restore any custom settings or policies.
- Monitor and Optimize: Monitor the performance and behavior of the upgraded devices and make any necessary adjustments or optimizations based on the new features and changes in FortiOS 7.0.
Remember to allocate sufficient maintenance windows and plan for potential downtime during the upgrade process. It's also advisable to consult the Fortinet documentation, release notes, and reach out to Fortinet support for any specific guidance or considerations based on your environment and device configurations.
