1. I recommend using the upograde path fortinet gives you to not loose anything or screw anything!
2. You do not loose the connection to FMG but you might not be able to deploy to 6.4. FGT unless you upgrade the adom. The adom though can only be upgraded if all FGT that are in it are upgraded to 6.4.
So upgrade your FGT to 6.4 accoarding to the recommended upgrad path and do not deploy t them with FMG yet
Once all FGT are upgraded upgrade the adom to 6.4
Now you can deploy again.
I did that way to upgrade from 6.0 zo 6.2 and from 6.2. to 6.4 (and in nearer Future I'll do 6.4 to 7.0) and it always worked fine.
I once asked TAC about this but the only other solution they had was to creade a new 6.4. adom and transfer upgraded FGT to it. Which was no solution for me because you cannot transfer the policy package to annother adom.
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
- you will not be able to push policy packages though (but scripts will still work)
- the FortiGates might show as out of sync/unknown/AutoUpdate, as there will be changes in CLI settings that the 6.2 ADOM can't handle
- you can't add new 6.4 FortiGates to the 6.2 ADOM
You could move the FortiGates to a new 6.4 ADOM, but you would have to import policy packages from the FortiGates again to build the ADOM database, and any objects that are NOT in use would not exist in the ADOM database (so you would have to manually copy them over)
As an example, copying firewall address 'win-server-2019' from root VDOM to a different one:
But there is no easy bulk clone/move/copy option that I'm aware of.
If you're familiar with FortiManager API and scripting you could leverage that to get all the objects from one ADOM and then post them to another, but are there are no ready-made tools that I know of, sorry.
All of this is of course only a concern if there are specific changes you need to make while the FortiGates are being upgraded; if the already upgraded FortiGates don't require additional configuration/changes while in the 6.2 ADOM, you can just proceed with the upgrades as scheduled and then upgrade the ADOM once all FortiGates are at 6.4.
+++ Divide by Cucumber Error. Please Reinstall Universe and Reboot +++
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.