Last updated: 06.06.2024 / Von diesem Artikel ist auch eine deutsche Version verfügbar.
The answer: the one which is most suitable for your usecase.
Our answer could be summarized as simply as that. There is no version that we can always recommend. In addition, the FortiOS software is subject to constant further development. Therefore, we have gathered some facts that we consider important when selecting the appropriate FortiOS version. Whether it is a simple upgrade or a new installation, those decisions must be made.
Note on the side: Fortinet now maintains a list with the recommended release for each hardware platform. This list can be found in this KB article.
Decision 1: Which version do I want to use?
This is a question that has to be answered very individually. Many factors have an influence here. Often the following points are very decisive to answer this question:
- Do I want to use a new version or an already established version?
- Older versions usually have many bugs patched and therefore run very stable.
- New versions usually have more improvements and features implemented, but these can sometimes bring new limitations.
- Does a new version have new features that were not available before?
- Which version do I already have in use on other systems?
- Which version can I manage confidently and handle my everyday tasks with the least effort?
Decision 2: What FortiGate hardware is in use? Is the desired version an NPI build?
Which FortiGate hardware is in use: For completely new series, it is possible that not all FortiOS versions are available or certain versions are still offered as NPI builds. NPI builds are “New Product Integration” releases and are explicitly programmed for the new hardware. They are also called “special build” releases. These releases usually contain new drivers or other components for the new hardware, which have not yet been integrated into the main branch. These builds are not equally stable and are not programmed for every FortiOS version. The NPI builds can be recognized by the build number, which differs from the standard build number of the respective release.
Decision 3: Is it a brand new software version?
The first four releases of a new FortiOS are so called “New Feature Releases”. In these releases new features are implemented, accordingly they are less extensively tested as in older versions or the configuration changes during the upgrade. Example for New Feature Releases: Versions 7.0.0, 7.0.1, 7.0.2 and 7.0.3. For this reason, we only recommend these to a limited extent for productive environments.
Depending on the state of development, caution is still required for further versions. But to check this more precisely for your usecase, we move on to decision number 4.
Starting with FortiOS 7.2, all releases are classified into Feature and Mature releases. A release that contains new features also brings with it a greater chance of new bugs. Therefore, these releases are less suitable for use on production systems. Mature releases, on the other hand, contain more bug fixes and rather fewer new features and are therefore also to be regarded as more stable. The classification of whether a release is a feature or a mature release is made by Fortinet.
When you download a FortiOS firmware, there is the maturity level marked in the firmware filename right after the FortiOS version. As example:
FGT_3500F-v7.2.1.F-build1254-FORTINET.out
Decision 4: Do the release notes agree with me?
If a desired release is found, be sure to check the release notes and read them carefully. Maybe a mandatory feature is affected by a bug and therefore this version is not recommended. They also contain information about changes that may affect the behavior of the Firwall (Sections: Changes in CLI, Changes in GUI behavior, Changes in default behavior or Changes in table size).
CAUTION: For example, a new limitation has been implemented in FortiOS 7.4.4. FortiOS 7.4.4 and higher no longer supports proxy-based inspection on models with 2GB memory or less.
The Release Notes can be found here.
Decision 5: What are the support terms of the desired version?
Older software versions are no longer patched or supported after a certain period of time. The exact dates such as the “End of Engineering” date (no further development) or the “End of Support” date (no more support) can be found in Fortinet’s product lifecycle information. This KB Article describes, how to query the product lifecycle information.
Decision 6: The upgrade path must be followed
If it is an update, the upgrade path from the old to the new version must support a direct update. Otherwise, one or more intermediate steps must be taken. The correct upgrade path can be queried on this page.
Hello,
Regarding decision 3. You meant 7.0.4 right and not 7.4 ?
Also Where can I find this information before installing the software. I have just downloaded 7.0.6 to try it and see after installation in the GUI that this release is marked as feature.
Dear Mickael
Thank you for your comment on our blog.
Actually it is neither FortiOS 7.0.4 nor FortiOS 7.4. It is FortiOS 7.2. I have corrected this in the blog post and also linked the “What’s new” article to this topic.
Thank you very much for the feedback.
Best regards,
BOLL Engineering Tech Team