Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sheerazali
New Contributor II

FortiGate Upgrade | from v7.4.2 to v7.4.3

Hi Fortinet Community,

 

One of our clients wants to upgrade their FortiGate (physical appliance), deployed on-prem as an edge firewall. The current running version is v7.4.2, and the client wishes to upgrade to v7.4.3.

 

Could you please confirm if v7.4.3 is a stable version and does not contain any significant bugs or issues? If it is not stable, could you suggest a stable version of FortiGate to upgrade to?

 

Sheeraz Ali
Sheeraz Ali
1 Solution
jera
Staff
Staff

Hi @sheerazali,

 

You may refer  to this article to help you determine the most appropriate release of FortiOS based on the product you have.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Recommended-Release-for-FortiOS/ta-p/22717...

 

For the known  issue and fixes, you can visit the release notes of your target firmware. 

As for 7.4.x, the latest release is 7.4.4.

https://docs.fortinet.com/document/fortigate/7.4.4/fortios-release-notes/236526/known-issues

https://docs.fortinet.com/document/fortigate/7.4.4/fortios-release-notes/289806/resolved-issues

 

It is important for the customer to do a bug scrub to clearly understand the available known issues and check if the existing configuration/setup will be impacted.

JE

View solution in original post

5 REPLIES 5
jera
Staff
Staff

Hi @sheerazali,

 

You may refer  to this article to help you determine the most appropriate release of FortiOS based on the product you have.

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Recommended-Release-for-FortiOS/ta-p/22717...

 

For the known  issue and fixes, you can visit the release notes of your target firmware. 

As for 7.4.x, the latest release is 7.4.4.

https://docs.fortinet.com/document/fortigate/7.4.4/fortios-release-notes/236526/known-issues

https://docs.fortinet.com/document/fortigate/7.4.4/fortios-release-notes/289806/resolved-issues

 

It is important for the customer to do a bug scrub to clearly understand the available known issues and check if the existing configuration/setup will be impacted.

JE
AlexC-FTNT
Staff
Staff

In general, all relased versions are considered stable.

Only the person who manages the firewall can identify if there is a problem, and generally that is after the upgrade. Checking the known bugs and release notes should be a compulsory step (you know the device model and what you have configured on the FG).


- Toss a 'Like' to your fixxer, oh Valley of Plenty! and chose the solution, too00oo -
Sheikh
Staff
Staff

Hello @sheerazali ,

 

Actually, all GA releases are tested and verified by QA team and can be deployed in a production environment. We generally recommend checking release notes, specifically resolved and known issues. Customers occasionally concentrate on issues that have been resolved while ignoring known issues that could cause unanticipated issues after deployment. A test environment would be recommended to check before rolling-out in a production.

 

regards,

 

Sheikh

**If you come across a resolution, kindly show your appreciation by liking and accepting it, ensuring its accessibility for others**
Pittstate
New Contributor III

I echo all the staff responses of "read the release notes" for known and fixed issues for the version you want to upgrade to. So much of this depends on what features you're using so it's best to read all the known and fixed issues list.

 

But I'll give you an field report. I've been running 7.4.4 (started out with 7.4.3) in production for 6 weeks in an HA setup and not had major operational issues.

 

Of three issues I have encountered, one is minor, second was ha configuration related, and the third was an unexpected behavioral change from version 7.0.14 (which we ran on our previous FGs).

 

The minor issue was that some of our routes were being misidentified as "BGP VPNv4" in the routing table. It did not affect routing or traffic flow, but was identified as a bug when changing routes from a blackhole route to non-blackhole on a different interface. Deleting the route and recreating it seems to solve this particular issue.

 

We had fnbamd crashing issues when we had "ha direct enabled" set. The effects of this crash were vpn authentications failing. Enabling ha direct was a configuration decision that I made on initial deployment. Enabling "ha direct" changes traffic flow within the Fortigate in ways that I did not fully appreciate. After the troubleshooting, I just left it disabled and decided we don't really need it enabled after all.

 

After the crash issue was solved, we ran into the behavior change involving timeout values for authenticating to our remote authentication servers. We needed to raise ldapconntimeout in Global Settings to a large value, where we previously had it set to default. If your authentication is working correctly for your vpn users, then you'll probably be good since you're only moving from 7.4.2.

 

Like I said, we've only been up and running for 6 weeks in production, so may not have had enough time to shake things down fully. Read the docs! But if you're going to upgrade, you may want to just go to 7.4.4. You're client is already on the bleeding edge with 7.4, as the recommended version for most newer devices is still 7.2.7.

jbernabe
Staff
Staff

Dear Sheeraz Ali,

It is always recommended updating to the latest branch of software version if your device model is supported, as it would include the recent bug fixes from the previous branches. We would advise you to have a look at the release notes of specific version you are interested to upgrade to make sure you are aware about known issues & issues fixed for the same.
 

Regards,
Jef

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors