I guess 4.3 is out long enough to iron out most bugs, still i am facing an upgrade of 8 Clusters from 4.2.X to 4.3.
Are there any experiences what parts may break during an update?
I have so far not really experienced bigger problems with past updates, but still its of course " super critical, no downtime .." according to users.
Pretty standard redundant VPN/OSPF setup.
4.3 patch15 are a most stable firmware today. 4.2 releases are EoL, so if you need open a ticket on Fortinet TAC, they will first ask to you update to 4.3 before support you.
The best upgrade path are:
4.2.x -> 4.2.15 -> 4.3.11 -> 4.3.15
I did this upgrade recently.
Compared to previous major upgrades, it went very smoothly for me.
The official Fortigate doc on the upgrade path is here:
Depending on your current 4.2.x firmware, you might need to go to 4.3.6 before going to 4.3.11 => 4.3.15
Here are a few relatively minor things I noticed after the upgrade:
1. The names of several applications changed or were removed. My application sensors had strange entries after upgrade and I had to edit the contents so they didn' t say things like, " Unknown Application."
2. I think I had one or two application sensors that had a space in the profile name that prevented it from displaying in the GUI. I had to rename it in the CLI. In general, you should insure there are no spaces in any profile names before doing the upgrade.
3. I had to update/upgrade the appropriate FSSO software on my servers to the latest version to prevent a few login bugs.
Fortigate 600C 5.0.12, 111C 5.0.2
In 4.3 you have to enable a user group to be available for SSL VPN usage. The 4.2 config was converted successfully but as the designated user group was not enabled SSL VPN failed in the beginning. Took some time to find that.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.