Next Generation Firewall (NGFW)

 View Only
Expand all | Collapse all

Upgrading 100F running 6.2.3 to either 6.2.10 or 6.4.8

  • 1.  Upgrading 100F running 6.2.3 to either 6.2.10 or 6.4.8

    Posted Mar 03, 2022 09:17 AM
    Hello All,

    We have been told upgrade our 100F running 6.2.3 to 6.2.10 to fix a SSLVPN DHCP issue. I have been reading and a lot of the suggestions are to go with the 6.4.x train. I was wondering if anyone had any issues with moving from 6.2 to 6.4 and if moving to 6.4 is the correct thing to do.

    We are running 2 100F's in an HA pair and I would break the HA pair, upgrade one of the 100F's to the latest firmware version (either 6.2.10 or 6.4.8), schedule some downtime and put the upgraded 100F in service to give me a fall-back plan in case there is some issue with the firmware upgraded version.

    Thanks for your time,
    Matt


  • 2.  RE: Upgrading 100F running 6.2.3 to either 6.2.10 or 6.4.8

    Posted Mar 04, 2022 12:45 PM
    The 6.4 train has been very good.  One of my customers has been running 6.4.8 on a pair of 1800F's for a few months and it's been solid.

    I also have a 100F that has been stable since 7.0.5.  I had severe issues with 7.0.2 and 7.0.3 and had to stay on 7.0.1 for a while but everything has been stable in the three weeks since going to 7.0.5.

    Regarding your fallback plan another option would be to leave the HA pair intact but download the 6.2.3 image from the Fortinet support site and keep it on hand and proceed with upgrading to 6.4.8 (there will be multiple upgrades required from 6.2.3), taking a backup of the config at each upgrade along the way.  Then, if you have any trouble with 6.4.8, simply load 6.2.3 and restore the config you saved from 6.2.3.


  • 3.  RE: Upgrading 100F running 6.2.3 to either 6.2.10 or 6.4.8

    Posted Mar 07, 2022 08:03 AM
    Thanks Mark. How easy is it to load an older version of firmware? It looks like as long as I have the 6.2.3 firmware file I can downgrade through the GUI.


  • 4.  RE: Upgrading 100F running 6.2.3 to either 6.2.10 or 6.4.8

    Posted Mar 07, 2022 08:24 AM
    Correct, it's very easy to downgrade.  Go to System -> Firmware and upload the 6.2.3 image, which will trigger a reboot.  After the unit comes back up, restore your 6.2.3, which will trigger another reboot and that's it.


  • 5.  RE: Upgrading 100F running 6.2.3 to either 6.2.10 or 6.4.8

    Posted Mar 04, 2022 12:58 PM
    I concur on 6.4.8 being very stable. The lowest risk will be going to 6.2.10. There are also a few security reasons to push up from 6.2.3 to 6.210. You can address your bug issue then plan out the move to 6.4.8 or as Mark said just keep the backups at each point. I like to push up from one code line such as 6.2 to 6.4 only when all starts off running fine and I need a feature, or I deem it is time. I am moving a final group of firewalls this weekend from 6.2.10 to 6.4.8. I have another group on 7.0.5 and all are fine so far but won't move the 6.4.8 ones to 7.0 till more like 7.0.8 unless I need a feature in 7.0.


  • 6.  RE: Upgrading 100F running 6.2.3 to either 6.2.10 or 6.4.8

    Posted Mar 07, 2022 10:21 AM
    Thanks Peter. I was thinking of taking this time to get on the 6.4.x since the upgrade path seems to be the same amount of firmware upgrades for 6.2.10 and 6.4.8. 
    Hope your upgrades went well this weekend