Background

When a FortiGate downloads package updates directly from Fortinet FortiGuard (FDN), the package files are downloaded and then expanded into the FortiOS without any user control over which subcomponents (within each package) are installed. Thus, the process is "all or nothing". The user (or the configured schedule) triggers the update and the FortiGate obtains the package, then expands and installs all of the package contents. This means that the user has no control over which subcomponents are installed.

However, when using the FortiGuard service within FortiManager, the administrator has the ability to control which version of specific packages can be downloaded by FortiGate. In the FortiManager scenario, FortiManager downloads packages from the Fortinet FortiGuard (FDN) service, and then the downloaded packages are expanded into FortiManager. Administrators are presented with a full list of all of the subcomponents that have been downloaded.

Most importantly (to this question), the administrator is then able to select (for each subcomponent) the precise version that the FortiGates are allowed to download. This means that it is entirely possible to allow FortiGates to download different versions of various subcomponents.

Question

Are there any dependencies between subcomponents that would break FortiGates? In the screenshot below, all of the FortiGate subcomponents are set to various different versions. Will this ever cause a problem?

Put another way, are there any problems expected when running a Fortigate with one very old version of one package component while another component uses a much more recent (perhaps the latest) version? Are there any known problems with running package components on very different versions?