In the process of upgrading a FortiGate 60E from 5.4.6 to 5.4.7. It looks as though I need to get a special build to do this as the upgrade page of the UI says that I can not upgrade from FortiOS v5.4.7 build1167 from FortiOS v5.4.6 build6408. I presume that I need to download FortiOS v5.4.7 build6453. Is this correct?
While looking for the correct image to download I noticed a listing for 5.4.8.
https://support.fortinet....ad/FirmwareImages.aspx
Has this been released? Has anyone tried 5.4.8 yet?
Solved! Go to Solution.
danilo.cardoso wrote:Well.
I´m planning to upgrade my 100D to that version from the old 5.0.9.
Just taking some courage.
Don't forget to save you config before and after each upgrade
You can check if some items are not correctly upgrade :
diagnose debug config-error-log read
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Update on IPv6 BGP Issue. Fortinet support was able to finally repro the issue in their labs and they were able to suggest a fix for the issue. Added the following line to config router bgp:
set network-import-check disable
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
SecurityPlus wrote:
Are you planning to follow the supported upgrade path cookbook? http://cookbook.fortinet....-upgrade-paths-fortios What features of the 100D are you using? Is this firewall under support should you encounter any problems?
These are the enable features on global config
config system global set admin-concurrent enable set admin-https-redirect enable set admin-maintainer enable set allow-traffic-redirect enable set auth-policy-exact-match enable set batch-cmdb enable set csr-ca-attribute enable set dst enable set endpoint-control-fds-access enable set fds-statistics enable set gui-antivirus enable set gui-ap-profile enable set gui-application-control enable set gui-certificates enable set gui-client-reputation enable set gui-dynamic-routing enable set gui-endpoint-control enable set gui-explicit-proxy enable set gui-implicit-policy enable set gui-ips enable set gui-multiple-utm-profiles enable set gui-vpn enable set gui-vulnerability-scan enable set gui-webfilter enable set ipsec-hmac-offload enable set phase1-rekey enable set registration-notification enable set remoteauthtimeout 5 set send-pmtu-icmp enable set sslvpn-cipher-hardware-acceleration enable set sslvpn-kxp-hardware-acceleration enable set strict-dirty-session-check enable set wireless-controller enable
danilo.cardoso wrote:Well.
I´m planning to upgrade my 100D to that version from the old 5.0.9.
Just taking some courage.
Don't forget to save you config before and after each upgrade
You can check if some items are not correctly upgrade :
diagnose debug config-error-log read
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
FYI - I believe I have identified a bug with IPV6 BGP. It doesn't seem to be announcing our prefix to the upstream ISP.
Fortinet took a look at it and recommended we roll back firmware until they can lab this out and figure out the issue.
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
I believe I have also identified another bug with SSLVPN using IPV6. The LDAP audentication fails on IPv6 but works normally on IPv4. Strange.
Fortinet is also researching this bug as well.
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
Update on IPv6 BGP Issue. Fortinet support was able to finally repro the issue in their labs and they were able to suggest a fix for the issue. Added the following line to config router bgp:
set network-import-check disable
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
ddskier wrote:Update on IPv6 BGP Issue. Fortinet support was able to finally repro the issue in their labs and they were able to suggest a fix for the issue. Added the following line to config router bgp:
set network-import-check disable
Thanks for updating us on your resolution!
ddskier wrote:I'd be interested to know how many people are using IPv6. We are so far away from that still. Regardless that is a good bug catch and solid resolution.Update on IPv6 BGP Issue. Fortinet support was able to finally repro the issue in their labs and they were able to suggest a fix for the issue. Added the following line to config router bgp:
set network-import-check disable
Official word from Fortinet. Not LDAP IPv6 support until 6.0
-DDSkier FCNSA, FCNSP FortiGate 400D, (2) 200D, (12) 100D, (2) 60D
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1737 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.