Hi Fortinet Community,
One of our clients wants to upgrade their FortiGate (physical appliance), deployed on-prem as an edge firewall. The current running version is v7.4.2, and the client wishes to upgrade to v7.4.3.
Could you please confirm if v7.4.3 is a stable version and does not contain any significant bugs or issues? If it is not stable, could you suggest a stable version of FortiGate to upgrade to?
Solved! Go to Solution.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi @sheerazali,
You may refer to this article to help you determine the most appropriate release of FortiOS based on the product you have.
For the known issue and fixes, you can visit the release notes of your target firmware.
As for 7.4.x, the latest release is 7.4.4.
https://docs.fortinet.com/document/fortigate/7.4.4/fortios-release-notes/236526/known-issues
https://docs.fortinet.com/document/fortigate/7.4.4/fortios-release-notes/289806/resolved-issues
It is important for the customer to do a bug scrub to clearly understand the available known issues and check if the existing configuration/setup will be impacted.
Hi @sheerazali,
You may refer to this article to help you determine the most appropriate release of FortiOS based on the product you have.
For the known issue and fixes, you can visit the release notes of your target firmware.
As for 7.4.x, the latest release is 7.4.4.
https://docs.fortinet.com/document/fortigate/7.4.4/fortios-release-notes/236526/known-issues
https://docs.fortinet.com/document/fortigate/7.4.4/fortios-release-notes/289806/resolved-issues
It is important for the customer to do a bug scrub to clearly understand the available known issues and check if the existing configuration/setup will be impacted.
In general, all relased versions are considered stable.
Only the person who manages the firewall can identify if there is a problem, and generally that is after the upgrade. Checking the known bugs and release notes should be a compulsory step (you know the device model and what you have configured on the FG).
Hello @sheerazali ,
Actually, all GA releases are tested and verified by QA team and can be deployed in a production environment. We generally recommend checking release notes, specifically resolved and known issues. Customers occasionally concentrate on issues that have been resolved while ignoring known issues that could cause unanticipated issues after deployment. A test environment would be recommended to check before rolling-out in a production.
regards,
Sheikh
I echo all the staff responses of "read the release notes" for known and fixed issues for the version you want to upgrade to. So much of this depends on what features you're using so it's best to read all the known and fixed issues list.
But I'll give you an field report. I've been running 7.4.4 (started out with 7.4.3) in production for 6 weeks in an HA setup and not had major operational issues.
Of three issues I have encountered, one is minor, second was ha configuration related, and the third was an unexpected behavioral change from version 7.0.14 (which we ran on our previous FGs).
The minor issue was that some of our routes were being misidentified as "BGP VPNv4" in the routing table. It did not affect routing or traffic flow, but was identified as a bug when changing routes from a blackhole route to non-blackhole on a different interface. Deleting the route and recreating it seems to solve this particular issue.
We had fnbamd crashing issues when we had "ha direct enabled" set. The effects of this crash were vpn authentications failing. Enabling ha direct was a configuration decision that I made on initial deployment. Enabling "ha direct" changes traffic flow within the Fortigate in ways that I did not fully appreciate. After the troubleshooting, I just left it disabled and decided we don't really need it enabled after all.
After the crash issue was solved, we ran into the behavior change involving timeout values for authenticating to our remote authentication servers. We needed to raise ldapconntimeout in Global Settings to a large value, where we previously had it set to default. If your authentication is working correctly for your vpn users, then you'll probably be good since you're only moving from 7.4.2.
Like I said, we've only been up and running for 6 weeks in production, so may not have had enough time to shake things down fully. Read the docs! But if you're going to upgrade, you may want to just go to 7.4.4. You're client is already on the bleeding edge with 7.4, as the recommended version for most newer devices is still 7.2.7.
Dear Sheeraz Ali,
It is always recommended updating to the latest branch of software version if your device model is supported, as it would include the recent bug fixes from the previous branches. We would advise you to have a look at the release notes of specific version you are interested to upgrade to make sure you are aware about known issues & issues fixed for the same.
Regards,
Jef
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1688 | |
1087 | |
752 | |
446 | |
226 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.