Hot!Change of the Fortigate Version for the root ADOM on the FAZ 5.6

Author
cmoro
New Member
  • Total Posts : 5
  • Scores: 0
  • Reward points: 0
  • Joined: 2017/03/08 00:49:31
  • Status: offline
2017/09/27 05:05:58 (permalink) 5.6
0

Change of the Fortigate Version for the root ADOM on the FAZ 5.6

Hello forum,
 
is there any way how to change a Fortigate version in the Root ADOM running on the FAZ 5.6? I did the upgrade from the version 5.4 to 5.6 but I cannot change the FG version for the root ADOM, thus I had to create a new ADOM and move the FG 5.6 to this ADOM. But then I have 2 ADOMs, the empty root ADOM and the ADOM for the FG 5.6 which I find fairly unnecessary.
 
Thank you for any hint.
 
Regards,
Jozef
#1
chall_FTNT
skyhigh
  • Total Posts : 281
  • Scores: 26
  • Reward points: 0
  • Joined: 2003/11/28 16:19:30
  • Status: offline
Re: Change of the Fortigate Version for the root ADOM on the FAZ 5.6 2017/10/02 13:17:01 (permalink)
0
The version # associated with an ADOM is not significant on the FortiAnalyzer, only on the FortiManager.  In our next patch releases of FAZ 5.4 & 5.6, we will be hiding the ADOM version to underline this.
 
As we say in the FAZ Best Practices guide (under "ADOM Design"), "You do not need to separate ADOMs by FortiOS versions."
#2
supportbristol
New Member
  • Total Posts : 1
  • Scores: 0
  • Reward points: 0
  • Joined: 2015/12/04 03:11:04
  • Status: offline
Re: Change of the Fortigate Version for the root ADOM on the FAZ 5.6 2017/10/06 04:13:20 (permalink)
0
Hi Jozef,
 
I just found your question while browsing this forum for another question I got. well that sounds like the FAZ has the same issue on 5.6 GA as the Manager has. I found a limitation which told me, that the FMG 5.6 GA has no way included to use the upgrade function for updating the root db/adom in this release. Since Fortinet develops both products very similar and combines features and the release of 5.6 for both products was on the same day, I wouldn't be surprised that the FAZ has the same limitation on 5.6 GA. so we will have to wait for a further bugfix release which might include the ability to upgrade the root adom.
 
you just have two options in the meanwhile, first thing you already figured out on your own is by creating another adom on 5.6 and move your devices into this area. the other option is to setup a new FortiAnalyzer based on 5.6 (if you're using it as a virtual device), or to perform a factoryreset on your hardware FAZ which is already on 5.6 and restore your backup data into it, then it should work with 5.6 root adom out of the box as there won't be another adom left in 5.6 per default :) 
 
hopefully this will be fixed in a higher version, but we can be glad that Fortinet finally has released the 5.6 upgrade after it was available for the Firewalls since months. 
 
best regards
Markus Eggeling
 
post edited by supportbristol - 2017/10/06 04:14:33
#3
Prab
Bronze Member
  • Total Posts : 56
  • Scores: 4
  • Reward points: 0
  • Joined: 2017/12/04 01:30:25
  • Status: offline
Re: Change of the Fortigate Version for the root ADOM on the FAZ 5.6 2018/08/10 07:14:11 (permalink)
0
Hi there,
 
The post seems to be old, but I shall just share my experience. I had a FMG with 5.6.0 with Root ADOM version 5.4, the policy package and databsae objects were created with 5.4 ADOM version.
The FortiGates managed by this FMG were also running 5.4.x firmware version.
 
My goal was to upgrade the FMG to 5.6.5 firmware version and FortiGates to 5.6.x version.
I faced some issues/bugs and most probably it was because of the 5.6.0 firmware version on FMG, which is too buggy.
The option to upgrade the Root ADOM was disabled or greyed out, even though the FMG & FGTs were on 5.6.x version.
 
The solution for me was to perform the following steps:
(NOTE: Always follow the upgrade path, else you shall have a lot of fortifun ;) )
 
  1. Update the FortiGates to 5.6.x version (followed the upgrade path)
  2. Synchronise the device configuration
  3. Upgrade the FMG from 5.6.0 to 5.6.5 version. This step was required because with 5.6.0 version, I could not upgrade the Root Adom as the option was greyed out
  4. Now upgrade the Root ADOM from 5.4 to 5.6
  5. After the upgrade of ADOM to 5.6 version, I was able to install policy packages on the FortiGates
 
Hope it helps.
Thanks & regards,
Prab :)
 
#4
Jump to:
© 2018 APG vNext Commercial Version 5.5