- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Which version of FortiOS should be used?
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Which version of FortiOS should be used?
Fortinet has an article posted about which FortiOS is recommended in comparison to hardware platforms (Technical Tip: Recommended Release for FortiOS - Fortinet Community). I have been wrecking my brain in trying to better understand what the philosophy is behind the recommendations. FortiOS 7.0 was released roughly 3 years ago (2021-03-30) and therefore has obviously the most bug fixes in it. But according to the product life cycle page it will reach the end of it's engineering support by the end of this month (2024-03-30, Fortinet Service & Support).
FortiOS 7.2 has been on the market for 2 years now (released 2022-03-31). I am surprised that it takes Fortinet roughly 2 years to finally recommend it's own software for usage. It almost seems like the only reason why Fortinet considers the recommendation for 7.2 now is because 7.0 has reached its EOES.
Does anyone know why Fortinet would not potentially recommend versions of the different OS levels? For instance:
- if you are running 7.0 we recommend 7.0.14
- if you are running 7.2 we recommend 7.2.8
- currently we don't recommend 7.4.x.
Is it possible that two or more versions of FortiOS exist that are both still under engineering support and get recommended? Is 2 years "normal" for bugfixes until a release is considered stable/mature?
Thank you in advance for any insights.
Solved! Go to Solution.
Labels:
- Labels:
-
FortiGate
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply. I am aware that certain hardware platforms / generations of firewalls support only up to certain versions of FortiOS. As you already pointed out some of the "D" series might support only FortiOS up to version 6.0.x and therefore it would make no sense to recommend to use a version 7.0.x code for those. However my question is for up-to-date firewalls that support the latest available FortiOS versions. If a Fortigate (lets say the 101F series) supports 7.0.x (3 year old), 7.2.x (2 year old), and 7.4.x (9 month old) then why is it that only FortiOS 7.0.x is recommended? How much time does it take for Fortinet to actually recommend a version? It is normal that a .0 or .1 release of software products are considered to be initial releases and should be used with caution but how long should it take to get a stable release? In the current situation it appears Fortinet does not recommend to use any of the FortiOS versions until they have been out on the market for 2 years. Or to say it different - customers should not expect to be able to use any new available features until 2 years after they were released.
In a direct message to me I did receive this response regarding when releases are considered mature:
- Typically Recommended Releases are also labeled as 'Mature' releases
- Significant field deployment of 40,000 or more FortiGates that have installed the recommended build.
- No high-severity vulnerabilities that are without mitigating steps or workarounds
These make sense but I see a problem with the 2nd bullet. Fortinet customers don't want to be "beta testers" and will only deploy stable/mature/recommended version - especially if they support large environments. This means Fortinet will not see a high adoption rate of new FortiOS versions for a long time which then again results in Fortinet not recommending the implementation because the deployment numbers are not reached. Maybe this needs to be thought over...
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Michael,
The recommendations are based on the Product as well as the vulnerability patch.
Few hardware (for example: D-series) cannot go beyond 7.0.x then the recommendation will be based on the latest vulnerability patch and the mature image in 77.0 versions.
Right now, all 7.4 versions are Feature-release and not mature releases. That's why you do not see it in the recommendations.
Best Regards,
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: 1,2,3,4,5,7
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: 1,2,3,4,5,7
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for your reply. I am aware that certain hardware platforms / generations of firewalls support only up to certain versions of FortiOS. As you already pointed out some of the "D" series might support only FortiOS up to version 6.0.x and therefore it would make no sense to recommend to use a version 7.0.x code for those. However my question is for up-to-date firewalls that support the latest available FortiOS versions. If a Fortigate (lets say the 101F series) supports 7.0.x (3 year old), 7.2.x (2 year old), and 7.4.x (9 month old) then why is it that only FortiOS 7.0.x is recommended? How much time does it take for Fortinet to actually recommend a version? It is normal that a .0 or .1 release of software products are considered to be initial releases and should be used with caution but how long should it take to get a stable release? In the current situation it appears Fortinet does not recommend to use any of the FortiOS versions until they have been out on the market for 2 years. Or to say it different - customers should not expect to be able to use any new available features until 2 years after they were released.
In a direct message to me I did receive this response regarding when releases are considered mature:
- Typically Recommended Releases are also labeled as 'Mature' releases
- Significant field deployment of 40,000 or more FortiGates that have installed the recommended build.
- No high-severity vulnerabilities that are without mitigating steps or workarounds
These make sense but I see a problem with the 2nd bullet. Fortinet customers don't want to be "beta testers" and will only deploy stable/mature/recommended version - especially if they support large environments. This means Fortinet will not see a high adoption rate of new FortiOS versions for a long time which then again results in Fortinet not recommending the implementation because the deployment numbers are not reached. Maybe this needs to be thought over...
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi @MichaelHinz
Fortigate-100F V6.2.3
Fortigate-60F V6.0.11
i want to upgrade above version , can you please help me , which latest version suitable for above models
Created on 05-27-2024 04:25 PM Edited on 05-27-2024 04:26 PM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Fortinet themselves recommend the following versions for your hardware based on this article (Recommended Release for FortiOS - Fortinet Community:(
100F V7.2.7
60F V7.2.7
The versions you are running a pretty old and no longer officially supported by Fortinet. FortiOS 6.0 was released in 2018 and support stopped in 2022. FortiOS 6.2 was released in 2019 and support stopped in 2023. (Fortinet Service & Support)
Based on Fortinet's recommendation I would at minimum consider 7.2.x as the version to go to. 7.4.x was released last summer (2023) and is still considered fairly new. 7.6.x will be released in June and going to the first released of a brand new version is always a risk.
I don't know what features you use in your Fortigates that will also make a difference. If you have a contract with Fortinet you can ask them to do a "bug scrub" for you. Here you would submit a configuration of a Fortigate to them and they will check it against known issues with the FortiOS you are planning to upgrade to. You will receive a report if known issues (with i.e. 7.2.x or 7.4.x) are known that would affect your configuration and then you can make a decision. Regardless of what the recommendation is - ALWAYS test the new version before rolling it out to a lot of firewalls.
Another best practice to do is to read the "known issues" section of the release notes of the version you are planning to go. For example is the current latest 7.2.8 version release notes you will find this bug (Known issues | FortiGate / FortiOS 7.2.8 | Fortinet Document Library:(
901721 | In a certain edge case, traffic directed towards a VLAN interface could trigger a kernel panic. |
Fortinet has released a special build to address this issue but you can't get that via the portal. If you want it you have to open a ticket with Fortinet and ask for it.
Alternative - wait for 7.2.9 which is scheduled for likely July and hope that this one has no bugs....
Hope this was informative :)
Related Posts
- S2S VPN Traffic from a 1GB... 94 Views
- SNMP don't response traffic 189 Views
- BUG ZTNA GeoLocation and ZTNA Tag... 38 Views
- FortiClient on Windows 11 failed to... 101 Views
- FortiOS 7.2.8 and FSSO agent 94 Views
Labels
-
FortiGate
6,925 -
FortiClient
1,365 -
5.2
801 -
5.4
639 -
FortiManager
598 -
FortiAnalyzer
438 -
6.0
416 -
5.6
362 -
FortiAP
361 -
FortiSwitch
357 -
FortiClient EMS
280 -
FortiMail
269 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
168 -
6.4
128 -
FortiNAC
122 -
FortiGuard
111 -
IPsec
97 -
FortiGateCloud
91 -
FortiSIEM
91 -
SSL-VPN
85 -
FortiCloud Products
85 -
FortiToken
75 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
63 -
FortiProxy
48 -
FortiADC
45 -
FortiEDR
42 -
SD-WAN
41 -
Fortivoice
41 -
FortiDNS
37 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiSwitch v6.4
32 -
Firewall policy
31 -
VLAN
27 -
High Availability
27 -
FortiAuthenticator
26 -
FortiConnect
24 -
FortiWAN
23 -
ZTNA
21 -
FortiConverter
21 -
FortiGate v5.2
19 -
DNS
19 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
SAML
17 -
LDAP
17 -
Certificate
17 -
BGP
16 -
VDOM
16 -
FortiMonitor
14 -
Interface
14 -
Logging
14 -
Authentication
13 -
FortiGate v5.0
13 -
FortiLink
13 -
Routing
13 -
FortiDDoS
13 -
FortiCASB
12 -
NAT
11 -
RADIUS
10 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Fortigate Cloud
10 -
Virtual IP
10 -
SSO
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
SSID
8 -
FortiBridge
8 -
WAN optimization
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
IP address management - IPAM
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Traffic shaping policy
6 -
Web application firewall profile
6 -
Proxy policy
5 -
Packet capture
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Antivirus profile
4 -
Automation
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
FortiDeceptor
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 986 | |
| 821 | |
| 457 | |
| 440 | |
| 131 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.