I have fortimanager, Fortianalyzer and Fortigate in my premises in which i have to upgrade multiple fortigate firewall to various version. Can anyone help me in answering below queries
1) Fortimanager and Fortianalyzer are on 7.2.2 and fortigate is on various version like 7.0.10, 7.2.4 like such. Can i upgrade my Fortigate keeping Fortimanager and Fortianalyzer on their existing version ?.
2) Should i need to redploy the policy package or repush any configuration from Fortimanager after Upgradation of Fortigate.
3) If i upgrade Fortimanager to latest version and following Fortigate to same/lower version should i need to redploy the policy package or repush any configuration from Fortimanager to manage devices
4) Lastly, apart from above points is it any things i need to take care or calculate before upgradation ?
1. It is recommended to keep your FortiManager and FortiAnalyzer versions compatible with the firmware version running on the FortiGate devices. While there might be some level of backward compatibility between different versions, Please check release notes and compatibility matrices provided. It's possible that certain features or functionalities might not work as expected if there are version mismatches. https://docs.fortinet.com/document/fortimanager/7.4.0/compatibility-with-fortios
2. After upgrading a FortiGate device, the policy package and configurations should be automatically synchronized from the FortiManager to the upgraded device. After the upgrade do ensure everything is functioning as expected.
3. If you upgrade the FortiManager to a newer version and subsequently upgrade the FortiGate devices to the same or a lower version, review and reapply the policy package to ensure that any new features or changes introduced in the newer version are correctly applied to the devices. This will ensure that the devices are managed consistently and taking advantage of the latest capabilities.
4. Before performing any upgrade, it is important to thoroughly review the release notes and upgrade guides provided.
Take backups: Ensure that you have recent backups of your FortiGate configurations, FortiManager database, and FortiAnalyzer data.
Plan for downtime: Upgrading the FortiGate devices will typically involve a temporary disruption in services.
Regarding point 3 you mentioned need to review and reapply the policy package to ensure that any new features or changes introduced in the newer version are correctly applied to the devices. Will it be not auto sync to the managed devices ?.
Regarding backup of devices would i have to locally extract the backup from fortigate or from fortimanager i can take backup of manage devices ?
@pavankr5's point No.2 is not the case at least for our Fortimanager-VM 7.0.7 or prior. Almost every time we upgrade FGTs through the FMG, CLI templates & Policy package's sync status go to "unknown" (question mark icon) so we always have to push them to all those FGTs even though there is no config change happens with the push.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.