Has anyone upgraded their firmware to version 7 yet?
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
________________________________________________________
--- NSE 4 ---
________________________________________________________
I'm still not ready to do it even at home. The early 6.4 releases kind of traumatized me, ha. Any cool stuff you've found that would justify the upgrade?
No, just looking to try the Let's encrypt feature so far.
________________________________________________________
--- NSE 4 ---
________________________________________________________
Xaxa, Let's Encrypt is the indeed most spoken about feature, as if the money was the only reason people didn't use proper SSL certificates until now ... which you could/can buy for 8-10$ a year basically )))
Somehow noone thinks that SSL certificates issued via LEt's Encrypt are logged forever and are visible to the whole Internet - easiest way to enumerate all your certifates/web sites especially internal ones. Makes an interesting reading searching with automated tools for Let's Encrypt certs for *.gov, domains ))
@Alfred - I installed in a Lab VM, but didn't find any real cool features to try on the live traffic so far. The only new and mystery feature - ZTNA is completely absent from the Fortinet documentation so far, so waiting for kb.fortinet.com to catch up to try it ...
Thanks Yurisk!
"The early 6.4 releases kind of traumatized me, ha." LOL !
I upgraded one of my 80E and so far I've had no problems (crossing my fingers ?) But I did loose connection to my FortiManager. I was told by support that FortiManager firmware version 7 will not come out until next week, oh well...
Thanks Markus!
I've done this. I had an old FG 60D on my home network, replaced it with a 60F so jumped up to the latest 7.0 so I could start learning it and many of the more advanced features of Fortigate I'd never gotten around to.
Two things caused me some pain, most of which were probably my own fault, and may not necessarily be related to 7.0 (the 60D only ran up to 6.0).
First, I've been using IPv6 at home for a long time, my 60D didn't have the prefix delegation stuff in the GUI so I had done it all in the CLI. So doing it in the GUI I was able to set an impossible configuration that could never work, where the interface's IPv6 subnet and the SLAAC delegated subnet don't overlap. I get a /56 from my ISP so have a lot of /64 subnets to work with.
This would be like having your own IPv4 interface address and the default gateway not on the same subnet as determined by the mask
Interface: VL6-INTERNAL (my internal VLAN)
IPv6 addressing mode: [Delegated]
IPv6 upstream prefix [wan1]
IPv6 subnet [::6:0:0:0:1/64] <-- the "6" is the important part
Later in Stateless Address Auto-configuration (SLAAC):
IPv6 delegated prefix list [On]
Upstream interface [wan1]
subnet [0::/64] <-- this is wrong
I misread the last "subnet" part to be just a mask, so this generated incompatible addresses:
XXXX:XXXX:XXXX:XXXX /64 mask
v
2600:1111:1111:1106::1/64 <-- interface address
2600:1111:1111:1106::7/64 <-- valid delegated address
2600:1111:1111:1100::7/64 <-- invalid delegated address
The subnet of [0::/64] put a 0 in the lowest digit of the network part when it should have been a 6: I clearly did this wrong, but it seems that Fortigate should have noted that the SLAAC subnet didn't "fit" in the interface's subnet.
I should have put 0:0:0:6::/64 in the subnet part
This would have saved me several hours plus a tech support call.
Second, I have a new FortiAP 221E running 6.0.x (the last one in the series). It would simply never go online until I upgraded it to 6.2 something. I'm sure this was documented somewhere, but I didn't see it and burned a LOT of time on it.
EDIT: I just found this thread https://forum.fortinet.com/tm.aspx?m=195451&tree=true that would have saved me a lot of time on the FortiAP thing. Sigh.
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1705 | |
1093 | |
752 | |
446 | |
230 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.