Supported upgrade paths for forti os 5.0.11

samarpitsri 1,249 views 21 slides Apr 27, 2015
Slide 1
Slide 1 of 21
Slide 1
1
Slide 2
2
Slide 3
3
Slide 4
4
Slide 5
5
Slide 6
6
Slide 7
7
Slide 8
8
Slide 9
9
Slide 10
10
Slide 11
11
Slide 12
12
Slide 13
13
Slide 14
14
Slide 15
15
Slide 16
16
Slide 17
17
Slide 18
18
Slide 19
19
Slide 20
20
Slide 21
21

About This Presentation

No description available for this slideshow.

Size: 229.82 KB
Language: en
Added: Apr 27, 2015
Slides: 21 pages

Slide Content

SupportedUpgradePathsforFortiOS™Firmware
VERSION 5.0.11

FORTINETDOCUMENT LIBRARY
http://docs.fortinet.com
FORTINET VIDEO GUIDE
http://video.fortinet.com
FORTINET BLOG
https://blog.fortinet.com
CUSTOMER SERVICE & SUPPORT
https://support.fortinet.com 
FORTIGATE COOKBOOK
http://cookbook.fortinet.com
FORTINET TRAINING SERVICES
http://www.fortinet.com/training
FORTIGUARD CENTER
http://www.fortiguard.com
END USERLICENSEAGREEMENT
http://www.fortinet.com/doc/legal/EULA.pdf
FEEDBACK
Email:[email protected]
Wednesday,April15,2015
SupportedUpgradePathsforFortiOS™Firmware
01-520-199976-20140917

TABLE OF CONTENTS
ChangeLog 4
Overview 5
PurposeofthisDocument 5
ScopeoftheDocument 5
LocationofUpgradePathdocumentsforotherproducts 6
Productcompatibility 6
SourceInformation 6
UsingtheUpgradeStepsTable 7
Releasenumbers 7
BuildNumbers 7
MaxValueIssue 8
Standalonevs.HAconfigurationupgrades 8
ParallelDevelopment 8
UpgradeMethods 8
UpgradingfromtheLocalDrive 9
UpgradingfromtheFortiGuardNetwork 9
Upgrade StepsTable 10
PotentialIssues 18
SpecialBuilds 18
WhyreadtheReleaseNotes? 18
Samplingofissues 18
ChangingofCategoryNumbers 18
HAVirtualMACAddressChanges 18
ChangingofLoggingSettings 19
Familiarfeaturesremovedorchanged 19
Combinationofvariablesthatproduceunexpectedresults 20

ChangeLog
Date ChangeDescription
2015-04-07 Addednewpotentialissueexample,updatedlinktoProductLifeCyclepage
2015-01-27 Updatedtoinclude5.0.11
2014-12-17 Updatedtoinclude5.0.10
2014-12-08 Newdocumenttemplate

Overview
PurposeofthisDocument
ThegoalofthisdocumentistomakeiteasierforyoutoupgradeyourFortiGateunitbyguidingyoutothemost
likelyintermediatefirmwareupgradesbetweenyourcurrentversionandthelatestversionofthefirmware.The
latestversionbeingtheonewiththehighestpatchnumberinthisversionbranch.
Sincemultipleversionsoffirmwareareoftendevelopedatthesametime,therearedifferentversionsofthe
upgradepathdocument,too.Thetitleofthedocumentwillindicatewhichversionofthefirmwareisthefinal
destinationoftherecommendedupgradepathoptions.Besurethatyouarelookingattheproperdocumentfor
yourobjective.Forinstance,ifyourgoalistoupgradetothelatestbuildofVersion5.0lookingattheUpgrade
Pathdocumentfor5.2mightgiveyousomeoptionsthatwouldappearconfusing.
Everytimeyouperformanupgradetothefirmwareyoushouldcarefullyreadtherelease
notesofthefirmwareyouareupgradingto.Releasenotesmayincludewarningsornotices
ofexceptions.Thereleasenotescanbefoundonthesupportsiteinthesamedirectoryas
thefirmware.TheFortinetSupportSitecanbefoundat:https://support.fortinet.com.
FormostdevicesthesestepswillshowthepathinstepsfromyourcurrentversiontothelatestVersion,MR,and
patch.ThestepsshownbytheUpgradeStepsTablearenottheonlypossiblepath,buttheyaresupportedand
havebeenoptimizedtoachievethelatestversionofthefirmwareinthefeweststeps.
SomeolderFortiGatehardwareplatformsdonothavetheresourcestoeffectivelyusethe
mostrecentfirmwareversionsandsodonotsupportfirmwareupdatespastacertainver-
sion.ToseeifyourdeviceisaffectedbythischecktheProductLifeCyclepagefoundat:
https://support.fortinet.com/Information/ProductLifeCycle.aspx
ScopeoftheDocument
ThescopeofthisdocumentislimitedtorecommendedupgradepracticesfortheFortiOSfirmware,whichisused
astheOperatingSystemforthefollowingproducts:
lFortiGate
lFortiWiFi
lFortiCarrier
ThisdocumentdoesnotincludetheupgradepathsforotherFortinetproductssuchas:
lFortiManager
lFortiAnalyzer.
Theseproductshavetheirownupgradepathdocumentation.
5 HardwareAcceleration

Overview
LocationofUpgradePathdocumentsforotherproducts
Otherupgradepathdocumentsareavailableforthefollowingproducts:
lFortiAnalyzer
lFortiManager
ThesedocumentsareavailablefromtheFortinetCustomerService&SupportSite,foundat
https://support.fortinet.com,inthesamedirectoryasthefirmwareimagesandReleaseNotes.
ExamplelinkstoUpgradeGuides:
lftp://support.fortinet.com/FortiManager/v5.00/5.0/5.0.9/fortimanager-v5.0.9-upgrade-guide.pdf
lftp://support.fortinet.com/FortiAnalyzer/v5.00/5.0/5.0.9/fortianalyzer-v5.0.9-upgrade-guide.pdf
Theabovelinksareexamplesonly,aseachfirmwarereleasefortheseproductshasitsowndocument.
Productcompatibility
ThisdocumentdoesnotincludeanyreferencestoreleasecompatibilitybetweenFortinetproducts.Thisisan
issuethatadministratorsofenvironmentswheredifferentFortinetproductsareusedshouldbeawareof.For
instance,aspecificversionofFortiManagerhasarangeofversionsofFortiGatethatitwillbecompatiblewith.If
theFortiGatesareupgradedwithoutverifyingthattheFortiManagerwillbecompatiblewiththem,asituation
couldarisewheretheFortiManagerwillnotbeabletomanagethosenewlyupgradedFortiGates.Ontheother
sideoftheequation,itisalsopossibletoupgradeaFortiManagerbeyondthecompatibilityrangeofsomeofthe
oldermodelsofFortiGate.
IfyouhavesomeoldermodelsofFortiGatethatcannotbeupgradedtocurrentreleasesoffirmware,andsome
brandnewmodelsofFortiGatethatcannotrunolderfirmware,thesituationcanarisewhereasingle
FortiManagerwillnotbeabletomanagealloftheFortiGatesintheenvironment.Thisisanissuethatthe
administratorneedstobeawareofwhenmakingdecisionsaboutwhichfirmwaretorun.
ThecompatibilitybetweenmodelsislistedintheReleaseNotesoftheproducts.Theseshouldbereadandthe
environmentshouldbeplannedoutasawhole.Itispossiblethatthereisnoonebestoption.Theadministrator
willhavetoweightheprosandconsofallofthevariablesandkeepinmindwhatthemostimportant
requirementsarefortheenvironment.
SourceInformation
Thesourcematerialforthedevelopmentoftheoftheupgradepathtableistheupgradeinformationsection
foundintheReleaseNotesthatarewrittenupforeachnewbuildoftheFortiOSfirmware.
Eachtimeafirmwarebuildcomesoutitistestedforcompatibilitywithsomeofthepreviousbuildsinboththe
currentversionandtheversionthatprecededit.Itisnot,howevernecessarilytestedwitheverysinglebuildin
thesetwoversions.Thetwo,sometimes3,versionsthataresupportedatthetimeofreleasearedevelopedin
parallelandnotincoordinatedschedulessoitispossiblethatthelatestbuildinversion5wasdevelopedlong
afteralowernumberedbuildinversion5.2.Inshort,theupgradetestingisdoneagainstbuildthatareavailable
atthetimeofrelease.Theupgradestepsmayattimesseemliketheyshouldbeabletomakelargerjumps,but
wewillonlyincludedupgradestepsthathavebeentestedandproventoworkinthosetests.
6 HardwareAcceleration

Overview
TheFortiOSUpgradepathdocumentisinitiallybasedonthecontentsoftheReleaseNotesdocumentsforthe
firmware,however,periodically,bugsorunexpectedcombinationsofconfigurationsarefoundthereveal
situationsthattheregularcompatibilitytestingdidnotaccountfor.Theseupdatesareincorporatedintothe
UpgradepathdocumentsometimeswithoutbeingincludedintorewritesoftheReleaseNotes.Whilethepaths
setforthintheReleaseNoteswillworkmostofthetimeformostconfigurations.Itisbesttotreattheupgrade
pathdocumentasthesaferandmorecorrectsource.
UsingtheUpgradeStepsTable
Wehavetriedtomakeusingthetableassimpleaspossible.
1.DeterminewhichreleaseiscurrentlyrunningonyourFortiGate.
2.Findthatrelease/buildinthelefthandcolumn.
3.Upgradefromonereleasetothenextbasedonthereleaseslistedinthatrow.
Releasenumbers
Overthelifeofthefirmware,thedesignationoftheindividualreleaseshaschangedbutthisdocumenttriesto
makethesedesignationsasconsistentandaseasytounderstandaspossible.
Originally,theversiondesignationwasmadeupofaVersion,possiblyamajorreleasewithinthatversionand
possibleapatchnumberwithinthatmajorrelease.Ifonewastryingtorefertooneofthelaterpatchesinalater
releaseofversion4ofthefirmwareitcouldbedescribedasVersion4MR3Patch18.
Tomakewritingthereleasenamesimplera'shorthand'developedusingthepatternx.x.x.Thenumbersshownin
thetablebelowareanabbreviatedformofthefirmwareversionnames.
1stNumber VersionNumber
2ndNumber MRNumber
3rdNumber PatchNumber
Example:3.7.10=Version3.0MR7Patch10
Recently,thelongerversionofdescribingthereleasewasdroppedinfavorofthesimplifiedformat.Soitisnot
FortiOSVersion5MR2Patch1.ItissimplyFortiOS5.2.1.Withinthetable,thesimplifiedversionisalwaysused
whendescribingthepath.
BuildNumbers
IncaseswherethereisnoindicationintheWeb-basedManagerwhattheversionorbuildnumberisyoucanget
thebuildnumberfromtheCLIbyenteringthecommand:
getsystemstatus
Thevalueintheoutputofthecommandfor“Branchpoint”willbethebuildnumber.
7 HardwareAcceleration

Overview
MaxValueIssue
Thereisarangeofbuildswherethemaximumnumberofsomeoftheobjectswaslowered,butthenafewbuilds
laterwasraisedbackup.Ifaconfigurationonadevicewastohaveanumberoftheseobjectsinexcessofthe
lowervaluewhendoinganupgradetherecouldbeissuesandevendatalosssotheupgradepathslistedare
designedtoavoidupgradingintothislowermaxvaluerangeeventhoughtheReleaseNotesstatethatupgrading
tothesefirmwarebuildsissupported.Whenthereleasenoteswerewrittentheactofincreasingthevalueswas
notforeseen.
Standalonevs.HAconfigurationupgrades
IfyoureadtheReleaseNotesforthefirmwareupgradesyouwillnoticeadiscrepancybetweenwhattheRelease
NotessayispossibleforupgradesandwhattheUpgradeStepsTableshows.
Inversion5thereisadifferenceinthestepsbetweenthepatchesdependingonwhetheryourFortiGatesetupis
inastandaloneoranHAconfiguration.IfyouhaveastandalonesetupyoucanupgradefromPatch3(5.0.3)
directlytoPatch5(5.0.5).However,ifyouareusinganHAsetupyouneedtoaddtheintermediatestepofgoing
toPatch4(5.0.4),otherwiseonlytheslaveunitintheconfigurationwillbeupgradedtoPatch5.
Inthetabledescribingthestepsinprogressingthroughtheupgradesthemostcautiouspathislisted.This
minimizesthepossibilityofconfusionforsomebodywhohasanHAclusterbutreadstheReleaseNotes,like
everybodyshould,butwasunawareoftheknownissuewiththeHAclusters.
ParallelDevelopment
Developmentofthefirmwareisusuallytakingplaceontwopathsatthesametime.Thereisdevelopmenttaking
placeonthelatestpath,aswellasthepreviousstablepath.Forinstanceifthelatestpathwas5.0.xthenthe
previousstablepaththatwouldstillbeindevelopmentwouldbe4.3.x.Thishas2significantramificationsasfar
asupgradesareconcerned.Thefirstisthatpatchesarestillbeingbuiltforeachofthesepaths.Thesecondis
thatbecausethisdevelopmentistakingplaceinparallelthenumberidentifiersforthebuildsdonotcorrespond
directlywiththesequenceinwhichthebuildscomeout.
Anexampleofthis,canbedemonstratedbythefactthatwhileversion5.0.0definitelycameafter4.3.0,4.3.15
wasreleasedafter5.0.4.ThisisthereasonthatoneFortiGatecanupgradedirectlyfrom4.3.15to5.0.5whilea
differentFortiGatestartingat5.0.0needstogothroughsomeintermediatestepstogettothesame5.0.5.
UpgradeMethods
TherearetwomethodsofprimarymethodsofupgradingthefirmwarethroughtheGUI;eitherfromalocalfile
thathasbeenpreviouslydownloadedorfromtheFortiGuardNetwork.
8 HardwareAcceleration

Overview
UpgradingfromtheLocalDrive
WhenuploadingthefirmwarefromthelocaldriveyoumustalreadyhavedownloadeditfromtheFortinetSupport
Siteathttps://support.fortinet.com/.OnceyouhaveloggedinwiththeaccountIDandpasswordthatwascreated
whenregisteringtheFortiGate,gototheDownloadsectionandselecttheiconforFirmwareimages.Fromthere
itisonlyamatterofselectingaproduct,suchasaFortiGateandthenselectingeitherHTTPSorFTPdownload.
Thelayoutofthefirmwarelistinginbothmethodsisahierarchicaltree.Forinstanceifyouwantedfirmware5.0.7
youwouldselectthev5.00directory,thenthe5.0directory,thenthe5.0.7directory.Onceinthedirectoryscroll
downuntilfindthecorrectfirmwarefilenameforyourspecificmodel.Theselectthefileyouwishtodownload.
Thefilenamesareintendedtobehelpfulindeterminingthecorrectfirmwareforthemodelyouneed.Hereare
someoftheconventionsfoundinthefilenames.
lFGT_=FortiGate
lFWF_=FortiWiFi
lPOE=PoweroverEthernet
lVM32/VM64=VirtualMachineversionsofthefirmware.The32and64referringtothebitarchitectureoftheOS.
FirmwaregoingdirectlyonaFortinetDevicewillhavethe.outextension.
UpgradingfromtheFortiGuardNetwork
Thepracticeofstrategicallyskippingsomefirmwareversionstooptimizethetimeandefficiencythatittakesto
gettothelatestversionisbasedonusingtheUpgradefrom:LocalHardDriveoption.Ifyoutrytousethe
Upgradefrom:FortiGuardNetworkoptionyouwillnoticethattherearealimitednumberoffirmwarebuildsto
whichyoumayupgrade,ordowngrade.Thisisbecauseonlyoptionsthatarealwaysgoingtobesafeare
available.Thelogicbeingthatbecausetherearenointermediateoptionspossible,thenextconsecutivebuildwill
alwaysbeasafeoption.
Becauseofthislimitationinoptions,itmeansthatyouwillnotbeabletousetheUpgradefrom:FortiGuard
Networkoptiontoseeallofthesafeupgradeoptions.Youwilleitherhavetousetheincludedupgradepathtable
orstudytheReleaseNotes.
Thebuildsthatwillbeshownwillmostlikebeasfollows:
ForUpgrades:
lThenextbuildinthecurrentversiontrack
ForDowngrades:
lThepreviousbuildinthecurrentversiontrack.
lThelatestbuildinthepreviousversiontrack.
9 HardwareAcceleration

Upgrade StepsTable
Upgrade StepsTable
Starting
Version
Build#SupportedStepstoLatestBuildof5.0
EndofSupportDateforVersion5.0=November1,2015
5.0.11 310
Latest
Build
5.0.10 305 ►5.0.11
5.0.9 292 ►5.0.11
5.0.8 291 ►5.0.10►5.0.11
5.0.7 3608 ►5.0.10►5.0.11
5.0.6 271 ►5.0.10►5.0.11
5.0.5 252 ►5.0.7 ►5.0.10►5.0.11
5.0.4 228 ►5.0.7 ►5.0.10►5.0.11
5.0.3 208 ►5.0.4 ►5.0.7►5.0.10►5.0.11
5.0.2 179 ►5.0.3 ►5.0.4►5.0.7►5.0.10►5.0.11
5.0.1 147 ►5.0.3 ►5.0.4►5.0.7►5.0.10►5.0.11
5.0 128 ►5.0.2 ►5.0.3►5.0.4►5.0.7►5.0.10►5.0.11
EndofSupportDateforVersion4.0MR3=March19,2014
(unlessdevicedoesnotsupportFortiOSversion5.0)
4.0MR3
patch18
689 ►5.0.11
4.0MR3
patch17
688 ►5.0.11
4.0MR3
patch16
686 ►5.0.11
4.0MR3
patch15
672 ►4.3.18►5.0.11
4.0MR3
patch14
665 ►4.3.18►5.0.11
10 HardwareAcceleration

Upgrade StepsTable
Starting
Version
Build#SupportedStepstoLatestBuildof5.0
4.0MR3
patch13
664 ►4.3.18►5.0.11
4.0MR3
patch12
656 ►4.3.18►5.0.11
4.0MR3
patch11
646 ►4.3.18►5.0.11
4.0MR3
patch10
639 ►4.3.11►4.3.18►5.0.11
4.0MR3
patch9
637 ►4.3.11►4.3.18►5.0.11
4.0MR3
patch8
632 ►4.3.11►4.3.18►5.0.11
4.0MR3
patch7
535 ►4.3.11►4.3.18►5.0.11
4.0MR3
patch6
521 ►4.3.11►4.3.18►5.0.11
4.0MR3
patch5
513 ►4.3.11►4.3.18►5.0.11
4.0MR3
patch4
511 ►4.3.11►4.3.18►5.0.11
4.0MR3
patch3
496 ►4.3.11►4.3.18►5.0.11
4.0MR3
patch2
482 ►4.3.11►4.3.18►5.0.11
4.0MR3
patch1
458 ►4.3.11►4.3.18►5.0.11
4.0MR3 441 ►4.3.11►4.3.18►5.0.11
EndofSupportDateforVersion4.0MR2=April1,2013
4.0MR2
patch15
356 ►4.3.11►4.3.18►5.0.11
4.0MR2
patch14
353 ►4.3.6 ►4.3.11►4.3.18►5.0.11
4.0MR2
patch13
349 ►4.3.6 ►4.3.11►4.3.18►5.0.11
11 HardwareAcceleration

Upgrade StepsTable
Starting
Version
Build#SupportedStepstoLatestBuildof5.0
4.0MR2
patch12
346 ►4.3.6 ►4.3.11►4.3.18►5.0.11
4.0MR2
patch11
342 ►4.3.6 ►4.3.11►4.3.18►5.0.11
4.0MR2
patch10
338 ►4.3.6 ►4.3.11►4.3.18►5.0.11
4.0MR2
patch9
334 ►4.3.6 ►4.3.11►4.3.18►5.0.11
4.0MR2
patch8
328 ►4.3.6 ►4.3.11►4.3.18►5.0.11
4.0MR2
patch7
324 ►4.3.6 ►4.3.11►4.3.18►5.0.11
4.0MR2
patch6
320 ►4.3.6 ►4.3.11►4.3.18►5.0.11
4.0MR2
patch5
315 ►4.3.6 ►4.3.11►4.3.18►5.0.11
4.0MR2
patch4
313 ►4.3.6 ►4.3.11►4.3.18►5.0.11
4.0MR2
patch3
303 ►4.2.13►4.3.6►4.3.11►4.3.18►5.0.11
4.0MR2
patch2
291 ►4.2.13►4.3.6►4.3.11►4.3.18►5.0.11
4.0MR2
patch1
279 ►4.2.13►4.3.6►4.3.11►4.3.18►5.0.11
4.0MR2 272 ►4.2.13►4.3.6►4.3.11►4.3.18►5.0.11
EndofSupportDateforVersion4.0MR1=August24,2012
4.0MR1
patch10
217 ►4.3.5 ►4.3.11►4.3.18►5.0.11
4.0MR1
patch9
213 ►4.3.5 ►4.3.11►4.3.18►5.0.11
4.0MR1
patch8
209 ►4.2.15►4.3.11►4.3.18►5.0.11
4.0MR1
patch7
207 ►4.2.15►4.3.11►4.3.18►5.0.11
12 HardwareAcceleration

Upgrade StepsTable
Starting
Version
Build#SupportedStepstoLatestBuildof5.0
4.0MR1
patch6
205 ►4.2.15►4.3.11►4.3.18►5.0.11
4.0MR1
patch5
204 ►4.2.15►4.3.11►4.3.18►5.0.11
4.0MR1
patch4
196 ►4.2.15►4.3.11►4.3.18►5.0.11
4.0MR1
patch3
194 ►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
4.0MR1
patch2
192 ►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
4.0MR1
patch1
185 ►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
4.0MR1 178 ►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
EndofSupportDateforVersion4.0 =February24,2012
4.0patch4113 ►4.2.12►4.3.6►4.3.11►4.3.18►5.0.11
4.0patch3106 ►4.1.0 ►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
4.0patch299 ►4.0.4 ►4.2.12►4.3.6►4.3.11►4.3.18►5.0.11
4.0patch198 ►4.0.4 ►4.2.12►4.3.6►4.3.11►4.3.18►5.0.11
4.0 92 ►4.0.4 ►4.2.12►4.3.6►4.3.11►4.3.18►5.0.11
EndofSupportDateforVersion3.0MR7=July18,2011
3.0MR7
patch10
754 ►4.1.0 ►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
3.0MR7
patch9
753 ►4.1.0 ►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
3.0MR7
patch8
752 ►4.1.0 ►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
3.0MR7
patch7
750 ►4.1.0 ►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
3.0MR7
patch6
744 ►4.1.0 ►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
13 HardwareAcceleration

Upgrade StepsTable
Starting
Version
Build#SupportedStepstoLatestBuildof5.0
3.0MR7
patch5
741 ►4.0.4 ►4.2.12►4.3.6►4.3.11►4.3.18►5.0.11
3.0MR7
patch4
740 ►4.0.4 ►4.2.12►4.3.6►4.3.11►4.3.18►5.0.11
3.0MR7
patch3
737 ►4.0.4 ►4.2.12►4.3.6►4.3.11►4.3.18►5.0.11
3.0MR7
patch2
733 ►4.0.4 ►4.2.12►4.3.6►4.3.11►4.3.18►5.0.11
3.0MR7
patch1
730 ►4.0.0 ►4.0.4►4.2.12►4.3.6►4.3.11►4.3.18►5.0.11
3.0MR7 726 ►4.0.0 ►4.0.4►4.2.12►4.3.6►4.3.11►4.3.18►5.0.11
EndofSupportDateforVersion3.0MR6=February4,2011
3.0MR6
patch6
678 ►4.1.0 ►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
3.0MR6
patch5
677 ►4.0.4 ►4.2.12►4.3.6►4.3.11►4.3.18►5.0.11
3.0MR6
patch4
673 ►4.0.4 ►4.2.12►4.3.6►4.3.11►4.3.18►5.0.11
3.0MR6
patch3
670 ►3.6.6 ►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
3.0MR6
patch2
668 ►3.6.6 ►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
3.0MR6
patch1
662 ►3.6.6 ►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
3.0MR6 660 ►3.6.6 ►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
EndofSupportDateforVersion3.0MR5=July3,2010
3.0MR5
patch7
576 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
3.0MR5
patch6
575 ►3.5.7 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
14 HardwareAcceleration

Upgrade StepsTable
Starting
Version
Build#SupportedStepstoLatestBuildof5.0
3.0MR5
patch5
574 ►3.5.7 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR5
patch4
572 ►3.5.7 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR5
patch3
568 ►3.5.7 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR5
patch2
565 ►3.5.7 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR5
patch1
564 ►3.5.7 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR5 559 ►3.5.7 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
EndofSupportDateforVersion3.0MR4=December29,2009
3.0MR4
patch5
483 ►3.6.6 ►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
3.0MR4
patch4
480 ►3.5.7 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR4
patch3
479 ►3.5.7 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR4
patch2
477 ►3.5.7 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR4
patch1
475 ►3.5.7 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR4 474 ►3.5.7 ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
15 HardwareAcceleration

Upgrade StepsTable
Starting
Version
Build#SupportedStepstoLatestBuildof5.0
EndofSupportDateforVersion3.0MR3=October2,2009
3.0MR3
patch14
418
►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR3
patch13
417
►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR3
patch12
416
►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR3
patch11
416
►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR3
patch10
415
►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR3
patch9
413
►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR3
patch8
411
►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR3
patch7
410
►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR3
patch6
406
►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR3
patch5
405
►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR3
patch3
403
►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
3.0MR3 400
►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
16 HardwareAcceleration

Upgrade StepsTable
Starting
Version
Build#SupportedStepstoLatestBuildof5.0
Theversionsbelowarebeyondendofsupportdates
3.0MR2 319 ►3.3.14 ►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5►4.3.11
►4.3.18►5.0.11
3.0MR1 247 ►3.2.0 ►3.3.14 ►3.4.5 ►3.6.6►4.1.0►4.1.10 ►4.3.5
►4.3.11►4.3.18►5.0.11
2.80.11 unknown ►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18►5.0.11
2.80.X(X
<11)
unknown
►3.1.0 ►3.2.0 ►3.3.14 ►3.4.5 ►3.6.6►4.1.0►4.1.10 
►4.3.5►4.3.11►4.3.18►5.0.11
2.50.10 unknown
►2.80.11►3.7.10►4.1.0►4.1.10 ►4.3.5►4.3.11►4.3.18
►5.0.11
17 HardwareAcceleration

PotentialIssues
SpecialBuilds
Everynowandthena"SpecialBuild"iscreatedforsomespecificpurposeandsomecompanieswillputtheseinto
production.ThesespecialbuildsarenotpartofthenormalupgradepathQAprocessandthereforehaveagreater
riskof variancefromwhatisnormallyexpectedinanupgrade.Thetableoftheupgradepathisbasedonthe
ReleaseNotesoftheregularbuildsandmaynothaveincludedtestingagainsteveryspecialbuildaswell.Ifyou
arerunningaspecialbuild,beevenmorecautiousinupgradingthanyouwouldnormallybe.
WhyreadtheReleaseNotes?
Previouslyinthisdocument,itwasrecommendedthatbeforeupgradingfromoneversionofthefirmwaretoa
morerecentonethattheReleaseNotesberead.TogiveanindicationofhowimportantitistoreadtheRelease
Noteswewillprovideasamplingofsomeofthepossibleissuesthatmayhavetobedealtwithuponupgrading.
Tooffersomeclarificationonthecontentsofthissampling,someoftheseissueswereandareunavoidable
becauseofthenatureoftheconfigurationsoftheFortiGatedevicesandthenetworkstheywerein.Thereason
forreadingtheReleaseNotesistomakesurethatusersarepreparedforchangesorpotentialoutagesthatmay
occursothattheaffectedpartiescanbeforewarnedandtheissuescanbedealtwithinatimelymanner.
Samplingofissues
Thesearesomeissues,innoparticularorder,thathavebeenbroughttotheattentionoftheTechnicalAssistance
CenterortheDocumentationTeamthatcouldresultduringthecourseofafirmwareupgrade.
ChangingofCategoryNumbers
WhenlookingattheFortiGuardWebfiltercategoriesorApplicationcategoriesintheGUIweseetheniceeasily
understoodnamesthatindicatewhattheyrefertobutinthecodeofthefirmwarethesecategoriesarereferenced
byaintegerandnotatextstring.Periodicallythelistofcategorieschanges,whetherbythenumbergrowing
largerorsmalleritdoesn’tmatter.Ifthelistchangesthensodothevaluesofobjectsinthatlist.Ifyourpolicies
areeverythingiswideopenyouarenotlikelytoseeanissuebutiftherearecarefullycraftedrestrictionsinplace.
HAVirtualMACAddressChanges
HAvirtualMACaddressesarecreatedforeachFortiGateinterfacebasedonthatinterface’sindexnumber.
BetweenFortiOS4.3and5.0interfaceindexingchanged.AfterupgradingaclustertoFortiOS5.0thevirtual
MACaddressesassignedtoindividualFortiGateinterfacesmaybedifferent.Youcanusethegethardwarenic
<interface-name>commandtoviewthevirtualMACaddressofeachFortiGateinterface.
18 HardwareAcceleration

PotentialIssues
Thepracticalconsequencesofthiscouldbeseeninasituationwhere,inaverysecurityconsciousenvironment,
thereissomeblockingorallowedtrafficbasedonmacaddresses.Whenthefirewall’smacaddressisnotonthe
listofallowedaddressesanytrafficgoingthroughthefirewallislikelytobeproblematic.
ChangingofLoggingSettings
Therewasacasewhereupgradingafewbuildstoofar,inaveryspecificscenario,changedaloggingsetting.
Whengoingfromoneofthe4.3buildstooneoftheearlier5.0builds,VDOMpoliciesthatalsohadIPSprofiles
hadoneofthe logsettingchangefromloggingalltraffictologgingonlyUTMevents.Theupgradepathworksin
allotherrespects;itjustacaseofhavingtogothroughtheaffectedpoliciesandchangethesetting.
Oddlyenough,iftheupgradehadgoneallthewayto5.0.8,theissuewouldnothaveoccurred.
Familiarfeaturesremovedorchanged
WhilenotanissuethatwillpotentiallystoptheFortiGatefromworking,thisissuewillsometimesmakeit
worthwhiletokeepacloseeyeontheperformanceofyourFortiGateafteranupgradetomakesureeverythingis
stilldoingwhatitwasbeforetheupgrade.
Example:Logtrafficfunction
Forinstance,whenupgradingfrom4.3toversion5,thelogtraffic-startfunctionisdisabledbydefault.
Inversion4.3,theextended-traffic-logoptioninconfiglog
[memory|disk|fortianalyzer|syslog] filtercontrolledthesessionstartlogging.Inversion5.0,
thisiscontrolledbylogtraffic-startinthepolicysettings.Ifbeforetheupgrade,the"extended-traffic-log"
wasenabled,thelogtraffic-startinpolicysettingswillbedisabled.Moreoftenthannotthisisthe
defaultsettingofafteranupgrade..
Whileforsomeusersthelossofthisfunctionmaybeinconsequential,tootherusersthisfunctionmightbe
useful.ThisisanotherreasontoreadtheReleaseNotes;checkingtoverifythatfeaturescommonlyusedinyour
environmentwillbethereaftertheupgrade.
Example:DiskLogging
Inversion4.3,loggingtothelocaldiskwasonlypossibleifDiskLoggingwasenabledandbydefault,itwas
disabled.EnablingthefeaturecouldbedoneeitherthroughtheGUIortheCLI.In5.0,notonlywasthefeature
disabledbydefault,butenablingitcouldonlybedonethroughtheCLI,andeventhen,amessagewouldappear
statingthatLoggingtothelocaldiskcouldseriouslyimpactperformanceandthatitshouldnotbedone.Despite
thewarning,itwaspossibletooverridethedisablingofthefeatureandturniton.Inversion5.2,fordevicesthat
hadonlyasingleharddrive,itisnotpossibletooverridethedisablingofthefeature.Thefeatureisstillpartofthe
firmwareandavailablethroughtheCLI,justnottoallmodels.
ThisbringsupaninterestingsituationregardingtheReleaseNotes.Thefactthatthisfeaturewas,bydefault
disabledin5.0ismentionedintheReleaseNotesfor5.0.Because,thefeaturewasstilldisabledbetween5.0
and5.2,althoughmorestrictly,itwasnotreferredtotheReleaseNotesfor5.2.Ifoneissteadilyupgradingthe
firmwareondevicesastheycomeoutandreadingtheReleaseNotes,theevolutioncanbeseenandthisisnot
anissue.Butmakingthejumpfrom4.3to5.2,andnotreadingtheReleaseNotesoftheintermediatefirmware
buildscanleadtofindingafeaturemissingthatwasexpectedtobethere,ifyouhappentohaveoneofthe
specificmodelsaffected.
19 HardwareAcceleration

PotentialIssues
Combinationofvariablesthatproduceunexpectedresults
Everysinglepossibilityofvariablescannotbetested,soeverynowandthenaspecificcombinationofvariables
willproduceasideeffectthatiscompletelyunexpected.Mostofthetimethesesideeffectsmaynotevenbe
noticedbutoccasionallytherecanbesomelossoffunctionality.
OnesuchexampleofthisoccurswhenupgradingaFortiGate600Cfrom4.3.18to5.0.11.IftheFortiGateis
configuredtouseLinkAggregationControlProtocolandanupgradeisdonedirectlyfrom4.3.18to5.0.11,the
VLANsunderLACPwilldisappearandWiFimashdevicesshowupbelowit.
Inordertopreventthisfromhappeninganupgradeto5.0.7needstooccurbeforetheupgradeto5.0.11.The
reasonthatthispathisnotpartofthetable,isthatthissituationreferstoonly1modelandwithaparticular
configuration.
20 HardwareAcceleration

Copyright©2015Fortinet,Inc.Allrightsreserved.Fortinet®,FortiGate®,FortiCare®andFortiGuard®,andcertainothermarksareregisteredtrademarksofFortinet,
Inc.,intheU.S.andotherjurisdictions,andotherFortinetnameshereinmayalsoberegisteredand/orcommonlawtrademarksofFortinet.Allotherproductorcompany
namesmaybetrademarksoftheirrespectiveowners.Performanceandothermetricscontainedhereinwereattainedininternallabtestsunderidealconditions,and
actualperformanceandotherresultsmayvary.Networkvariables,differentnetworkenvironmentsandotherconditionsmayaffectperformanceresults.Nothingherein
representsanybindingcommitmentbyFortinet,andFortinetdisclaimsallwarranties,whetherexpressorimplied,excepttotheextentFortinetentersabindingwritten
contract,signedbyFortinet’sGeneralCounsel,withapurchaserthatexpresslywarrantsthattheidentifiedproductwillperformaccordingtocertainexpressly-identified
performancemetricsand,insuchevent,onlythespecificperformancemetricsexpresslyidentifiedinsuchbindingwrittencontractshallbebindingonFortinet.For
absoluteclarity,anysuchwarrantywillbelimitedtoperformanceinthesameidealconditionsasinFortinet’sinternallabtests.InnoeventdoesFortinetmakeany
commitmentrelatedtofuturedeliverables,features,ordevelopment,andcircumstancesmaychangesuchthatanyforward-lookingstatementshereinarenotaccurate.
Fortinetdisclaimsinfullanycovenants,representations,andguaranteespursuanthereto,whetherexpressorimplied.Fortinetreservestherighttochange,modify,
transfer,orotherwiserevisethispublicationwithoutnotice,andthemostcurrentversionofthepublicationshallbeapplicable.
Tags
Categories
General
Download
Download Slideshow Get the original presentation file
Quick Actions
Statistics
  • Views 1,249
  • Slides 21
  • Favorites 1
  • Age 3875 days
Related Slideshows
Pray For The Peace Of Jerusalem and You Will Prosper 22
Pray For The Peace Of Jerusalem and You Will Prosper
RodolfoMoralesMarcuc
32 views
Don_t_Waste_Your_Life_God.....powerpoint 26
Don_t_Waste_Your_Life_God.....powerpoint
chalobrido8
35 views
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf 31
VILLASUR_FACTORS_TO_CONSIDER_IN_PLATING_SALAD_10-13.pdf
JaiJai148317
32 views
Fertility awareness methods for women in the society 14
Fertility awareness methods for women in the society
Isaiah47
30 views
Chapter 5 Arithmetic Functions Computer Organisation and Architecture 35
Chapter 5 Arithmetic Functions Computer Organisation and Architecture
RitikSharma297999
29 views
syakira bhasa inggris (1) (1).pptx....... 5
syakira bhasa inggris (1) (1).pptx.......
ourcommunity56
30 views
View More in This Category