Unlock Exclusive Benefits
Join Our Community Today!
Join our Community and post in the forum to earn your exclusive badge; celebrating 3 years of the Fortinet Community!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDevSec
- FortiDeceptor
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiHypervisor
- FortiGuard
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSRA
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Advice on Upgrading FortiOS & Migrating Firewalls
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Advice on Upgrading FortiOS & Migrating Firewalls
Hi there,
I have to perform the FortiOS upgrade on multiple devices across the Fortinet Fabric. The following is the list of devices present in the infrastructure:
- 2xFortiGate 200D in HA (v. 6.x.x)
- FortiManager (v. 6.x.x)
- FortiAnalyzer (v. 6.x.x)
- Standalone FortiGate 200E (v. 6.x.x)
The desired OS version is 7.0 for all the appliances. Moreover, the 2xFortiGate 200D is about to be switched to the new 2xFortiGate200F stack (already installed with FortiOS 7.0).
Question: what is the best approach to upgrading the FortiOS among these devices (keeping in mind that the transition from 2x200D to 2x200F needs to occur)?
Labels:
- Labels:
-
FortiGate
-
FortiManager
Nominate a Forum Post for Knowledge Article Creation
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
8 REPLIES 8
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Appreciate your help! As far as I understand, the proper way would be to upgrade all the appliances to version 7.x in the following order: FortiAnalyzer - FortiManager - FortiGates, correct?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Correct.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
For transition from 2x200D to 2x200F you should use the Forticonverter.
Release notes:
https://docs.fortinet.com/document/fortianalyzer/7.0.1/release-notes/492625/fortianalyzer-7-0-1-rele...
https://docs.fortinet.com/document/fortimanager/7.0.1/release-notes/723553/fortimanager-7-0-1-releas...
https://docs.fortinet.com/document/fortigate/7.0.1/fortios-release-notes/289806
BR
- Happy to help, hit like and accept the solution -
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks for the assistance! I was wondering if the convertion and new firewall introduction to the FortiManager should take place before or after upgrading the FortiManager to 7.x? As per the documentation you shared, the management devices should be upgraded first. But is there a compatability between the FortiManager running 7.x and the FortiGate(-s) still running 6.x?
Created on 07-14-2023 01:36 PM Edited on 07-14-2023 01:43 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@ndumaj can correct me if I'm wrong, but outside of FortiOS in your situation, you only need to confirm compatibility of FortiAnalyzer and FortiManager with the fortiOS you are on. Here are pdf links to that compatibility matrix for both
https://docs.fortinet.com/document/fortianalyzer/7.4.0/compatibility-with-fortios
https://docs.fortinet.com/document/fortimanager/latest/compatibility-with-fortios
So based on the matrix, if for example you were upgrading your FAZ and FMG to 7.0.8, your fortiOS would need to be at minimum 6.2.0. Of course, to maintain security fabric on fortiOS, all of the FortiGates will need to be the exact same rev once you are done with your upgrades...and as always, consult the upgrade path utility for your model and current rev of 6.X to get you to your desired outcome of 7.0.X (as you probably will have to hop/upgrade through a several revs of code).
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
Correct, You are right.
Base on Matrix if you will upgrade for example to FAZ and FMG to 7.0.8, your fortiOS would need to be at minimum 6.2.0:
https://docs.fortinet.com/document/fortianalyzer/7.4.0/compatibility-with-fortios
https://docs.fortinet.com/document/fortimanager/latest/compatibility-with-fortios
BR
- Happy to help, hit like and accept the solution -
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
To upgrade the FortiOS on the devices in your Fortinet Fabric, including the transition from the FortiGate 200D to the FortiGate 200F, you can follow this recommended approach:
-
Pre-upgrade Tasks:
---- Backup Configuration: Take a backup of the configuration for each device (FortiGate 200D, FortiManager, and FortiAnalyzer) to ensure you can restore settings if needed
---- Review Release Notes: Carefully review the release notes for FortiOS 7.0 to understand any specific upgrade requirements, known issues, or feature changes that may impact your environment.
---- Compatibility Check: Verify that all the devices in your infrastructure (including FortiManager and FortiAnalyzer) are compatible with FortiOS 7.0. Consult the Fortinet documentation or contact Fortinet support if needed. -
Upgrade FortiManager and FortiAnalyzer:
Upgrade FortiManager: Follow the FortiManager upgrade path recommended by Fortinet. - Upgrade FortiAnalyzer: Similarly, upgrade FortiAnalyzer to a version compatible with FortiOS 7.0.
-
Upgrade the Standalone FortiGate 200E:
Upgrade the FortiGate 200E device to FortiOS 7.0 using the recommended upgrade path -
Upgrade the FortiGate 200D HA Pair
-
Post-upgrade Tasks:
- Test and Verify: After the upgrade, thoroughly test the functionality of each device and verify that the desired configurations are applied correctly.
- Restore Configuration: If necessary, restore the backed-up configurations on each device to restore any custom settings or policies.
- Monitor and Optimize: Monitor the performance and behavior of the upgraded devices and make any necessary adjustments or optimizations based on the new features and changes in FortiOS 7.0.
Remember to allocate sufficient maintenance windows and plan for potential downtime during the upgrade process. It's also advisable to consult the Fortinet documentation, release notes, and reach out to Fortinet support for any specific guidance or considerations based on your environment and device configurations.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- FortiAp working after Firewall upgrade? Compatibility... 168 Views
- Google Chrome Kyber Issues 806 Views
- Multiple Firewalls - wanted to upgrade... 160 Views
- migrate from Palo Alto firewall to... 638 Views
- DNS no longer works on Linux... 548 Views
Labels
-
FortiGate
8,501 -
FortiClient
1,722 -
5.2
801 -
FortiManager
715 -
5.4
639 -
FortiAnalyzer
548 -
Fortiswitch
460 -
FortiAP
460 -
6.0
416 -
FortiClient EMS
411 -
5.6
362 -
FortiMail
310 -
6.2
251 -
FortiAuthenticator v5.5
234 -
SSL-VPN
223 -
FortiWeb
200 -
5.0
196 -
IPsec
188 -
FortiNAC
180 -
FortiGuard
136 -
6.4
128 -
SD-WAN
110 -
FortiGateCloud
100 -
FortiSIEM
97 -
FortiCloud Products
96 -
FortiToken
89 -
FortiAuthenticator
84 -
Customer Service
78 -
Wireless Controller
76 -
Firewall policy
71 -
4.0MR3
64 -
FortiProxy
59 -
Fortivoice
53 -
FortiADC
53 -
High Availability
53 -
FortiEDR
50 -
vlan
47 -
ZTNA
46 -
FortiExtender
45 -
FortiSandbox
44 -
FortiDNS
42 -
Routing
40 -
DNS
40 -
BGP
39 -
LDAP
39 -
FortiGate v5.4
35 -
FortiSwitch v6.4
34 -
SAML
34 -
Certificate
33 -
Authentication
31 -
SSO
31 -
Interface
31 -
NAT
30 -
RADIUS
29 -
FortiConnect
27 -
FortiLink
27 -
FortiWAN
25 -
FortiConverter
25 -
VDOM
25 -
Application control
25 -
FortiGate v5.2
24 -
Logging
24 -
Web profile
24 -
FortiPAM
22 -
Virtual IP
22 -
Fortigate Cloud
20 -
FortiPortal
19 -
SSL SSH inspection
19 -
FortiSwitch v6.2
18 -
FortiMonitor
18 -
Traffic shaping
17 -
FortiDDoS
15 -
OSPF
15 -
WAN optimization
15 -
FortiGate v5.0
14 -
System settings
14 -
IP address management - IPAM
14 -
SSID
13 -
Static route
13 -
FortiSOAR
12 -
FortiCASB
12 -
snmp
12 -
Automation
12 -
Admin
12 -
Web application firewall profile
12 -
FortiManager v5.0
11 -
FortiManager v4.0
10 -
FortiRecorder
10 -
IPS signature
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiWeb v5.0
9 -
FortiBridge
9 -
Traffic shaping policy
9 -
FortiAP profile
9 -
Proxy policy
9 -
RMA Information and Announcements
8 -
Security profile
8 -
Port policy
8 -
4.0
7 -
FortiDeceptor
7 -
FortiAnalyzer v5.0
7 -
FortiCache
7 -
Fabric connector
7 -
Intrusion prevention
7 -
Explicit proxy
6 -
DNS filter
6 -
trunk
6 -
Packet capture
6 -
Antivirus profile
6 -
Traffic shaping profile
6 -
Fortinet Engage Partner Program
6 -
FortiToken Cloud
5 -
FortiTester
5 -
Users
5 -
Email filter profile
5 -
Web rating
5 -
3.6
4 -
FortiCarrier
4 -
FortiScan
4 -
FortiDirector
4 -
Internet service database
4 -
Application signature
4 -
DLP sensor
4 -
Netflow
4 -
Replacement messages
4 -
FortiDB
3 -
FortiHypervisor
3 -
API
3 -
FortiNDR
3 -
NAC policy
3 -
DLP Dictionary
3 -
DLP profile
3 -
DoS policy
3 -
Service
3 -
VoIP profile
3 -
Multicast routing
3 -
Cloud Management Security
3 -
FortiInsight
2 -
FortiAI
2 -
Kerberos
2 -
Authentication rule and scheme
2 -
Protocol option
2 -
TACACS
2 -
Schedule
2 -
SDN connector
2 -
Zone
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
Video Filter
1 -
ICAP profile
1 -
Multicast policy
1 -
Vulnerability Management
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1662 | |
| 1077 | |
| 752 | |
| 446 | |
| 220 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.