- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiOS Upgrade Experience and Recommendation
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS Upgrade Experience and Recommendation
Hi,
In our network we have a mix of FG200D, FG60E and FG200E firewalls all managed by a single FMG VM. Currently we are running latest version of 5.4 across all devices and FMG.
In the past we have been reluctant to move to the latest major release, at least until after a few minor releases to fix bugs. Taking this into consideration, we are contemplating upgrading to the latest of either 5.6 or 6.0 and would like to know your experience and recommendation. Are there issues with 6.0 making it more sensible to go the 5.6 route, at least for now?
Your time is appreciated.
Thank you,
LarW63
Solved! Go to Solution.
1 Solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, thank you all for your input.
Generally, our implementation is fairly straight forward with quite a few Site-Site VPNs and lengthy policy-sets all running over a couple of VDOMs. The only thing really out of the ordinary is that we are running a significant Multicast implementation throughout the network.
With 5.4, there are a few bugs with the Multicast implementation, in which we have workarounds in place.
Given the research and feedback, I'm favoring upgrading to v5.6.7 over v6.0.x... at least for now.
Larry
4 REPLIES 4
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
That's always a difficult and tricky question unless the latest major version is still x.x.0, .1 or .2. Current latests are now 5.6.7 and 6.0.3. We just recently up graded our FGs in our core network to 5.6.6 then one of them encountered wad memory leak issue and upgraded others to 5.6.7. But also encountered a GUI slowness and config loss related to it but the bug fix was only on 6.0.3 at this moment. But if we go to 6.0.3 now I need to expect more like these.
Depending on what features are used and how they're used on each FG, 6.0.3 might work perfectly fine with your FGs while you might experience with 5.6.7.
But we regularly go up to the next major version and wait at least one year then consider going up to the next major version. We keep checking release-notes every time they release a new version, and listen to problem reports on this forum.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
You have no clue as to what issues will|may arise in any major release updates. Review the release notes and if you have a dev lab test if you have a complex environment or using advance features. If your using a basic firewall services , I would not worry too much gong from 5.4 to 5.6 or 6.0
Ken Felix
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi
It depends on your configuration what the impact will be.
We are waiting always at least 3 minor version before we upgrade to an new Feature release. (Because we like to be up to date and want the latest features)
We are now on 5.6.7 and thats the stable train and works fine.
FortiAnalyzer / 6.4.0
FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6
FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E / 100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0
FortiWeb VM / 6.3.2
FortiManager VM / 6.4.0
FortiAnalyzer / 6.4.0
FortiClient / 6.2.6 FortiClient EMS VM / 6.2.6
FortiGate 300D HA 6.2.4 FortiGate 500E HA 6.2.4 FortiGate 30E / 60E /
100E / 6.0.9 FortiMail VM HA / 6.4.0 FortiSandbox VM / 3.2.0
FortiWeb VM / 6.3.2
FortiManager VM / 6.4.0
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ok, thank you all for your input.
Generally, our implementation is fairly straight forward with quite a few Site-Site VPNs and lengthy policy-sets all running over a couple of VDOMs. The only thing really out of the ordinary is that we are running a significant Multicast implementation throughout the network.
With 5.4, there are a few bugs with the Multicast implementation, in which we have workarounds in place.
Given the research and feedback, I'm favoring upgrading to v5.6.7 over v6.0.x... at least for now.
Larry
Related Posts
- Discontinuation of FCNSP ERC codes for... 158 Views
- Upgrade from 7.0.14 to 7.2.7 449 Views
- New box, do I need to... 490 Views
- Fortigate and FortiAP Upgrade Recommendation 274 Views
- 'Installed firmware is not signed by... 311 Views
Labels
-
FortiGate
6,481 -
FortiClient
1,292 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
412 -
5.6
362 -
FortiSwitch
331 -
FortiAP
330 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
149 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
86 -
FortiCloud Products
82 -
FortiToken
69 -
IPsec
69 -
Customer Service
69 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
57 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
FortiConnect
23 -
FortiWAN
22 -
Firewall policy
22 -
High Availability
21 -
FortiConverter
21 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
FortiAuthenticator
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSID
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSL SSH inspection
5 -
Security profile
5 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
FortiDB
3 -
Port policy
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
TACACS
1 -
4.0MR1
1 -
NAC policy
1 -
SDN connector
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
FortiPAM
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
FortiManager-VM
1 -
Zone
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
Explicit proxy
1 -
System settings
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.