Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
amnetworking
New Contributor

Upgrade path for FortiGate 200B affected with FG-IR-22-398

Hi all,

 

We have a forti firewall affected by vulnerability FG-IR-22-398.

https://www.fortiguard.com/psirt/FG-IR-22-398

 

It is a FortiGate 200B with version 5.2.3 build 670.

 

We have checked the upgrade path but we cannot select version 5.2.3 as Current FortiOS Version.

 

In the case that we could upgrade it would have to be to 6.0.16 or above, but I don't know if it will be possible because of the problem with the upgrade path that I mentioned above.

 

What options do we have?

 

BR,

3 REPLIES 3
pminarik
Staff
Staff

Hi,

Legacy firmware versions have their upgrade path documented here - https://community.fortinet.com/t5/FortiGate/Troubleshooting-Tip-FortiGate-Supported-Legacy-Upgrade-P...

 

With that said, let me save you the trouble of parsing the table and tell you straight that 200B models are capped at fimrware branch 5.2, the latest version of which is 5.2.15, and that one is still affected. The 5.2 branch reached complete end of support four years ago, so there's no chance that it will ever receive a patch for this. (the HW itself is EOS for 2,5 years already as well)

 

End of support dates and version caps for models can be reviewed on this support portal page - https://support.fortinet.com/Information/ProductLifeCycle.aspx (note: requires login with your customer account)

[ corrections always welcome ]
gfleming
Staff
Staff

pminarik has given you excellent info. Your best course of action is a new FortiGate. A FortiGate 100F could easily replace the 200B in terms of performance in a 19" rackmount form factor. Even the entry-level desktop form factor models could replace this easily at an even lower price point and you can get rack mount kits for them.

Cheers,
Graham
anikolov
Staff
Staff

Hello amnetworking,

 

Support for 200B has expired on 1st April 2020 and for OS 5.2 on 13rd December 2018, therefore, this vulnerability patch won't be provided for these hardware/software. You are welcome to contact your account manager/sales engineer to replace the fortigate with active support to mitigate this issue.

Aleksandar Nikolov
Labels
Top Kudoed Authors