Hi,
I have two FortiWifi 60C, currently at FWF60C-4.00-FW-build482 firmware. What could happen if I don't follow the recommended upgrade path? Can I upgrade them directly to v5.0 without risk of bricking the devices?
At this moment both firewalls are almost factory default so, there is no need to preserve the configuration.
Thanks in advance.
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Likely you would lose a chunk of configuration because the new software doesn't understand the config on the old software, then that part would be thrown away. I don't recommend it unless you don't have to keep the old config and are planning configure it from scratch after the upgrade.
Also 5.0 started checking more for config inconsistency and automatically correct them during upgrade, while 4.x had less check. If there was a conflict, upgrade process might throw a legit one and keep not-legit-anymore one. If that happens, you need to recover the thrown-out one after removing the not-legit-anymore one. The keys to solve those puzzles are in "diag debug config-error-log read" CLI output after each upgrade step.
Bricking the device isn't the concern, it's your running configuration that can be altered.
If you do decide to skip versions, thoroughly compare your config files before an after. Like the user above said, you will most likely lose some configuration because it is not directly compatible in the new version. Following the recommended upgrade path ensures your configuration is properly updated through each version.
I've jumped firmware versions in the past. It's definitely not recommended, but as long as you are aware of what changed in your config and you go back and correct it, you should be fine.
FortiOSman,
Up, Up, and Away!
Not following the proper upgrade path can cause........unexpected....results.
Mike Pruett
I am wondering the same thing myself.
What if I don't care about the current running config, and I want to do a factory reset anyway.
Maybe someone can comment on what is actually technically happening during a firmware upgrade, besides making the current running config compatible with the new release.
What would be the reason to follow the upgrade path?
localhost wrote:That is the only reason. If you're going to flatten it, drive on. If you have the ability, I would format the flash and upload the new version via TFTP. Besides having a really fresh unit to work from, you'll gain some experience making that configuration upload procedure during a slower predetermined time (rather than when the flames are licking your backside...)....making the current running config compatible with the new release.
What would be the reason to follow the upgrade path?
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
During firmware upgrades it will migrate the existing configuration from version to version (making changes to ensure the configuration uses non deprecated commands, new OS config requirements etc).
If you skip steps, certain sections of code may not migrate properly and weird things can happen (IPSec tunnels flapping even though they are setup properly etc).
It sucks.
Mike Pruett
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1712 | |
1093 | |
752 | |
447 | |
231 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.