Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
chrbar
New Contributor

FortiAuthenticator Compatibility versions?

Hello, We use two FortiGate 3700D (HA cluster) running FortiOS v5.2.3 build670 (GA), managed from FortiManager v5.2.2-build0706 150415.

We run a FortiAuthenticator v4.00-build0019-20151007-patch00

 

We 'd like to upgrade all to last versions: FortiManager and FortiOS to v5.4, FortiAuthenticator to 4.1.

 

These upgrades are validated for FortiManager and FortiOS.

http://docs.fortinet.com/uploaded/files/2902/fortimanager-compatibility.pdf

 

About FortiAuthenticator, the Release Notes v4.1 (last version) says:

FortiAuthenticatorâ„¢ 4.1 supports the following FortiOS versions: FortiOS v5.0 Patch Release 12 FortiOS v5.2 Patch Release 4 Other FortiOS versions may function correctly, but may not be supported by Fortinet.

http://docs.fortinet.com/...c-release-notes-41.pdf

 

Does someone try and run a FortiManager/FortiOS v5.4 with FortiAuthenticator to 4.1?

Regards, Chris

1 Solution
Michael_McDonnell

I do use local RADIUS and have no problems with it currently. I have FGT-VMs, FGT-100Ds, FMG, FAZ, and FortiMail all authenticating against local RADIUS service on FAC. Almost all of those are at v5.4.0. Some of the VMs are 5.2.7 or various versions I need to test in my lab for troubleshooting or proof-of-concept.

 

I am not using the local certificate authority. I did use in a previous version and can confirm that v4.1.0 does fix a bug that affected me. Previously, there was a bug where local CAs on the FAC could not be deleted. Sometimes, but no always, the CA would not delete even when there were no dependencies. In v4.1.0 I was able to delete all local CAs.

 

View solution in original post

4 REPLIES 4
tanr
Valued Contributor II

Chris,

 

Did you ever get a response to this?

 

I'm currently testing a FortiAuthenticator-VM v4.1 with a couple FortiGate-VM's v5.4.0.  Would be nice to know if they're supposed to work together before I do much more testing!

 

Then again, I won't be putting this in production until FortiOS 5.4.1 is out and I've had some time to test it...

Michael_McDonnell

I use FortiAuthenticator v4.1.0 with FortiGate 100Ds on FortiOS 5.4.0 and with FortiGate-VMs on FortiOS 5.2.7 and FortiOS 5.4.0. So far, all is well except for the non-functional local LDAP service on FAC (supposed to be fixed in the upcoming v4.1.1).

 

My FortiGate-VMs are all non-production but they get a lot more workout in my lab environment than some production systems do. 

tanr
Valued Contributor II

Thanks for the info Michael.  Useful to know the 4.1.0's FAC's local LDAP service isn't working - I checked out your other thread on that.

 

Have you been using the 4.1.0 FAC's local RADIUS or local Certificate Authority?  I'm planning to use both, with the local RADIUS also serving for 802.1x authentication.  Hoping to get some time to start VM tests tomorrow.

Michael_McDonnell

I do use local RADIUS and have no problems with it currently. I have FGT-VMs, FGT-100Ds, FMG, FAZ, and FortiMail all authenticating against local RADIUS service on FAC. Almost all of those are at v5.4.0. Some of the VMs are 5.2.7 or various versions I need to test in my lab for troubleshooting or proof-of-concept.

 

I am not using the local certificate authority. I did use in a previous version and can confirm that v4.1.0 does fix a bug that affected me. Previously, there was a bug where local CAs on the FAC could not be deleted. Sometimes, but no always, the CA would not delete even when there were no dependencies. In v4.1.0 I was able to delete all local CAs.

 

Labels
Top Kudoed Authors