FortiGate 400F FortiOS 7.2 support

dweimer · ‎03-23-2023

I am just getting ready to install a pair of FortiGate 400F devices replacing older FortiGate 300D devices. Started doing research on compatibility of FortiClient versions and such to prepare users in advanced for VPN prior to the Upgrade. Then I noticed that 400F model is missing from the supported devices on the 7.2.4 and all previous versions of the 7.2.x branch.

Can someone please confirm that I didn't miss something and these new FortiGates I just purchased are indeed not capable of running the latest FortiOS. Its quite bad that the tiny little 80F we have coming for a remote branch office can run newer software than the much more expensive unit we purchased for main office. Also that sales engineers wouldn't have thought to mention when we were looking at these units that we would be handicapped with older firmware if we went with it from day one. Unfortunately if they aren't capable its too late for us to send back as we don't have lead time prior to older units support contract expiration to switch to a different model.

abarushka · ‎03-25-2023

Hello,

FortiGate 400F is a new hardware platform. Upcoming FortiOS 7.2.5 may be supported by FortiGate 400F. You may consider to open a TAC case regarding FortiOS/FortiGate roadmap.

FortiGate

AlT · ‎04-25-2023

Yep, assuming it's the same underlying platform as the 70f we deployed a number of 70fs last year (sold as a better & more available alternative to the devices we had on back order) & just wait until they have a bug like in September (CVE-2022-40 - remote exploit to gain admin) & it took them 2 weeks longer to release the fix for these devices than the previous models. It does feel as if these devices are "second class" in terms of firmware support. Given that it's now over a year since they were announced it doesn't seem unreasonable to expect them to be able to run the "current" version of OS. We tried opening a TAC case & were told "it'll probably happen sometime, don't know when" & 7.2 is "bleeding edge anyway"

ede_pfau · ‎04-26-2023

I hope to give you a different perception of FTNT's firmware support cycle.*

As of today, 3 main firmware lines are supported:

v6.4
v7.0
v7.2

v6.4 is the most mature and reliable version available.

v7.0 is a huge step forward in terms of new features, fancy GUI etc and in patch level 11 now. This is regarded as 'mature' as well, but I remember that the first few patch versions after GA were...difficult sometimes (memory leaks and other bugs). This is considered normal if a new major version is released.

Same applies for v7.2. If the TAC supporter tells you "this is bleeding edge" you should believe him/her. This version is still in the phase where features are added, syntax may change, bugs are hunted and so on. Regard it as an engineering sample. Eventually, it will converge into a stable version (called 'mature' as no new features will be added) but that is not the case today.

So, with regular hardware, you have a choice of v6.4 or v7.0 releases.

In your case, a new hardware platform is supported with a dedicated branch release until it's merged with the main firmware. For the 400F/600F, in FOS v6.4 it's build is #5431 instead of the main #2060. In FOS v7.0.11, it is already merged into the common build #0489.

So, again, even for your new hardware, you have 2 choices of OS.

IMHO, you are not missing out if there is no v7.2 release yet supporting the 400F. Best advice I can offer is to stay away from v7.2 for another 3-4 patches if you plan to use it in a production environment.

* I'm sure there are tons of doc regarding 'firmware support cycle' which I'm too lazy to cite here.

Ede

"Kernel panic: Aiee, killing interrupt handler!"