Hi, I am looking to upgrade firmware of my FG 200D from v5.2.3 to ???... I am not in a huge rush unless there are some audit security reason that are needed. I have 2 units that are in A/P-HA Mode in Production. Which version should I upgrade to. Not sure if going to v5.2.8 or v5.4.1 is best... any Pros and Cons to each version... Any bugs that I need to be worried about...
- using 2 WAN and 3 LAN interfaces
- HA is Active/Passive
- 200+ Policies
- 200+ Object address
- 150+ Services
- 30+ Virtual IPs
- 20+ IP Pools
IPSec VPN Tunnels
SSL VPN Tunnels
I
Hi, can anyone help me here...
Hi, I am looking to upgrade firmware of my FG 200D from v5.2.3 to ???... I am not in a huge rush unless there are some audit security reason that are needed. I have 2 units that are in A/P-HA Mode in Production. Which version should I upgrade to. Not sure if going to v5.2.8 or v5.4.1 is best... any Pros and Cons to each version... Any bugs that I need to be worried about... - using 2 WAN and 3 LAN interfaces - HA is Active/Passive - 200+ Policies - 200+ Object address - 150+ Services - 30+ Virtual IPs - 20+ IP Pools IPSec VPN Tunnels SSL VPN Tunnels
alright, we got it...(you as poster can delete a post which you deem superfluous)
First, don't fix what ain't broken. Really.
IMHO the next stable version after v5.2.3 is v5.2.8. Common opinion is to stay away from v5.4 for the time being.
But, v5.2.8 may have trouble with SSL VPN tunnels (check the latest posts), and the just-released v5.2.9 as well. Of course, not all Fortigates in all production networks have broken SSL VPN tunnels now. It would be wise to search the forums for posts on this.
How about 5.2.9 ? It's been out since Sept 7 and has a few fix.
Ken
PCNSE
NSE
StrongSwan
Usually, I'd suppose that a patch 8 or 9 would be rock solid with minor bug fixes. If you read up on https://forum.fortinet.com/tm.aspx?m=140855 one can see that on certain models (?) or certain configs there can be severe problems.
That's why I'd stay at v5.2.3 if not pressed to upgrade.
FWIW:
The OP needs to do some homework and review the relaese notes for 5.2.Xs to see if any of he fixes would benefit him. I would not stay on 5.2.3 personally, but that's just me. it's a good habit ;
[ul]
Mainly things have been founded and fix between 5.2.3 and 5.2.9. Your talking about a gap of over 12+ months which is like externally in the IT world.
ken
PCNSE
NSE
StrongSwan
Thanks all... I will move to v5.2.8 or v5.2.9. One of the main reason for me not moving up was there wasn't a real audit security reason... but, I see yall point...
Check out https://forum.fortinet.com/tm.aspx?m=140975 for a now confirmed bug in v5.2.9 concerning admin access and SSLVPN.
In case you didn't know here is the supported upgrade path
5.2.3 > 5.2.5 > 5.2.7 > 5.2.8
I havent progressed to 5.2.9 just yet on devices that are using 5.2.x code
Mike Pruett
Ok... thanks.
User | Count |
---|---|
2675 | |
1410 | |
810 | |
702 | |
455 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.