Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
vishal1
New Contributor II

Upgradation of fortigate

Hi All,

 

I have fortimanager, Fortianalyzer and Fortigate in my premises in which i have to upgrade multiple fortigate firewall to various version. Can anyone help me in answering below queries

 

1) Fortimanager and Fortianalyzer are on 7.2.2 and fortigate is on various version like 7.0.10, 7.2.4 like such. Can i upgrade my Fortigate keeping  Fortimanager and Fortianalyzer on their existing version ?.

 

2) Should i need to redploy the policy package or repush any configuration from Fortimanager after Upgradation of Fortigate.

 

3) If i upgrade Fortimanager to latest version and following Fortigate to same/lower version should i need to redploy the policy package or repush any configuration from Fortimanager to manage devices

 

4) Lastly, apart from above points is it any things i  need to take care or calculate before upgradation ?

4 REPLIES 4
pavankr5
Staff
Staff

 

Hello @vishal1 

1. It is recommended to keep your FortiManager and FortiAnalyzer versions compatible with the firmware version running on the FortiGate devices. While there might be some level of backward compatibility between different versions, Please check release notes and compatibility matrices provided. It's possible that certain features or functionalities might not work as expected if there are version mismatches.
https://docs.fortinet.com/document/fortimanager/7.4.0/compatibility-with-fortios


2. After upgrading a FortiGate device, the policy package and configurations should be automatically synchronized from the FortiManager to the upgraded device. After the upgrade do ensure everything is functioning as expected.

3. If you upgrade the FortiManager to a newer version and subsequently upgrade the FortiGate devices to the same or a lower version,  review and reapply the policy package to ensure that any new features or changes introduced in the newer version are correctly applied to the devices. This will ensure that the devices are managed consistently and taking advantage of the latest capabilities.

 

4. Before performing any upgrade, it is important to thoroughly review the release notes and upgrade guides provided.

Take backups: Ensure that you have recent backups of your FortiGate configurations, FortiManager database, and FortiAnalyzer data.

Plan for downtime: Upgrading the FortiGate devices will typically involve a temporary disruption in services.

Thanks,

Pavan

 

 

vishal1
New Contributor II

Hi Pavankr5,

 

Thank you for your reply, it really helpful.

 

Regarding point 3 you mentioned need to review and reapply the policy package to ensure that any new features or changes introduced in the newer version are correctly applied to the devices. Will it be not auto sync to the managed devices ?.

 

Regarding backup of devices would i have to locally extract the backup from fortigate or from fortimanager i can take backup of manage devices ?

Toshi_Esumi
Esteemed Contributor III

@pavankr5's point No.2 is not the case at least for our Fortimanager-VM 7.0.7 or prior. Almost every time we upgrade FGTs through the FMG, CLI templates & Policy package's sync status go to "unknown" (question mark icon) so we always have to push them to all those FGTs even though there is no config change happens with the push.

 

Toshi

vishal1
New Contributor II

Should i need to do for version 7.2.3 or above of that also ?

Top Kudoed Authors