Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Salas
New Contributor

Best Upgrade path

Hi,

I'm planning upgrade 600c cluster from 5.2.11 to 5.4.8 firmware. What is the best upgrade path ?

Because in https://support.fortinet.com/Download/FirmwareImages.aspx Upgrade path tab I even cannot select 5.4.8 firmware 5.4.7 is available only, and suggested uprgade path looks like this: 5.2.11->5.4.6->5.4.7

 

 

1 Solution
Toshi_Esumi
SuperUser
SuperUser

In case you need to do it again in the future, when you look for upgrade path you need to check release notes in the path backward starting from the target version. In your case, you checked 5.4.8's release notes and found you could upgrade to it from 5.4.6, 5.4.7, 5.2.12, or 5.2.13. But it doesn't include your current version 5.2.11. That means you need to get to one of those 4 versions first. Now you need to make up your mind which version you want to get to before getting to 5.4.8. And you decided 5.4.6.

Now, you need to check 5.4.6's release note, which would show you 5.4.4-and above, or 5.2.10-and above. That includes 5.2.11. That's when you can be sure 5.2.11->5.4.6->5.4.8 path would work.

 

Toshi

 

View solution in original post

7 REPLIES 7
emnoc
Esteemed Contributor III

Read the release notes. That's why they publish them ;) It will tell you exactly what's the migration path to get to the version you want.

 

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Salas
New Contributor

In realease notes there is line:

FortiOS version 5.4.8 officially supports upgrading from version 5.4.6 and 5.4.7, and5.2.12 and 5.2.13.

And after that link to the same page, where 5.4.8 is not listed :)

I decided to go this way:

5.2.11->5.4.6->5.4.8

 

 

emnoc
Esteemed Contributor III

Good, I think you have it covered.  Just make backups between all updates in the migration path and you should be good

 

 

Review any config-errors between the updates if any.

 

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
Toshi_Esumi
SuperUser
SuperUser

In case you need to do it again in the future, when you look for upgrade path you need to check release notes in the path backward starting from the target version. In your case, you checked 5.4.8's release notes and found you could upgrade to it from 5.4.6, 5.4.7, 5.2.12, or 5.2.13. But it doesn't include your current version 5.2.11. That means you need to get to one of those 4 versions first. Now you need to make up your mind which version you want to get to before getting to 5.4.8. And you decided 5.4.6.

Now, you need to check 5.4.6's release note, which would show you 5.4.4-and above, or 5.2.10-and above. That includes 5.2.11. That's when you can be sure 5.2.11->5.4.6->5.4.8 path would work.

 

Toshi

 

Salas

Thanks for explanation.

Upgrade was successfull. Currently i see no issues after upgrade.

 

 

Toshi_Esumi

At each step when you upgrade it, you should check "diag debug config-error-log read" to see any config has been thrown out, then take an intermediate config backup before moving on to the next step.

You might see some non-used FortiAP profiles thrown out when they're no longer supported, and some others you don't even understand what they are in the error log. But you should be able to identify if something you configured showed up in there. In that case, you might need to correct the problems before the next step.

neonbit
Valued Contributor

Also FYI there's a new upgrade path option from the support portal. Where you download the firmware you'll see an 'Upgrade Path' tab. Select your FortiGate model and the firmware you're on and what you want to goto and it will load the required firmware. It's very hand as you don't have to jump around the different firmware versions trying to find your model.

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors