Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Noob to Fortinet - Firmware version to use for new out of box devices

After many years of deploying and supporting Cisco PIX/ASA, I'm moving to FortiGate. Simple (hopefully) question - a 40F I recently purchase came with 6.4.x installed, I installed the upgrade to 6.4.12. I see that 6.4 is EOES. In general, what is the community doing with brand new deploys, assuming no interoperability with other releases on other devices is needed? are you deploying the latest and greatest, or taking a conservative approach and deploying an older release. That is, right now, 7.2 vs 7.0? My installs are basic internet traffic out, VPN in. No advanced configurations. Related question - I see that there is always a recommended upgrade path (6.4.12 -> 7.0.11 -> 7.2.4), but you can also do a direct update to 7.2.4 as well. For a *brand new out of box* device, is it safe to do a direct update as opposed to following the upgrade path? I would think so, but .......?? Thanks! vshare


Contributor II

I cannot answer if attempting a direct upgrade from 6.4.12 to 7.2.4 will work or not. My guess is, it will not going through normal upgrade procedures...maybe if you were doing a format flash and install process via TFTP, but why go through all that headache when stepping through 7.0.11 adds another 3-5 minutes to the normal upgrading process.


That being said, you also asked about deploying latest and greatest vs being more conservative. Fortinet now declares their firmware releases as Feature or Mature. In a nutshell, Mature releases will have less problems overall while Feature releases will be more problematic, but offer newer features. Read through the release notes for the version you are wanting to implement to see if there might be anything that might impact your environment as every network is different. Unless there is a specific feature in 7.2 code that you need to take advantage of, my recommendation is to stick with a Mature release of 7.0 code, which right now is 7.0.11




Direct upgrades are strongly not recommend. Alternatively you may consider to load the target firmware via TFTP and configure firewall from scratch.

Contributor III


In FortiGate Upgrade there are exactly ways how you can upgrade to 7.2.4.

The Fortigate tells you exactly what makes sense-




It is advised to stick to the upgrade path to make sure that there are no problems or unforeseen mistakes throughout the upgrade process. The upgrade path is set up to make sure that all required firmware and software updates are made in the proper sequence and that any dependencies or compatibility problems are fixed before going on to the following version.


Following the upgrade path is crucial if you want to keep your system stable, safe, and fully functional. The performance, security, and stability of your network may be impacted by a number of problems if you skip upgrades or don't follow the upgrade process carefully.







It is always recommended updating to the latest branch of software version if your device model is supported, as it would include the recent bug fixes from the previous branches. We would advise you to have a look at the release notes of specific version you are interested to upgrade to make sure you are aware about known issues & issues fixed for the same.


About the direct upgrade, we don't encourage direct upgrades at all. It is always recommended to follow the upgrade path to  avoid breaking production config as syntax can change between releases and following the path means it gets handled correctly at each step. A new unit on factory default should be ok to upgrade straight to latest as far as I know but you could always just do a reset on the new firmware to be sure if you like.




Top Kudoed Authors