- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgrading 100D from 4.3.11 to 5 - 5.2 or 5.4?
I'm going to visit some 100Ds in a rather remote location. They are currently at 4.3.11 and would like to upgrade the FortiOS
5.2 or 5.4? I've looked and have not found anything outlining pros and cons of each. I'm sort of leaning to 5.2, but would like some input.
Thanks in advance....CB
Solved! Go to Solution.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi CB
As long as I know, FortiOS 5.4.x is still full of bugs. Some major settings don't work in GUI, so you have to change them in CLI-Console. The whole IPsec VPN you have to setup on CLI, because GUI-Settings will not match.
I run very successfully 5.2.8 on my 100D. Tried to update to 5.2.10 but got back to 5.2.8 because i had unstable IPsec-Tunnels and also Problems with connecting softclients to SSL-VPN.
Hope, that helps you.
Regards, Marc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Push it to 5.4.x using the proper upgrade path and enjoy the feature additions.
The older code is either EOL or going EOL and fortinet TAC seems to stay spun up on the current stuff a little better than the older. So in the event of support you may be better off with the newer.
In regards to memory utilization I have surprisingly seen devices use LESS memory in my situations as I upgrade. I am assuming that is due to memory leak issues and more efficient handling of things.
That's just my opinion though.
Mike Pruett
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I were you, I would go 5.4. Its a world of difference between 2 and 4, and the later is much better in my opinion. So if you don't know either one, go for the latest one. And 5.6 is already in Beta, can't imagine what that will be like.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi CB
As long as I know, FortiOS 5.4.x is still full of bugs. Some major settings don't work in GUI, so you have to change them in CLI-Console. The whole IPsec VPN you have to setup on CLI, because GUI-Settings will not match.
I run very successfully 5.2.8 on my 100D. Tried to update to 5.2.10 but got back to 5.2.8 because i had unstable IPsec-Tunnels and also Problems with connecting softclients to SSL-VPN.
Hope, that helps you.
Regards, Marc
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Staying with the v4.3 branch might have the advantage of smaller memory consumption. Of course, v4.3 is EOL for long now but I still run a couple of FGTs on v4.3.19.
v5.2 will be EOL this summer.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Push it to 5.4.x using the proper upgrade path and enjoy the feature additions.
The older code is either EOL or going EOL and fortinet TAC seems to stay spun up on the current stuff a little better than the older. So in the event of support you may be better off with the newer.
In regards to memory utilization I have surprisingly seen devices use LESS memory in my situations as I upgrade. I am assuming that is due to memory leak issues and more efficient handling of things.
That's just my opinion though.
Mike Pruett
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Pathfinder wrote:can you elaborate on your VPN issues with 5.2.10? is there a discussion somewhere the focuses on those issues?Hi CB
As long as I know, FortiOS 5.4.x is still full of bugs. Some major settings don't work in GUI, so you have to change them in CLI-Console. The whole IPsec VPN you have to setup on CLI, because GUI-Settings will not match.
I run very successfully 5.2.8 on my 100D. Tried to update to 5.2.10 but got back to 5.2.8 because i had unstable IPsec-Tunnels and also Problems with connecting softclients to SSL-VPN.
Hope, that helps you.
Regards, Marc
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Paul
Sorry for my late answer. I was in holydays the last two weeks.
My problem with 5.4.1 was, that i was not able to GUI-setup a fully functionally ipsec-vpn from my business fg100d to my private fw30d at home. Fortinet-Support told me that GUI-Setup for IPSec will not work on 5.4.1, that i nedt to setup the tunnel in CLI-Console. That is huge work and lot of possible traps. That's why i got back to 5.2.8.
My private fw30d now runs with 5.4.4 very well, but since upgrading i did not try to setup an ipsec-vpn. Hope it will work, when i need setup an IPSec in future.
Regards, Pathfiner
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi, I use 5.4.3/5.4.4 on remote site with 60E, no problem so far on GUI setup for ipsec
on main site, 100D running 5.2.10, no pb with ipsec also or softclient VPNSSL
2 FGT 100D + FTK200
3 FGT 60E FAZ VM some FAP 210B/221C/223C/321C/421E
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
thank you both. I upgraded from 5.2.5 > 5.2.7 > 5.2.9 > 5.2.10 without any major issues. so I am happy.
FG200D 5.6.5 (HA) - primary [size="1"]FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x [Did my post help you? Please rate my post.][/size] FAZ-VM 5.6.5 | Fortimail 5.3.11 Network+, Security+
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If I were you, I would go 5.4. Its a world of difference between 2 and 4, and the later is much better in my opinion. So if you don't know either one, go for the latest one. And 5.6 is already in Beta, can't imagine what that will be like.
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Tomorrow, we'll upgrade our 100D from 5.0.13 to 5.2.10 and after to 5.4.4.
We'd a lot of VIPs, +100 policies, 11 FortiAPs, IPsec VPN, SSL VPN, Policies Routes, AD SSO...
So, let's cross the fingers