FortiOS Upgrade Experience and Recommendation

LarW63 · ‎12-12-2018

Hi,

In our network we have a mix of FG200D, FG60E and FG200E firewalls all managed by a single FMG VM. Currently we are running latest version of 5.4 across all devices and FMG.

In the past we have been reluctant to move to the latest major release, at least until after a few minor releases to fix bugs. Taking this into consideration, we are contemplating upgrading to the latest of either 5.6 or 6.0 and would like to know your experience and recommendation. Are there issues with 6.0 making it more sensible to go the 5.6 route, at least for now?

Your time is appreciated.

Thank you,

LarW63

LarW63 · ‎12-13-2018

Ok, thank you all for your input.

Generally, our implementation is fairly straight forward with quite a few Site-Site VPNs and lengthy policy-sets all running over a couple of VDOMs. The only thing really out of the ordinary is that we are running a significant Multicast implementation throughout the network.

With 5.4, there are a few bugs with the Multicast implementation, in which we have workarounds in place.

Given the research and feedback, I'm favoring upgrading to v5.6.7 over v6.0.x... at least for now.

Larry

View solution in original post

Toshi_Esumi · ‎12-12-2018

That's always a difficult and tricky question unless the latest major version is still x.x.0, .1 or .2. Current latests are now 5.6.7 and 6.0.3. We just recently up graded our FGs in our core network to 5.6.6 then one of them encountered wad memory leak issue and upgraded others to 5.6.7. But also encountered a GUI slowness and config loss related to it but the bug fix was only on 6.0.3 at this moment. But if we go to 6.0.3 now I need to expect more like these.

Depending on what features are used and how they're used on each FG, 6.0.3 might work perfectly fine with your FGs while you might experience with 5.6.7.

But we regularly go up to the next major version and wait at least one year then consider going up to the next major version. We keep checking release-notes every time they release a new version, and listen to problem reports on this forum.

emnoc · ‎12-12-2018

You have no clue as to what issues will|may arise in any major release updates. Review the release notes and if you have a dev lab test if you have a complex environment or using advance features. If your using a basic firewall services , I would not worry too much gong from 5.4 to 5.6 or 6.0

Ken Felix

PCNSE

NSE

StrongSwan

Sebastiaan_Koopmans · ‎12-12-2018

Hi

It depends on your configuration what the impact will be.

We are waiting always at least 3 minor version before we upgrade to an new Feature release. (Because we like to be up to date and want the latest features)

We are now on 5.6.7 and thats the stable train and works fine.

FortiAnalyzer / 6.4.0

FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6

FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0

FortiWeb VM / 6.3.2

FortiManager VM / 6.4.0

LarW63 · ‎12-13-2018