I have loaded 5.2.5 on about 30 boxes, but only 200D as HA, and no issues yet, using WF, APP, IPS, DLP, IPSEC and SSL, so far Im happy, we are about 130 users on them.

Hey Selective, what ver dis you upgrade from? Did you keep the nondisruptive upgrade setting checked? Have a 200D HA pair that I have on the last 5.0 release that I'm looking to upgrade. Release notes say this is a direct upgrade path, but would love to see if anyone else has made the jump to 5.2.5 from 5.0.13.

I've upgraded from previous 5.0 versions like 5.0.7 - you may get some config errors but these are easily sorted out with "diag deb conf read". This is not recommended though.

 

You should be good from any version if you follow the release/upgrade notes. Eg. 5.2.5 notes indicate upgrade from 5.0.10 allowed so anything from 5.0.10 and up should be fine. I've jsut done a few 5.0.10 and 5.0.12 updates without issues ...

 

I've never had a faulty config upgrade and I've been doing these since 2.50 ... but keep a config file to hand before upgrading and if this is a remote unit, then try to arrange for some sort of remote onsite support with serial console/putty or usb console/FortiExplorer. You may even have a jump box with Teamviewer or Hamachi already connected to serial ( depending on your security policies ) and the apps installed. I always leave the usb and serial cables, supplied with the units, plugged in and ready to go. And for those who have lots of serial devices, you can use something like a Perle serial-to-ip concentrator.

CfSi_Dan wrote:
Hey Selective, what ver dis you upgrade from? Did you keep the nondisruptive upgrade setting checked? Have a 200D HA pair that I have on the last 5.0 release that I'm looking to upgrade. Release notes say this is a direct upgrade path, but would love to see if anyone else has made the jump to 5.2.5 from 5.0.13.

I did the jump fom 5.2.3.

uninterruptible-upgrade: enable

Was very straight forward, we upgraded through a FortiManager but the procedure is the same.

Use this Fortinet Doc: http://docs.fortinet.com/uploaded/files/1965/Supported%20Upgrade%20Paths%20for%20FortiOS%20Firmware%...

 

And everything will be fine

Let me know if you or anyone else results with VPN (both IPSEC and SSL via forticleint).  We have intermittent drops of phase 2 in IPSEC on our remote sites, which feels more like firewall/routing issue since the tunnel is still up.  We either reboot the remote router and everything is fine.  We have separate and continuous reports from home users (windows 7, 8.1, and 10) were they will drop continuously one day and be fine for a week after that.  We had an ASA5510 using anyconnect before this so it's a little annoying because that never had an issue.   I am thinking of applying the release at the end of the month, regardless of feedback. 

2x 500D HA Active/Passive using VDOMs

Hello, I'm running 100D on 5.2.2, I saw on release notes that upgrade to 5.2.5 is only support from 5.2.3.

My question : is upgrade to 5.2.3 buggy ? or I can safely upgrade to 5.2.3 and then to 5.2.5 ? 

Hello guys, I am trying to backup config using SCP but it doesn't allow me to enable SCP...

 

fw1-shc3 # config global fw1-shc3 (global) # set admin-scp enable Unknown action 0 fw1-shc3 (global) # end

 

Is this issue with new ForitOS 5.2.5 or wrong syntax?

vladdar

 Your running vdoms  so you need to configure this  under config sys global under global context.

 

config global

     config sys global

        set admin scp enable

     end

 

 

Ken