Hot!Upgrade path 5.2.10 to 5.6.5 or 5.2.10 to 5.4.9

Author
Paul S
Gold Member
  • Total Posts : 163
  • Scores: 8
  • Reward points: 0
  • Joined: 2011/05/02 16:49:52
  • Status: offline
2018/08/17 14:37:41 (permalink)
0

Upgrade path 5.2.10 to 5.6.5 or 5.2.10 to 5.4.9

I am planning and preparing to upgrade my FG200D HA cluster (2 units). current version is 5.2.10.
 
Question 1) Do you guys find the support.fortinet.com upgrade path tool reliable?
I ask this question because using the tool for 5.2.10 to 5.6.5 is kind of weird (5.2.10 > 5.4.6 > 5.6.3 > 5.6.5)
I was thinking (5.2.10 > 5.2.12 > 5.4.9 > 5.6.5).  I just want to make sure I avoid the IPSEC bug in the upgrade to 5.6.4.
 
Question 2) Would you risk 5.6.5 or stick with 5.4.9?  I don't have any zones in 5.2.x do I don't think I need to worry about the zone VLAN interface bug. I would like to use the 5.6.x feature that allows address objects in the policy routes.

FG200D 5.2.10 (HA) - primary
FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.]
FAZ-VM 5.4.2  |  Fortimail 5.3.8
Network+, Security+
#1
emnoc
Expert Member
  • Total Posts : 4988
  • Scores: 306
  • Reward points: 0
  • Joined: 2008/03/20 13:30:33
  • Location: AUSTIN TX AREA
  • Status: online
Re: Upgrade path 5.2.10 to 5.6.5 or 5.2.10 to 5.4.9 2018/08/17 15:07:51 (permalink)
0
Follow the migration  tool and more importantly read the  release notes ;)
 
As far as even one, I would go 5.6 since most items have been shake out and it quite developer for the 2nd to last train.
 

PCNSE,  NSE , Forcepoint ,  StrongSwan Specialist
#2
Toshi Esumi
Expert Member
  • Total Posts : 1118
  • Scores: 66
  • Reward points: 0
  • Joined: 2014/11/06 09:56:42
  • Status: offline
Re: Upgrade path 5.2.10 to 5.6.5 or 5.2.10 to 5.4.9 2018/08/17 15:13:22 (permalink)
0
I think (not sure) the tool is showing just one possible upgrade path simply based on the fact that each step of the upgrade is supported, without considering in what kinds of bags are with the version, which might break previous config depending on the features configured and used.
Based on the assumption, I think (again) your educated discretion is necessary to modify the entire path from the one given by the tool to avoid some particular upgrade problems, by checking each step using the same tool since that information is no longer provided with release notes.
 
At this moment, at least I don't have any problems deploying 5.6.5 IF we didn't have zones with the parent and vlan sub-interfaces. Practically it's impossible to upgrade those FGTs in the field. However, that's the only issue holding us from upgrading the whole fleet of our FGTs. Others in the forum might have different opinions (likely).
#3
sw2090
Gold Member
  • Total Posts : 172
  • Scores: 10
  • Reward points: 0
  • Joined: 2017/06/14 01:27:25
  • Location: Regensburg
  • Status: offline
Re: Upgrade path 5.2.10 to 5.6.5 or 5.2.10 to 5.4.9 2018/08/19 23:43:10 (permalink)
0
Accoarding to the Fortinet Support portal:
 
Recommended Upgrade Path

Following is the recommended FortiOS migration path for your product.

Version Build Number
5.2.10  9428
5.2.12  9782
5.4.9    1202
 
Recommended Upgrade Path

Following is the recommended FortiOS migration path for your product.

Version   Build Number
5.2.10    9428
5.4.6      1165
5.6.3      1547
5.6.5      1600
post edited by sw2090 - 2018/08/19 23:44:25
#4
Paul S
Gold Member
  • Total Posts : 163
  • Scores: 8
  • Reward points: 0
  • Joined: 2011/05/02 16:49:52
  • Status: offline
Re: Upgrade path 5.2.10 to 5.6.5 or 5.2.10 to 5.4.9 2018/08/21 13:52:45 (permalink)
0
Thank you all for the feedback. I have been testing my upgrade at my desk on some similar hardware. My team decided we would go to 5.6.5 on 8/28/2018.
 
5.2.10 > 5.2.12 > 5.4.9 > 5.6.5   seems to work fine. All the config errors during upgrade seem to be minor things (dashboards, snmp, etc...)

FG200D 5.2.10 (HA) - primary
FWF50B' s 4.3.x, FG60D's 5.2.x, FG60E's 5.4.x                   [Did my post help you? Please rate my post.]
FAZ-VM 5.4.2  |  Fortimail 5.3.8
Network+, Security+
#5
Jump to:
© 2018 APG vNext Commercial Version 5.5