Best upgrade from v5.4.1
Please forgive my ignorance on this topic but I have been reading so many articles, threads, KB's, etc. that my head is spinning. I have inherited a site with a main corporate office and 3 satellite offices. All sites are using 60D Fortigate units, connected via IPSEC site to site VPN. All Fortigate units are on 5.4.1 firmware and there are users using IPSEC VPN from outside the office to connect to the network.
With the recent security threat that I have seen on various tech sites that say Fortigate VPN's are actively being exploited, I think it is time to patch.
First question, is the security threat a problem on only certain firmwares? I read that it only applies to SSL VPN. Since we don't use that, does it still apply to us?
Second, based on your experiences, what is the most stable version to upgrade to? Should I stay with the 5.4 family? I think there is version 5.4.11 that is out? Should I upgrade to 5.6 or just go to v6.x? Based on the best practices documents for firmware updates, do I really have to go through all the firmwares listed in order? I can't just jump on the latest version I want to go to?
Third, do I have to update all the Fortigates at the same time with the same firmware? Considering that we are a production company, taking down the Internet on 4 sites to update the firmwares may not be an option. Can I update them at various times and still maintain VPN connectivity?
Also do I have to update all the Forti Clients as well? Everyone uses v5.4.2 Forti Client software. Will that play nicely with the new firmware until I get around to updating the 40+ users?
Thank you in advance for any advice you have.