- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiOS 7.0
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiOS 7.0
Has anyone upgraded their firmware to version 7 yet?
Alfred Cruz
Alfred Cruz
10 REPLIES 10
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Yes, not in production, but in my home lab (from 6.4.5) no issues 'till now, everything working as before (so far)...
________________________________________________________
--- NSE 4 ---
________________________________________________________
________________________________________________________--- NSE 4
---________________________________________________________
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I'm still not ready to do it even at home. The early 6.4 releases kind of traumatized me, ha. Any cool stuff you've found that would justify the upgrade?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
No, just looking to try the Let's encrypt feature so far.
________________________________________________________
--- NSE 4 ---
________________________________________________________
________________________________________________________--- NSE 4
---________________________________________________________
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Xaxa, Let's Encrypt is the indeed most spoken about feature, as if the money was the only reason people didn't use proper SSL certificates until now ... which you could/can buy for 8-10$ a year basically )))
Somehow noone thinks that SSL certificates issued via LEt's Encrypt are logged forever and are visible to the whole Internet - easiest way to enumerate all your certifates/web sites especially internal ones. Makes an interesting reading searching with automated tools for Let's Encrypt certs for *.gov, domains ))
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
@Alfred - I installed in a Lab VM, but didn't find any real cool features to try on the live traffic so far. The only new and mystery feature - ZTNA is completely absent from the Fortinet documentation so far, so waiting for kb.fortinet.com to catch up to try it ...
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Yuri https://yurisk.info/ blog: All things Fortinet, no ads.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Yurisk!
Alfred Cruz
Alfred Cruz
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
"The early 6.4 releases kind of traumatized me, ha." LOL !
I upgraded one of my 80E and so far I've had no problems (crossing my fingers ?) But I did loose connection to my FortiManager. I was told by support that FortiManager firmware version 7 will not come out until next week, oh well...
Alfred Cruz
Alfred Cruz
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thanks Markus!
Alfred Cruz
Alfred Cruz
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I've done this. I had an old FG 60D on my home network, replaced it with a 60F so jumped up to the latest 7.0 so I could start learning it and many of the more advanced features of Fortigate I'd never gotten around to.
Two things caused me some pain, most of which were probably my own fault, and may not necessarily be related to 7.0 (the 60D only ran up to 6.0).
First, I've been using IPv6 at home for a long time, my 60D didn't have the prefix delegation stuff in the GUI so I had done it all in the CLI. So doing it in the GUI I was able to set an impossible configuration that could never work, where the interface's IPv6 subnet and the SLAAC delegated subnet don't overlap. I get a /56 from my ISP so have a lot of /64 subnets to work with.
This would be like having your own IPv4 interface address and the default gateway not on the same subnet as determined by the mask
Interface: VL6-INTERNAL (my internal VLAN)
IPv6 addressing mode: [Delegated]
IPv6 upstream prefix [wan1]
IPv6 subnet [::6:0:0:0:1/64] <-- the "6" is the important part
Later in Stateless Address Auto-configuration (SLAAC):
IPv6 delegated prefix list [On]
Upstream interface [wan1]
subnet [0::/64] <-- this is wrong
I misread the last "subnet" part to be just a mask, so this generated incompatible addresses:
XXXX:XXXX:XXXX:XXXX /64 mask
v
2600:1111:1111:1106::1/64 <-- interface address
2600:1111:1111:1106::7/64 <-- valid delegated address
2600:1111:1111:1100::7/64 <-- invalid delegated address
The subnet of [0::/64] put a 0 in the lowest digit of the network part when it should have been a 6: I clearly did this wrong, but it seems that Fortigate should have noted that the SLAAC subnet didn't "fit" in the interface's subnet.
I should have put 0:0:0:6::/64 in the subnet part
This would have saved me several hours plus a tech support call.
Second, I have a new FortiAP 221E running 6.0.x (the last one in the series). It would simply never go online until I upgraded it to 6.2 something. I'm sure this was documented somewhere, but I didn't see it and burned a LOT of time on it.
EDIT: I just found this thread https://forum.fortinet.com/tm.aspx?m=195451&tree=true that would have saved me a lot of time on the FortiAP thing. Sigh.
Related Posts
- FortiOS 7.2.4 IPSec split-tunnel breaks local... 88 Views
- FortiOS Recommended Release 75 Views
- FortiOS 7.2.8 WAF Event ID not... 175 Views
- FortiGate VM on XCP-NG 89 Views
- Security Fabric gone after upgrade 7.0.14... 183 Views
Labels
-
FortiGate
6,460 -
FortiClient
1,290 -
5.2
801 -
5.4
639 -
FortiManager
562 -
6.0
416 -
FortiAnalyzer
411 -
5.6
362 -
FortiSwitch
331 -
FortiAP
327 -
FortiClient EMS
259 -
6.2
251 -
FortiMail
239 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
148 -
6.4
128 -
FortiNAC
103 -
FortiGuard
102 -
FortiGateCloud
86 -
FortiSIEM
85 -
FortiCloud Products
82 -
FortiToken
69 -
Customer Service
69 -
IPsec
68 -
4.0MR3
64 -
Wireless Controller
58 -
SSL-VPN
54 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
38 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
30 -
FortiSwitch v6.4
28 -
FortiConnect
23 -
SD-WAN
23 -
FortiWAN
22 -
High Availability
21 -
FortiConverter
21 -
Firewall policy
20 -
VLAN
18 -
FortiPortal
17 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
SAML
11 -
BGP
11 -
DNS
11 -
Interface
11 -
FortiGate v5.0
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
LDAP
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
Logging
9 -
RADIUS
8 -
Traffic shaping
8 -
Virtual IP
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
NAT
7 -
FortiAuthenticator
7 -
Admin
7 -
FortiGate v4.0 MR3
7 -
4.0
7 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
SSID
5 -
Security profile
5 -
Traffic shaping policy
5 -
Authentication
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
Static route
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
SSL SSH inspection
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
packet capture
3 -
FortiToken Cloud
3 -
Automation
3 -
Intrusion prevention
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
IPS signature
3 -
FortiDeceptor
2 -
FortiInsight
2 -
Antivirus profile
2 -
VoIP profile
2 -
Traffic shaping profile
2 -
Web profile
2 -
FortiAP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
trunk
2 -
NAC policy
1 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
Application signature
1 -
Authentication rule and scheme
1 -
Multicast routing
1 -
Zone
1 -
FortiManager-VM
1 -
Fabric connector
1 -
Internet Service Database
1 -
Fortinet Engage Partner Program
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.