Supported Upgrade Paths for FortiOS Firmware 5.2

Supported Upgrade Paths for FortiOS™ FirmwareVERSION 5.2.2 TECHNICAL DOCUMENTATION http://docs.fortinet.com KNOWLEDGE BASE http://kb.fortinet.com FORUMS https://support.fortinet.com/forum CUSTOMER SERVICE & SUPPORT https://support.fortinet.com  FORTIGATE COOKBOOK http://cookbook.fortinet.com TRAINING http://www.fortinet.com/training FORTIGUARD THREAT RESEARCH & RESPONSE http://www.fortiguard.com LICENSE http://www.fortinet.com/doc/legal/EULA.pdf FEEDBACK Email: [email protected] Monday, December 08, 2014 Supported Upgrade Paths for FortiOS™ Firmware 01-520-199976-20140917 TABLE OF CONTENTS Change Log Overview Purpose of this Document Scope of the Document Location of Upgrade Path documents for other products Product compatibility Using the Upgrade Steps Table Release numbers Build Numbers Max Value Issue Standalone vs. HA configuration upgrades Parallel Development Upgrade Methods Upgrading from the Local Drive Upgrading from the FortiGuard Network Upgrade Steps Table Potential Issues Special Builds Why read the Release Notes? Sampling of issues Changing of Category Numbers HA Virtual MAC Address Changes Changing of Logging Settings Familiar features removed or changed 4 5 5 5 5 6 6 6 7 7 7 8 8 8 8 10 18 18 18 18 18 18 19 19 . 0.3.17 and 4.2.0.Change Log Date Change Description 2014-12-08 Updated to include 5. location of other upgrade path documents. 2014-09-17 Updated to include 5. Branch from 5.0.3.9 2014-07-30 Updated to include 5.2.7 version .18 2014-08-05 Updated to include 5.2. additional potential issue.8 2014-06-16 Initial Release.1 2014-08-27 Updated to include 4. which is used as the Operating System for the following products: l l l FortiGate FortiWiFi FortiCarrier This document does not include the upgrade paths for other Fortinet products such as: l l FortiManager FortiAnalyzer. For most devices these steps will show the path in steps from your current version to the latest Version. Every time you perform an upgrade to the firmware you should carefully read the release notes of the firmware you are upgrading to.fortinet. The Fortinet Support Site can be found at: https://support. To see if your device is affected by this check the Product Life Cycle page found at: https://sup- port. MR. and patch. The release notes can be found on the support site in the same directory as the firmware. Release notes may include warnings or notices of exceptions. Location of Upgrade Path documents for other products Other upgrade path documents are available for the following products: l l 5 FortiAnalyzer FortiManager Supported Upgrade Paths for FortiOS 5.com.The latest version being the one with the highest patch number in this version branch.fortinet.com/EndUser/ProductLifeCycle. . but they are supported and have been optimized to achieve the latest version of the firmware in the fewest steps.aspx Scope of the Document The scope of this document is limited to recommended upgrade practices for the FortiOS firmware.Overview Purpose of this Document The goal of this document is to make it easier for you to upgrade your FortiGate unit by guiding you to the most likely intermediate firmware upgrades between your current version and the latest version of the firmware. Some older FortiGate hardware platforms do not have the resources to effectively use the most recent firmware versions and so do not support firmware updates past a certain version. These products have their own upgrade path documentation. The steps shown by the Upgrade Steps Table are not the only possible path.2 Fortinet Technologies Inc. 9/fortianalyzer-v5.0. This is an issue that administrators of environments where different Fortinet products are used should be aware of. The numbers shown in the table below are an abbreviated form of the firmware version names. the version designation was made up of a Version.fortinet.00/5.9-upgrade-guide. 1.x. If one was trying to refer to one of the later patches in a later release of version 4 of the firmware it could be described as Version 4 MR 3 Patch 18. It is possible that there is no one best option.9-upgrade-guide.com/FortiAnalyzer/v5.9/fortimanager-v5. Find that release/build in the left hand column.0/5. Example links to Upgrade Guides: l ftp://support. These should be read and the environment should be planned out as a whole. Using the Upgrade Steps Table We have tried to make using the table as simple as possible.fortinet.Using the Upgrade Steps Table Overview These documents are available from the Fortinet Customer Service & Support Site. a situation could arise where the FortiManager will not be able to manage those newly upgraded FortiGates. and some brand new models of FortiGate that cannot run older firmware. The compatibility between models is listed in the Release Notes of the products. as each firmware release for these products has its own document.com/FortiManager/v5.This is an issue that the administrator needs to be aware of when making decisions about which firmware to run. The administrator will have to weigh the pros and cons of all of the variables and keep in mind what the most important requirements are for the environment. the designation of the individual releases has changed but this document tries to make these designations as consistent and as easy to understand as possible. Determine which release is currently running on your FortiGate. 2.00/5.pdf l ftp://support. To make writing the release name simpler a 'shorthand' developed using the pattern x. Supported Upgrade Paths for FortiOS 5.fortinet. found at https://support. Product compatibility This document does not include any references to release compatibility between Fortinet products.0. On the other side of the equation. a specific version of FortiManager has a range of versions of FortiGate that it will be compatible with.2 Fortinet Technologies Inc.pdf The above links are examples only. possibly a major release within that version and possible a patch number within that major release.0. it is also possible to upgrade a FortiManager beyond the compatibility range of some of the older models of FortiGate. 3.0/5. Upgrade from one release to the next based on the releases listed in that row. If you have some older models of FortiGate that cannot be upgraded to current releases of firmware.x. 6 . in the same directory as the firmware images and Release Notes.0. Release numbers Over the life of the firmware.com. Originally. For instance. the situation can arise where a single FortiManager will not be able to manage all of the FortiGates in the environment. If the FortiGates are upgraded without verifying that the FortiManager will be compatible with them. 0. In version 5 there is a difference in the steps between the patches depending on whether your FortiGate setup is in a standalone or an HA configuration. like everybody should. It is simply FortiOS 5.2.3) directly to Patch 5 (5. the simplified version is always used when describing the path. If you have a standalone setup you can upgrade from Patch 3 (5.1.5).0 MR7 Patch 10 Recently.10 = Version 3.4).Overview Max Value Issue 1st Number Version Number 2nd Number MR Number 3rd Number Patch Number Example: 3. but then a few builds later was raised back up.2 Fortinet Technologies Inc. Build Numbers In cases where there is no indication in the Web-based Manager what the version or build number is you can get the build number from the CLI by entering the command: get system status The value in the output of the command for “Branch point” will be the build number. This minimizes the possibility of confusion for somebody who has an HA cluster but reads the Release Notes.0.0. the longer version of describing the release was dropped in favor of the simplified format. In the table describing the steps in progressing through the upgrades the most cautious path is listed. However.7. . HA configuration upgrades If you read the Release Notes for the firmware upgrades you will notice a discrepancy between what the Release Notes say is possible for upgrades and what the Upgrade Steps Table shows. but was unaware of the known issue with the HA clusters. otherwise only the slave unit in the configuration will be upgraded to Patch 5. Standalone vs. Within the table.So it is not FortiOS Version 5 MR 2 Patch 1. If a configuration on a device was to have a number of these objects in excess of the lower value when doing an upgrade there could be issues and even data loss so the upgrade paths listed are designed to avoid upgrading into this lower max value range even though the Release Notes state that upgrading to these firmware builds is supported. When the release notes were written the act of increasing the values was not foreseen. Max Value Issue There is a range of builds where the maximum number of some of the objects was lowered. 7 Supported Upgrade Paths for FortiOS 5. if you are using an HA setup you need to add the intermediate step of going to Patch 4 (5. For instance if you wanted firmware 5.Parallel Development Overview Parallel Development Development of the firmware is usually taking place on two paths at the same time.3. This is because only options that are always going to be safe are available. then the 5.com/.7 you would select the v5. then the 5. Once in the directory scroll down until find the correct firmware file name for your specific model. Supported Upgrade Paths for FortiOS 5. 4. The select the file you wish to download.15 was released after 5.fortinet. This is the reason that one FortiGate can upgrade directly from 4. An example of this. The second is that because this development is taking place in parallel the number identifiers for the builds do not correspond directly with the sequence in which the builds come out.0. such as a FortiGate and then selecting either HTTPS or FTP download. or downgrade. The first is that patches are still being built for each of these paths.5 while a different FortiGate starting at 5. The layout of the firmware listing in both methods is a hierarchical tree.5.0. Upgrading from the Local Drive When uploading the firmware from the local drive you must already have downloaded it from the Fortinet Support Site at https://support. l l l l FGT_ = FortiGate FWF_ = FortiWiFi POE = Power over Ethernet VM32/VM64 = Virtual Machine versions of the firmware.3.2 Fortinet Technologies Inc.0. The 32 and 64 referring to the bit architecture of the OS.7 directory. either from a local file that has been previously downloaded or from the FortiGuard Network.0 definitely came after 4.There is development taking place on the latest path.out extension. Upgrading from the FortiGuard Network The practice of strategically skipping some firmware versions to optimize the time and efficiency that it takes to get to the latest version is based on using the Upgrade from: Local Hard Drive option. The file names are intended to be helpful in determining the correct firmware for the model you need. go to the Download section and select the icon for Firmware images.0.3. 8 .3.x then the previous stable path that would still be in development would be 4. can be demonstrated by the fact that while version 5.4.0 directory. From there it is only a matter of selecting a product.0. Firmware going directly on a Fortinet Device will have the . Here are some of the conventions found in the file names.0 needs to go through some intermediate steps to get to the same 5. If you try to use the Upgrade from: FortiGuard Network option you will notice that there are a limited number of firmware builds to which you may upgrade.x. Upgrade Methods There are two methods of primary methods of upgrading the firmware through the GUI.0.00 directory. This has 2 significant ramifications as far as upgrades are concerned. the next consecutive build will always be a safe option. For instance if the latest path was 5.0.0.0.15 to 5. as well as the previous stable path. The logic being that because there are no intermediate options possible. Once you have logged in with the account ID and password that was created when registering the FortiGate. Supported Upgrade Paths for FortiOS 5.Overview Upgrade Methods Because of this limitation in options.2 Fortinet Technologies Inc. it means that you will not be able to use the Upgrade from: FortiGuard Network option to see all of the safe upgrade options. The builds that will be shown will most like be as follows: For Upgrades: l The next build in the current version track For Downgrades: l l 9 The previous build in the current version track. You will either have to use the included upgrade path table or study the Release Notes. The latest build in the previous version track. . 0.9 Supported Upgrade Paths for FortiOS 5.9 ► 5.2.0.0. ► 5.2.0 Patch6 Build # 271 ► 5.7 ► 5.0.2.2 5.9 ► 5.9 ► 5.2 Latest build End of Support Date for Version 5.9 ► 5.0.7 ► 5.2 End of Support Date for Version 4.9 ► 5.0 MR3 = March 19.0.0.0 MR3 patch18 Build # 689 ► 5.4 ► 5.0.9 ► 5.2 5.2.2 5.0.0 Patch3 Build # 208 ► 5.7 ► 5.0.4 ► 5.3 ► 5.3 ► 5.2.3 ► 5.2 10 .0.7 ► 5.2 ► 5.2 4.2.2.2.0.0 MR3 patch16 Build # 686 ► 5.0.0.2.2 4.0.2.2.7 ► 5.2 4.0 MR3 patch15 Build # 672 ► 5.0) 4.0.0 Patch4 Build # 228 ► 5.2.2 5.0.1 Build # 618 ► 5.2. 2014 (unless device does not support FortiOS version 5.2 Build # 589 ► 5.9 ► 5.Upgrade Methods Upgrade Steps Table Upgrade Steps Table Starting Version Build # Supported Steps to Latest Build of 5.0.2 5.9 ► 5.2 Build # 642 5.2.0.0.0.0.0 Patch1 Build # 147 ► 5.0 Patch7 Build # 3608 ► 5.2 5.2 5.0 Patch8 Build # 291 ► 5.0.4 ► 5.2 5.0 = To be determined 5.0.2.2.7 ► 5.2 5.4 ► 5.0.9 ► 5.2 5.0 Patch2 Build # 179 ► 5.2 Fortinet Technologies Inc.9 ► 5.0 Patch9 Build # 292 ► 5.2.0 MR3 patch17 Build # 688 ► 5.0.2 5.7 ► 5.9 ► 5.0 Patch5 Build # 252 ► 5.2.0.0 Build # 128 ► 5. 0.3.2 4.2.17 ► 5.0.2.11 ► 4.7 ► 5.11 ► 4.2 4.0 MR3 patch8 Build # 632 ► 4.2.9 ► 5.0 MR2 patch12 Build # 346 ► 4.2.9 ► 5.3.17 ► 5.0 MR2 patch13 Build # 349 ► 4.0.0 MR3 patch4 Build # 511 ► 4.3.0.2 4.2.0 MR3 patch11 Build # 646 ► 4.7 ► 5.2.0.0.0.2 4.2 4.2 4.0.0.2.Upgrade Steps Table Upgrade Methods Starting Version Build # Supported Steps to Latest Build of 5.17 ► 5.3.17 ► 5.0.2.7 ► 5.17 ► 5.0 MR3 patch10 Build # 639 ► 4.3.3.3.9 ► 5.0 MR2 patch14 Build # 353 ► 4.11 ► 4.3.7 ► 5.0 MR2 = April 1.0.7 ► 5.9 ► 5.0.17 ► 5.17 ► 5.0.3.7 ► 5.2.2 11 Supported Upgrade Paths for FortiOS 5.0.11 ► 4.11 ► 4.7 ► 5.9 ► 5.0.9 ► 5.0 MR3 patch14 Build # 665 ► 5.9 ► 5.3.9 ► 5.11 ► 4.2 4.2 4.0.0 MR3 Build # 441 ► 4.2.7 ► 5.11 ► 4.0 MR2 patch15 Build # 356 ► 4.2 4.9 ► 5.0.9 ► 5.7 ► 5.3.7 ► 5.0 MR3 patch6 Build # 521 ► 4.11 ► 4.0 MR3 patch2 Build # 482 ► 4.11 ► 4.0 MR3 patch13 Build # 664 ► 4.9 ► 5.0.17 ► 5.7 ► 5.9 ► 5.9 ► 5.3.17 ► 5.0.7 ► 5.0.0.0.9 ► 5.4 ► 5.7 ► 5.3.0 MR3 patch9 Build # 637 ► 4.3.17 ► 5.2 4.17 ► 5.2 End of Support Date for Version 4.0 MR3 patch3 Build # 496 ► 4.2 4.3.2 4.17 ► 5.2.2.0.2.3.2 4.6 ► 4.2 4.9 ► 5.2 4.3.0 MR3 patch12 Build # 656 ► 5.9 ► 5.2 4.0.11 ► 4.9 ► 5.9 ► 5.0.0 MR3 patch5 Build # 513 ► 4.3.0.0.3.2 Fortinet Technologies Inc.3.0.11 ► 4.17 ► 5.0.2 4.0.3.0 MR3 patch7 Build # 535 ► 4.11 ► 4.0.2.0 MR3 patch1 Build # 458 ► 4.11 ► 4.7 ► 5.17 ► 5.2.3.2 4.11 ► 4.3.0. .3.7 ► 5.0.2.6 ► 4.3.3.0.0.0.3.3.0.3.3.3. 2013 4.7 ► 5.17 ► 5.3.3.9 ► 5.3.7 ► 5.7 ► 5.17 ► 5.6 ► 4.2.2.0.11 ► 4.17 ► 5.7 ► 5.0.2.3. 7 ► 5.0.3.9 ► 5.3.2 4.2.7 ► 5.3.0.0.Upgrade Methods Upgrade Steps Table Starting Version Build # Supported Steps to Latest Build of 5.17 ► 5.3.3.6 ► 4.17 ► 5.0.2.3.3.3.3.17 ► 5.0 MR2 patch6 Build # 320 ► 4.2.3.2.11 ► 4.3.3.7 ► 5.0.10  ► 4.0 MR2 patch7 Build # 324 ► 4.11 ► 4.17 ► 5.3.0.3.17 ► 5.17 ► 5.0.2 4.7 ► 5.0.3.6 ► 4.0.11 ► 4.9 ► 5.2.0.3.2 4.0.6 ► 4.0 MR1 patch3 Build # 194 ► 4.9 ► 5.0.11 ► 4.17 ► 5.17 ► 5.9 ► 5.3.11 ► 4.3.3.0 MR1 patch4 Build # 196 ► 4.17 ► 5.6 ► 4.0.17 ► 5.11 ► 4.2.15 ► 4.0.13 ► 4.7 ► 5.11 ► 4.0 MR1 = August 24.17 ► 5.11 ► 4.7 ► 5.15 ► 4.3.7 ► 5.11 ► 4.2.7 ► 5.1.3.2 4.6 ► 4.15 ► 4.2 4.11 ► 4.0 MR1 patch10 Build # 217 ► 4.11 ► 4.3.0 MR1 patch8 Build # 209 ► 4.0 MR1 patch1 Build # 185 ► 4.0.2.0.7 ► 5.3.3.6 ► 4.3.2 4.0 MR1 Build # 178 ► 4.9 ► 5.2 Fortinet Technologies Inc.0.5 ► 4.0.15 ► 4.2.3.0 MR1 patch2 Build # 192 ► 4.11 ► 4.0 MR1 patch5 Build # 204 ► 4.0.0.3.3.3.0 MR2 patch11 Build # 342 ► 4.7 ► 5.3.0.11 ► 4.2.2 Supported Upgrade Paths for FortiOS 5.0 MR2 patch10 Build # 338 ► 4.7 ► 5.0.0 MR2 patch4 Build # 313 ► 4.9 ► 5.7 ► 5.2.0 MR2 patch 1 Build # 279 ► 4.11 ► 4.17 ► 5.0.3.2 4.2.3.11 ► 4.5 ► 4.3.11 ► 4.2.0.11 ► 4. 2012 4.0 MR2 patch8 Build # 328 ► 4.13 ► 4.9 ► 5.2 4.3.0.2.6 ► 4.0.17 ► 5.9 ► 5.3.9 ► 5.13 ► 4.3.2.3.7 ► 5.3.3.7 ► 5.0.3.0.2 4.2.10  ► 4.0.0.7 ► 5.17 ► 5.7 ► 5.11 ► 4.2.3.2.6 ► 4.0 MR1 patch9 Build # 213 ► 4.2.2 4.7 ► 5.0.3.0 MR2 patch2 Build # 291 ► 4.11 ► 4.2 4.7 ► 5.0.2.7 ► 5.1.17 ► 5.0.11 ► 4.3.9 ► 5.3.2 4.7 ► 5.2 4.2.3.0 MR2 patch3 Build # 303 ► 4.3.0.17 ► 5.0.3.2 4.2 4.2 4.0.9 ► 5.3.17 ► 5.9 ► 5.2 4.5 ► 4.3.3.1.11 ► 4. 12 .0 MR1 patch6 Build # 205 ► 4.9 ► 5.0 MR1 patch7 Build # 207 ► 4.5 ► 4.0.2 4.2.11 ► 4.7 ► 5.9 ► 5.3.0.2 4.3.3.3.0.0.2 4.17 ► 5.9 ► 5.2.2.3.0 MR2 patch5 Build # 315 ► 4.9 ► 5.2 4.2 4.0 MR2 patch9 Build # 334 ► 4.5 ► 4.3.7 ► 5.17 ► 5.2.9 ► 5.3.0.3.2.5 ► 4.9 ► 5.10  ► 4.11 ► 4.3.9 ► 5.9 ► 5.13 ► 4.0.75 ► 5.17 ► 5.17 ► 5.2.2.0.3.1.6 ► 4.0.6 ► 4.2 End of Support Date for Version 4.17 ► 5.3.3.0 MR2 Build # 272 ► 4.0.2.6 ► 4.2.3.9 ► 5.6 ► 4.2.7 ► 5.2.10  ► 4.0.15 ► 4.9 ► 5.3.9 ► 5. 2.12 ► 4.4 ► 4.7 ► 5.Upgrade Steps Table Starting Version Build # Upgrade Methods Supported Steps to Latest Build of 5.11 ► 4.3.0.4 End of Support Date for Version 3.12 ► 5.0.17 ► 5.3.0 MR7 patch8 3.1.0.9 Supported Upgrade Paths for FortiOS 5.3.7 ► 5.10  ► 5.6 ► 4.0.2.0.0 4.7 ► 5.0.7 ► 5.0.2 Fortinet Technologies Inc.2 ► 4.3.11 ► 4.3.0.0.0.2.0 4.12 ► 4.4  4.0.1.7 ► 5.6 ► 4.9 ► 4.3.0 4.2 ► 4.3.0  ► 4.0.9 ► 4.2.9 ► 5.0.12 ► 5.3.0.2.3.1.11 ► 4. 2011 3.0.11 ► 4.17 ► 5.0 4.3.10  ► 5.7 ► 5.3.7 ► 5.3.10  ► 5.2 ► 4.5 ► 4.6 ► 4.0 MR7 = July 18.2.0 patch3 Build # 106 ► 4.2 ► 4.0 MR7 patch4 13 Build # 754 Build # 753 Build # 752 Build # 750 Build # 744 Build # 741 Build # 740 ► ► ► ► ► ► ► 4.2 ► 4.2 ► 4.9 ► 4.11 ► 4.0.1.17 ► 5.0.9 ► 4.3.17 ► 5.3.3.0.2.5 ► 4. .3.17 ► 5.11 ► 4.1.10  ► 5.3.3.3.2 End of Support Date for Version 4.7 ► 5.2.2.0.3.6 ► 4.3.9 ► 5.3.3.0 patch4 Build # 113 ► 4.6 ► 4.11 ► 4.2 4.1.3.4 4.0.1.11 ► 4.5 ► 4.7 ► 5.11 ► 4.0.17 ► 5.3.10  ► 5.9 ► 5.11 ► 4.3.2.3.5 ► 4.3.0 MR7 patch10 3.2 ► 4.3.0 patch1 4.12 ► 4.1.4  4.0.3.2.0 patch2 4.7 ► 5. 2012 4.2.0 MR7 patch7 3.0 MR7 patch6 3.2.3.2 ► 4.3.0.9 ► 5.1.0.2.2.2 4.0 4.0.12 ► 4.0 MR7 patch9 3.0.6 ► 4.0.1.3.10  ► 4.0.17 ► 5.2.11 ► 4.9 ► 5.0 MR7 patch5 3.17 ► 5.5 ► 4.3.1.5 ► 4.2 ► 4.0.7 ► 5.7 ► 5.17 ► 5.1.17 ► 5.0 Build # 99 Build # 98 Build # 92 ► ► ► 4.17 ► 5.9 ► 4.2.9 ► 4.3.2.17 ► 5.0  = February 24.11 ► 4.3.2 ► 4. 0 ► 4.3.17 ► 5.0 MR6 Build # 678 Build # 677 Build # 673 Build # 670 Build # 668 Build # 662 Build # 660 ► ► ► ► ► ► ► 4.0.3.0.3.2.12 ► 4.0 MR6 patch1 3.7 ► 5.7 ► 5.6.5 ► 4.7 ► 5.7 ► 5.11 ► 4.9 ► 5.6 ► 4.9 ► 5.0.2.17 ► 5.5 ► 4.2.3.5 ► 4.3.1.3.2 ► 4.6.0.0.0.3.9 ► 5.5 ► 4.0.0.2.0 ► 4.11 ► 4.0.6 ► 4.2.3.17 ► 5.2 ► 4.3.2.11 ► 4.9 ► 5.2.3.2.0.7 ► 5.0.7 ► 5.11 ► 4.0 MR7 patch1 3.0 MR7 patch3 Build # 737 ► 3.0 MR6 patch6 3. 2010 Supported Upgrade Paths for FortiOS 5.0.17 ► 5.0 ► 4.4 4.0.3.2.2 ► 4.17 ► 5.9 ► 5.0.0 MR6 patch3 3.9 ► 5.10  ► 4.1.3.11 ► 4.2.3.0.7 ► 5.2 ► 4. 14 .1.0.1.9 ► 5.0 ► 4.0 ► 4.9 ► 5.2 ► 4.0 4.2 End of Support Date for Version 3. 2011 3.1.7 ► 5.1.1.10  ► 4.4 3.0.2 Fortinet Technologies Inc.3.3.11 ► 4.0 MR7 Build # 733 Build # 730 Build # 726 ► ► ► 4.1.10  ► 4.2.0 4.3.6 3.3.2.3.10  ► 4.4 4.17 ► 5.0.2.17 ► 5.12 ► 4.0.2 ► 4.3.0.0 MR7 patch2 3.6.2 ► 4.7 ► 5.0 MR6 patch4 3.6 ► 4.0.11 ► 4.17 ► 5.2 End of Support Date for Version 3.2 ► 4.0.3.11 ► 4.12 ► 4.0.3.0.3.3.7 ► 5.11 ► 4.12 ► 4.17 ► 5.17 ► 5.6 ► 4.3.3.4 4.5 ► 4.3.3.2 ► 4.3.0.0 MR6 patch2 3.4 ► 4.9 ► 5.2.3.0.0 MR5 = July 3.10  ► 4.2.9 ► 5.6 3.0.2.3.3.6 ► 4.1.0.0.2 3.6 3.17 ► 5.9 ► 5.0 MR6 patch5 3.12 ► 4.Upgrade Methods Upgrade Steps Table Starting Version Build # Supported Steps to Latest Build of 5.0 MR6 = February 4.0.6 ► 4.3.1.2.4 ► 4.11 ► 4.11 ► 4.6 ► 4.12 ► 4.7 ► 5.6.3. 2 ► 3.10  ► 4.5.7 ► 5.9 ► 5.1.10 ► 4.2 ► 3.9 ► 5.6 3.2.10 3.5 ► 4.0.5.17 ► 5. .2 Fortinet Technologies Inc.2.0 ► 4.1.5.9 ► 5.7 3.1.0 ► 4.2 End of Support Date for Version 3.9 ► 5.9 ► 5.1.11 ► 4.0.2.9 ► 5.3.0 MR5 patch6 3.1.1.17 ► 5.10 ► 4.7.2.9 ► 5.0.7 ► 5.0.3.3.0 ► 4.6.17 ► 5.0.1.7 ► 5.2 Supported Upgrade Paths for FortiOS 5.3.7.2.7 ► 5.3.0.7.5 ► 4.10 ► 4.11 ► 4.11 ► 4.10 ► 4.0.5.2 ► 3.7 ► 4.5 ► 4.3.3.5.3.2 ► 3.1. 2009 3.9 ► 5.7.2 ► 3.0 MR5 patch3 3.0.10  ► 4.3.10 ► 4.0 ► 4.0.17 ► 5.3.7.3.3.11 ► 4.7 3.1.0 MR4 patch2 15 Build # 483 Build # 480 Build # 479 Build # 477 ► ► ► ► 3.17 ► 5.10  ► 4.1.3.11 ► 4.5 ► 4.11 ► 4.2 3.0 MR5 patch7 Build # 576 ► 3.10  ► 4.10  ► 4.3.7 3.5 ► 4.0 MR4 patch4 3.3.9 ► 5.0 ► 4.0.7 ► 5.2.10  ► 4.10 ► 4.0 MR5 patch5 3.7.0 ► 4.10  ► 4.0.7 ► 5.10 ► 4.7.2.17 ► 5.2 ► 3.7 ► 5.0 MR4 = December 29.0.0.2 ► 3.2 ► 3.0 MR4 patch5 3.5 ► 4.7 ► 5.1.7 ► 5.1.1.11 ► 4.3.9 ► 5.2 ► 3.3.1.2.5.3.0 ► 4.3.7.0.9 ► 5.7 3.0.3.7.17 ► 5.0 ► 4.11 ► 4.1.0 ► 4.17 ► 5.5 ► 4.10  ► 4.0 MR5 patch4 3.3.0 MR5 patch2 3.3.1.7 ► 5.0.11 ► 4.3.7 3.0 MR4 patch3 3.17 ► 5.17 ► 5.10  ► 4.0 MR5 patch1 3.10  ► 4.1.2.1.3.9 ► 5.10 ► 4.3.7 ► 5.0 ► 4.0.0.7 3.3.17 ► 5.3.7 3.3.2.5 ► 4.3.10 ► 4.0.1.10 ► 4.5 ► 4.17 ► 5.7 ► 5.5 ► 4.10  ► 4.0.0.Upgrade Steps Table Upgrade Methods Starting Version Build # Supported Steps to Latest Build of 5.1.7.3.5.2.3.3.11 ► 4.3.5.2.1.11 ► 4.5 ► 4.7 ► 4.7.5.2 ► 3.5 ► 4.1.10  ► 4.0.3.1.1.3.0.11 ► 4.0 ► 4.0 MR5 Build # 575 Build # 574 Build # 572 Build # 568 Build # 565 Build # 564 Build # 559 ► ► ► ► ► ► ► 3.0.3.7 3.0 ► 4.5. 3.11 ► 4.2 3.9 ► 5.7 ► 5.6 ► 4.0.9 ► 5. 16 .1.5 ► 4.0 MR4 Build # 474 ► 3.1.1. 2009 3.2 ► 4.6 ► 4.7 ► 5.5 ► 4.4.5  3.9 ► 5.9 ► 5.5.3.17 ► 4.10  ► 5.5  ► 3.0.1.7.1.2.3.2.4.1.1.0.2.3.0.9 ► 5.5 ► 4.11 ► 4.3.0 ► 4.7 ► 5.2 ► 3.11 ► 4.11 ► 4.0.0 ► 4.3.3.0.2 ► 3.0 MR3 patch11 3.3.5  3.17 End of Support Date for Version 3.1.7 ► 3.10  ► 5.17 ► 4.6 ► 4.7 ► 5.5 ► 4.10 ► 4.7 ► 5.10 ► 4.3.10  ► 5.0.5  3.0.0.11 ► 4.1.7 ► 5.1.2 ► 3.2 ► 3.Upgrade Methods Upgrade Steps Table Starting Version Build # Supported Steps to Latest Build of 5.3.1.6 ► 4.3.7 ► 5.17 ► 4.3.0.0.2 ► 3.0.6.0 MR3 patch8 3.11 ► 4.4.5  3.2 Supported Upgrade Paths for FortiOS 5.11 ► 4.0 MR3 patch14 3.6.2.7.10  ► 5.0.0 ► 4.3.6.0.10  ► 5.7 3.0 MR3 patch13 3.5 ► 4.17 ► 4.2 ► 3.0 ► 4.2.6.2 ► 3.1.1.0 ► 4.1.0 ► 4.17 ► 4.5 ► 4.1.6 ► 4.0 MR3 patch5 Build # 418 Build # 417 Build # 416 Build # 416 Build # 415 Build # 413 Build # 411 Build # 410 Build # 406 Build # 405 ► ► ► ► ► ► ► ► ► ► 3.5  3.17 ► 4.6.10  ► 5.1.0 MR3 = October 2.3.6 ► 4.1.17 ► 4.10  ► 5.6.2.6 ► 4.5  3.6.3.3.6 ► 4.0.5 ► 4.0.0.9 ► 5.1.7 ► 5.2.4.11 ► 4.3.4.2.1.10  ► 5.6.6 ► 4.3.0.0 MR3 patch7 3.11 ► 4.0 ► 4.3.2.10  ► 5.3.3.5 ► 4.5 ► 4.7 ► 5.3.9 ► 5.5  3.0 MR3 patch12 3.1.7 ► 5.4.1.2 ► 3.3.9 ► 5.17 ► 4.0 ► 4.0 MR4 patch1 Build # 475 ► 3.1.0.3.6.2.5 ► 4.3.7 ► 5.0 MR3 patch10 3.0.6.11 ► 4.5 ► 4.0.0.11 ► 4.0 ► 4.17 ► 4.9 ► 5.3.4.2 ► 3.3.9 ► 5.3.0 ► 4.0.5.3.7 ► 5.0 ► 4.1.11 ► 4.6 ► 4.9 ► 5.3.4.2 ► 3.3.3.0 MR3 patch9 3.17 ► 4.9 ► 5.10  ► 5.3.3.4.4.0 MR3 patch6 3.0.2 Fortinet Technologies Inc.10  ► 5.5  3.17 ► 4.3.10  ► 5.5  3.0 ► 4.5 ► 4.3.2.1.2. 6.2.10  ► 4.0.11 ► 4.1.0.3.3.0 MR3 patch3 Build # 403 ► 3.2.5  ► 3.3.3.1.3.0.10  ► 4.2.9 ► 5.2.5  ► 3.14  ► 3.9 ► 5.0.3.0.50.0 ► 4.3.17 ► 4.6.2 ► 4.10  ► 4.7 ► 5.10 3.1.3.X (X <11) 2.80.11 ► 4.3.2 Fortinet Technologies Inc.1.1.17 ► 5.3.4.2.Upgrade Steps Table Upgrade Methods Starting Version Build # Supported Steps to Latest Build of 5.7 ► 5.11 ► 3.3.5 ► 4.7 ► 5.7 ► 5.5  3.0.14  3.3.5 ► 4.1.3.0.3.2 ► 3. .6 ► 4.7 ► 5.6 ► 4.6 ► 4.9 ► 5.0 ► 4.2.5  ► 3.1.11 ► 4.4.2 ► 3.3.6.11 ► 4.1.7.0 MR1 2.3.14  ► 3.10  ► 4.5 ► 4.6.0 ► 4.2 ► 3.0.0 ► 4.80.0.2.9 ► 5.3.17 ► 5.7 ► 5.5 The versions below are beyond end of support dates 3.1.0 ► 4.3.10 17 Build # 319 Build # 247 unknown unknown unknown ► ► ► ► ► 3.6.10 ► 4.0.0.5  ► 3.2.3.10  ► 5.0 ► 4.1.1.0 ► 4.0 MR3 Build # 400 ► 3.9 ► 5.2 ► 3.4.2 3.2 ► 4.9 ► 5.1.3.1.3.17 ► 4.2.4.11 ► 4.3.11 2.0 2.0.2 Supported Upgrade Paths for FortiOS 5.17 ► 5.3.80.0  ► 3.0.1.1.6 ► 4.5 ► 4.0  3.10  ► 5.0.6 ► 4.9 ► 5.17 ► 5.17 ► 5.4.5 ► 4.5 ► 4.11 ► 4.0 MR2 3.7 ► 5.11 ► 4.3.10  ► 4.7. Sampling of issues These are some issues. If your policies are everything is wide open you are not likely to see an issue but if there are carefully crafted restrictions in place.3 and 5. To give an indication of how important it is to read the Release Notes we will provide a sampling of some of the possible issues that may have to be dealt with upon upgrading.0 interface indexing changed. The table of the upgrade path is based on the Release Notes of the regular builds and may not have included testing against every special build as well. Between FortiOS 4. in no particular order. HA Virtual MAC Address Changes HA virtual MAC addresses are created for each FortiGate interface based on that interface’s index number. .0 the virtual MAC addresses 18 Supported Upgrade Paths for FortiOS 5.2 Fortinet Technologies Inc. that have been brought to the attention of the Technical Assistance Center or the Documentation Team that could result during the course of a firmware upgrade.Potential Issues Special Builds Every now and then a "Special Build" is created for some specific purpose and some companies will put these into production. Changing of Category Numbers When looking at the FortiGuard Webfilter categories or Application categories in the GUI we see the nice easily understood names that indicate what they refer to but in the code of the firmware these categories are referenced by a integer and not a text string. If the list changes then so do the values of objects in that list. After upgrading a cluster to FortiOS 5. These special builds are not part of the normal upgrade path QA process and therefore have a greater risk of  variance from what is normally expected in an upgrade. it was recommended that before upgrading from one version of the firmware to a more recent one that the Release Notes be read. Why read the Release Notes? Previously in this document. If you are running a special build. Periodically the list of categories changes. whether by the number growing larger or smaller it doesn’t matter. be even more cautious in upgrading than you would normally be. some of these issues were and are unavoidable because of the nature of the configurations of the FortiGate devices and the networks they were in. To offer some clarification on the contents of this sampling. The reason for reading the Release Notes is to make sure that users are prepared for changes or potential outages that may occur so that the affected parties can be forewarned and the issues can be dealt with in a timely manner. there is some blocking or allowed traffic based on mac addresses. Changing of Logging Settings There was a case where upgrading a few builds too far. in a very specific scenario. the logtraffic-start function is disabled. When the firewall’s mac address is not on the list of allowed addresses any traffic going through the firewall is likely to be problematic.0.3 builds to one of the earlier 5.0 builds. the issue would not have occurred. This is another reason to read the Release Notes.3 to version 5. otherwise it likely would not have been removed. For instance. While for most users the loss of this function may be inconsequential. when upgrading from 4. Supported Upgrade Paths for FortiOS 5. The upgrade path works in all other respects. changed a logging setting.2 Fortinet Technologies Inc.Sampling of issues Potential Issues assigned to individual FortiGate interfaces may be different. but for some users this function might be useful. When going from one of the 4. Oddly enough.8. Familiar features removed or changed While not an issue that will potentially stop the FortiGate from working. it just a case of having to go through the affected policies and change the setting. if the upgrade had gone all the way to 5. VDOM policies that also had IPS profiles had one of the  log setting change from logging all traffic to logging only UTM events. checking to verify that features commonly used in your environment will be there after the upgrade. 19 . in a very security conscious environment. The practical consequences of this could be seen in a situation where. You can use the get hardware nic <interface-name> command to view the virtual MAC address of each FortiGate interface. this issue will sometimes make it worthwhile to keep using an older version or delay upgrading. whether express or implied. only the specific performance metrics expressly identified in such binding written contract shall be binding on Fortinet. with a purchaser that expressly warrants that the identified product will perform according to certain expressly-identified performance metrics and. Inc. Fortinet®.and guarantees pursuant hereto. All other product or company names may be trademarks of their respective owners. Nothing herein represents any binding commitment by Fortinet. Network variables. and Fortinet disclaims all warranties. FortiGate®. . and other Fortinet names herein may also be registered and/or common law trademarks of Fortinet. Performance and other metrics contained herein were attained in internal lab tests under ideal conditions. signed by Fortinet’s General Counsel. and actual performance and other results may vary. FortiCare® and FortiGuard®. except to the extent Fortinet enters a binding written contract. whether express or implied. Fortinet disclaims in full any covenants. For absolute clarity. modify. different network environments and other conditions may affect performance results. any such warranty will be limited to performance in the same ideal conditions as in Fortinet’s internal lab tests. and certain other marks are registered trademarks of Fortinet. and the most current version of the publication shall be applicable. or otherwise revise this publication without notice. All rights reserved.Copyright© 2014 Fortinet.. representations. Inc. in such event. Fortinet reserves the right to change. transfer.