Update from 5.4 to 6.0

maicon_pereira1 · ‎02-12-2019

Hello, I need update my box FGT1500D from 5.4.5 to 6.0.4 version. So I wonder how is better way to reach this ?

I think I have to format my box upload 6.0.4 firmware and reconfigure all from zero. but, at the support page tips to do step-by-step from 5.4.5 >5.6.2>5.6.6>6.0.4 by Web interface.

Anyone update from 5.4 version to 6.0 version ? How Have you done ?

Toshi_Esumi · ‎02-12-2019

In addition to SMabille's warning, if your config has zones that include both a parent interface(non-tagged) and vlan subinterfaces, all members of the zones would be thrown out when you upgrade it from 5.4.x to 5.6.2, and you can't configure it even manually due to a bug. It's fixed with 5.6.6.

To avoid this you need to find a path to get to 5.4.10 then from there you can jump to 5.6.6 directly.

View solution in original post

Seppel · ‎02-12-2019

hi

you do not need to format the box. the recommended way on the support side usually works without problems. I

already mentioned that you should create a backup before :)

regards

Fortigate 500E HA Fortimail 200 Fortimanager

FortiEMS

FortiSandbox 1000D

FortiSwitch Network Some other Models in use :-) ---------------------------------------------------- FCSE ----------------------------------------------------

SMabille · ‎02-12-2019

If you want to keep (and upgrade) the current configuration you must use the upgrade path AND check at each step if there is any upgrade error (diag debug config-error-log read). From experience it's particularly tricky from 5.2 to 5.6 if you are using wildcard FQDN (that wasn't a different object type in 5.2, introduced in 5.4 and enforced in 5.6 if I remember right). If you were using those and didn't change the type / fixed the config-error-log it's going to snowball, those object won't be created, any group using those object won't be created, any policy using non created objects or group won't be migrated either. So you might end with a massive and very unpleasant to fix error list.

If you want like you original post seems to suggest starting from scratch you might want to factory reset you box then apply the 6.0.4 firmware by tftp (or from GUI) and redo a factory-reset after just to be sure.

Toshi_Esumi · ‎02-12-2019

In addition to SMabille's warning, if your config has zones that include both a parent interface(non-tagged) and vlan subinterfaces, all members of the zones would be thrown out when you upgrade it from 5.4.x to 5.6.2, and you can't configure it even manually due to a bug. It's fixed with 5.6.6.

To avoid this you need to find a path to get to 5.4.10 then from there you can jump to 5.6.6 directly.

maicon_pereira1 · ‎02-12-2019

Thanks guys, I think I will be format my Box and upload new Firmware by TFTP.I think I'm going get better.

SMabille · ‎02-12-2019

Keep in mind you won't be able to do a restore (cut and paste for some of your config can always be useful). Suspect it's a good opportunity to cleanup rules and object but I suspect on a 1500D that you got quite a relatively large config.

maicon_pereira1 · ‎02-13-2019

Yes, as well as to use script for automation

Alexis_G · ‎02-14-2019

Hi

Is there a reason to go to 6.0.4 ? a bug you need to fix ? Otherwise i would recomend to upgrade to latest 5.4.x

FGT1500D is fine in 5.4. (nor 5.6.x nor 6.0.x still imature).

You do noot need to erase the box.

You take configuration backup after every upgrade, you upload backup, Primary sends the upgrade to Standby (if clustered) and then the Primary is upgraded. Upgrade in Fortinet is smooth (have done many in lot of different boxes)

--------------------------------------------

If all else fails, use the force !