Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
cbialobz
New Contributor

Upgrading 100D from 4.3.11 to 5 - 5.2 or 5.4?

I'm going to visit some 100Ds in a rather remote location. They are currently at 4.3.11 and would like to upgrade the FortiOS

 

5.2 or 5.4? I've looked and have not found anything outlining pros and cons of each. I'm sort of leaning to 5.2, but would like some input.

 

Thanks in advance....CB

3 Solutions
Pathfinder
New Contributor III

Hi CB

 

As long as I know, FortiOS 5.4.x is still full of bugs. Some major settings don't work in GUI, so you have to change them in CLI-Console. The whole IPsec VPN you have to setup on CLI, because GUI-Settings will not match.

 

I run very successfully 5.2.8 on my 100D. Tried to update to 5.2.10 but got back to 5.2.8 because i had unstable IPsec-Tunnels and also Problems with connecting softclients to SSL-VPN.

 

Hope, that helps you.

Regards, Marc

View solution in original post

MikePruett
Valued Contributor

Push it to 5.4.x using the proper upgrade path and enjoy the feature additions.

 

The older code is either EOL or going EOL and fortinet TAC seems to stay spun up on the current stuff a little better than the older. So in the event of support you may be better off with the newer.

 

In regards to memory utilization I have surprisingly seen devices use LESS memory in my situations as I upgrade. I am assuming that is due to memory leak issues and more efficient handling of things.

 

That's just my opinion though.

View solution in original post

Mike Pruett Fortinet GURU | Fortinet Training Videos
prouzier
New Contributor

If I were you, I would go 5.4. Its a world of difference between 2 and 4, and the later is much better in my opinion. So if you don't know either one, go for the latest one. And 5.6 is already in Beta, can't imagine what that will be like.

View solution in original post

10 REPLIES 10
Pathfinder
New Contributor III

Hi CB

 

As long as I know, FortiOS 5.4.x is still full of bugs. Some major settings don't work in GUI, so you have to change them in CLI-Console. The whole IPsec VPN you have to setup on CLI, because GUI-Settings will not match.

 

I run very successfully 5.2.8 on my 100D. Tried to update to 5.2.10 but got back to 5.2.8 because i had unstable IPsec-Tunnels and also Problems with connecting softclients to SSL-VPN.

 

Hope, that helps you.

Regards, Marc

ede_pfau

Staying with the v4.3 branch might have the advantage of smaller memory consumption. Of course, v4.3 is EOL for long now but I still run a couple of FGTs on v4.3.19.

v5.2 will be EOL this summer.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
MikePruett
Valued Contributor

Push it to 5.4.x using the proper upgrade path and enjoy the feature additions.

 

The older code is either EOL or going EOL and fortinet TAC seems to stay spun up on the current stuff a little better than the older. So in the event of support you may be better off with the newer.

 

In regards to memory utilization I have surprisingly seen devices use LESS memory in my situations as I upgrade. I am assuming that is due to memory leak issues and more efficient handling of things.

 

That's just my opinion though.

Mike Pruett Fortinet GURU | Fortinet Training Videos
Paul_S

Pathfinder wrote:

Hi CB

 

As long as I know, FortiOS 5.4.x is still full of bugs. Some major settings don't work in GUI, so you have to change them in CLI-Console. The whole IPsec VPN you have to setup on CLI, because GUI-Settings will not match.

 

I run very successfully 5.2.8 on my 100D. Tried to update to 5.2.10 but got back to 5.2.8 because i had unstable IPsec-Tunnels and also Problems with connecting softclients to SSL-VPN.

 

Hope, that helps you.

Regards, Marc

can you elaborate on your VPN issues with 5.2.10? is there a discussion somewhere the focuses on those issues?

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
Pathfinder
New Contributor III

Hi Paul

Sorry for my late answer. I was in holydays the last two weeks.

My problem with 5.4.1 was, that i was not able to GUI-setup a fully functionally ipsec-vpn from my business fg100d to my private fw30d at home. Fortinet-Support told me that GUI-Setup for IPSec will not work on 5.4.1, that i nedt to setup the tunnel in CLI-Console. That is huge work and lot of possible traps. That's why i got back to 5.2.8.

My private fw30d now runs with 5.4.4 very well, but since upgrading i did not try to setup an ipsec-vpn. Hope it will work, when i need setup an IPSec in future.

 

Regards, Pathfiner

Baptiste

Hi, I use 5.4.3/5.4.4 on remote site with 60E, no problem so far on GUI setup for ipsec

 

on main site, 100D running 5.2.10, no pb with ipsec also or softclient VPNSSL

2 FGT 100D  + FTK200

3 FGT 60E  FAZ VM  some FAP 210B/221C/223C/321C/421E

2 FGT 100D + FTK200 3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
Paul_S

thank you both. I upgraded from 5.2.5 > 5.2.7 > 5.2.9 > 5.2.10 without any major issues. so I am happy.

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5  |  Fortimail 5.3.11 Network+, Security+

FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
prouzier
New Contributor

If I were you, I would go 5.4. Its a world of difference between 2 and 4, and the later is much better in my opinion. So if you don't know either one, go for the latest one. And 5.6 is already in Beta, can't imagine what that will be like.

sazi
New Contributor

Tomorrow, we'll upgrade our 100D from 5.0.13 to 5.2.10 and after to 5.4.4.

We'd a lot of VIPs, +100 policies, 11 FortiAPs, IPsec VPN, SSL VPN, Policies Routes, AD SSO...

 

So, let's cross the fingers 

 

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors