Background
When a FortiGate downloads package updates directly from Fortinet FortiGuard (FDN), the package files are downloaded and then expanded into the FortiOS without any user control over which subcomponents (within each package) are installed. Thus, the process is "all or nothing". The user (or the configured schedule) triggers the update and the FortiGate obtains the package, then expands and installs all of the package contents. This means that the user has no control over which subcomponents are installed.
However, when using the FortiGuard service within FortiManager, the administrator has the ability to control which version of specific packages can be downloaded by FortiGate. In the FortiManager scenario, FortiManager downloads packages from the Fortinet FortiGuard (FDN) service, and then the downloaded packages are expanded into FortiManager. Administrators are presented with a full list of all of the subcomponents that have been downloaded.
Most importantly (to this question), the administrator is then able to select (for each subcomponent) the precise version that the FortiGates are allowed to download. This means that it is entirely possible to allow FortiGates to download different versions of various subcomponents.
Question
Are there any dependencies between subcomponents that would break FortiGates? In the screenshot below, all of the FortiGate subcomponents are set to various different versions. Will this ever cause a problem?
Put another way, are there any problems expected when running a Fortigate with one very old version of one package component while another component uses a much more recent (perhaps the latest) version? Are there any known problems with running package components on very different versions?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Good Morning @Katoomba ,
There are no dependencies amongst individual engines like App control to IPS Engine.
But it is advised to upgrade all entities under one engine IPS entities in this case as they include new definitions and are updated more frequently.
Regards,
R.S
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1696 | |
1091 | |
752 | |
446 | |
228 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.