Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
forrest_byrnes
New Contributor

Advice on Upgrading FortiOS & Migrating Firewalls

Hi there,

 

I have to perform the FortiOS upgrade on multiple devices across the Fortinet Fabric. The following is the list of devices present in the infrastructure:

  • 2xFortiGate 200D in HA (v. 6.x.x)
  • FortiManager (v. 6.x.x)
  • FortiAnalyzer (v. 6.x.x)
  • Standalone FortiGate 200E (v. 6.x.x)

The desired OS version is 7.0 for all the appliances. Moreover, the 2xFortiGate 200D is about to be switched to the new 2xFortiGate200F stack (already installed with FortiOS 7.0).

 

Question: what is the best approach to upgrading the FortiOS among these devices (keeping in mind that the transition from 2x200D to 2x200F needs to occur)? 

8 REPLIES 8
Cajuntank
Contributor II

forrest_byrnes

Appreciate your help! As far as I understand, the proper way would be to upgrade all the appliances to version 7.x in the following order: FortiAnalyzer - FortiManager - FortiGates, correct?

Cajuntank

Correct.

forrest_byrnes

Thanks for the assistance! I was wondering if the convertion and new firewall introduction to the FortiManager should take place before or after upgrading the FortiManager to 7.x? As per the documentation you shared, the management devices should be upgraded first. But is there a compatability between the FortiManager running 7.x and the FortiGate(-s) still running 6.x?

Cajuntank

@ndumaj can correct me if I'm wrong, but outside of FortiOS in your situation, you only need to confirm compatibility of FortiAnalyzer and FortiManager with the fortiOS you are on. Here are pdf links to that compatibility matrix for both

https://docs.fortinet.com/document/fortianalyzer/7.4.0/compatibility-with-fortios

https://docs.fortinet.com/document/fortimanager/latest/compatibility-with-fortios

 

So based on the matrix, if for example you were upgrading your FAZ and FMG to 7.0.8, your fortiOS would need to be at minimum 6.2.0. Of course, to maintain security fabric on fortiOS, all of the FortiGates will need to be the exact same rev once you are done with your upgrades...and as always, consult the upgrade path utility for your model and current rev of 6.X to get you to your desired outcome of 7.0.X (as you probably will have to hop/upgrade through a several revs of code).

 

ndumaj

Hi,
Correct, You are right.
Base on Matrix if you will upgrade for example to FAZ and FMG to 7.0.8, your fortiOS would need to be at minimum 6.2.0:

https://docs.fortinet.com/document/fortianalyzer/7.4.0/compatibility-with-fortios

https://docs.fortinet.com/document/fortimanager/latest/compatibility-with-fortios

BR

- Happy to help, hit like and accept the solution -
mgoswami
Staff
Staff

Hi,

 

To upgrade the FortiOS on the devices in your Fortinet Fabric, including the transition from the FortiGate 200D to the FortiGate 200F, you can follow this recommended approach:

  1. Pre-upgrade Tasks:

    ---- Backup Configuration: Take a backup of the configuration for each device (FortiGate 200D, FortiManager, and FortiAnalyzer) to ensure you can restore settings if needed
    ---- Review Release Notes: Carefully review the release notes for FortiOS 7.0 to understand any specific upgrade requirements, known issues, or feature changes that may impact your environment.
    ---- Compatibility Check: Verify that all the devices in your infrastructure (including FortiManager and FortiAnalyzer) are compatible with FortiOS 7.0. Consult the Fortinet documentation or contact Fortinet support if needed.
  2. Upgrade FortiManager and FortiAnalyzer:

    Upgrade FortiManager: Follow the FortiManager upgrade path recommended by Fortinet. 
  3. Upgrade FortiAnalyzer: Similarly, upgrade FortiAnalyzer to a version compatible with FortiOS 7.0.
  4. Upgrade the Standalone FortiGate 200E:

       Upgrade the FortiGate 200E device to FortiOS 7.0 using the recommended upgrade path 
  5. Upgrade the FortiGate 200D HA Pair

  6. Post-upgrade Tasks:

    • Test and Verify: After the upgrade, thoroughly test the functionality of each device and verify that the desired configurations are applied correctly.
    • Restore Configuration: If necessary, restore the backed-up configurations on each device to restore any custom settings or policies.
    • Monitor and Optimize: Monitor the performance and behavior of the upgraded devices and make any necessary adjustments or optimizations based on the new features and changes in FortiOS 7.0.

Remember to allocate sufficient maintenance windows and plan for potential downtime during the upgrade process. It's also advisable to consult the Fortinet documentation, release notes, and reach out to Fortinet support for any specific guidance or considerations based on your environment and device configurations.

Labels
Top Kudoed Authors