Hi fellows:
I have a fortigate 100D "G2" running 4mr3 patch 15, and a new one G3 shipped with 5.2, the idea is to replace the G2 with the G3 hardware, and i am just wondering about downgrading the G3 to 4.3.15 in order to execute the upgrade steps to 5.2 with a backup of my current working configuration, i want to do this in order to minimize the downtime of the production equipment during the replace process.
This device is working as a packet filter and vpn for remote offices and ssl vpn for road warriors, no utm functions enabled.
Have some one tried this?
What are your thoughts about this?
Any recommendations?
Thanks in advance
Victor
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hi there,
I don't think there is need to worry much here since they are all FGT 100Ds since the firmware is the same for the same devices (note i am not sure the significant difference between G2 and G3) but the only diffrence that matters in conversion will be Fortiwifi and POE devices or different models. I would do the following
1.Download firmware 4.3.15
2. Install 4.3.15 firmware on new FGT 100D
3. Restore the back up on the new device and do one to one comparison if in doubt
4. Upgrade to the desired firmware if need be following the recommended path
5. Do a straight swop and test
note that you can also use a conversion with forticonverter from 4.3.x to 5.2.x even on different models I have done this several times and even with different vendors
As far as I experienced they're minor hardware upgrades that doesn't affect to software. Like FG60D first came without a RJ45 console port, then next gen came with it (again). FG1500D G2 upgraded log hd capacity from G1.
Thanks for the feedback Clau and Toshi, great info, have a nice day!
Just want to update this thread
My new FG100D, with part number P11510-05 and by the way it comes with a Quad Core cpu, does not support 4MR3.
It went to a kernel panic every try, with 4.3.15 and 4.3.18.
It was shipped with 5.2 but the older firmware that works ok in it is 5.0.
I hope this helps some one
My .02
Read the release manual but they clearly warn you about this;
4.3.18 rls notes
FortiOS v4.0 MR3 (all patches) contains a compatibility issue with FortiGate-100D units that have a system part number of P11510-03 and later. You can view the system part number on the bottom of the unit or with the get system status CLI command. Units with this system part number must run FortiOS v5.0 Patch Release 3 or later.
PCNSE
NSE
StrongSwan
As older and newer versions are incompatible in v4.3 the way to go is to upgrade the older one to, say, v5.0.14 (which is decent in it's own) and then copy the config. Of course, respecting the recommended upgrade sequence.
Or, rebuild the new v5.2 config from scratch, cutting and pasting parts of the old config. Note that there've been considerable changes in SSLVPN config, as an example, between v4.3 and v5.2.
Thanks emnoc and ede_pfau.
i´m a little embarased since most of the times i read carefully the release notes, of course i missed it this time
i will do the upgrade to 5.0.14 first in prod, then copy config on the newer one, and upgrade to 5.2.8 after that
Regards
I'm curious
Did you just order this unit was the pn# listed on the box? I'm getting ready to order 2 FGT100D and requested thru the vendor the latest model but they told me they can't ensure that a I would get the exact 2 model of the same pn#.
Ken
PCNSE
NSE
StrongSwan
emnoc:
I dont remember if the box says some thing about, don´t think so, i will have access to the box in 10 days and tell you more, but i got 2 units, one in july and one in august, the first one was -05, the second one -04, i´m talking about two different companies and projects, so my guess is that it is an inventory turnover issue on the distribution channel...
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1547 | |
1031 | |
749 | |
443 | |
210 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.