Fortinet black logo

Special notes

Special notes

Suggestions
  • HSM doesn't support TLS v1.3. If the HSM certificate is used in VS, the TLS v1.3 handshake will fail.
    Workaround: Uncheck the TLSv1.3 in the SSL profile if you're using the HSM certificate to avoid potential handshake failure.

  • The backup config file in versions 5.2.0-5.2.4/5.3.0-5.3.1 containing certificate config might not be restored properly (causing config to be lost). After upgrading to version 6.1.5, please discard the old 5.2.x/5.3.x config file and back up the config file in 6.1.5 again.
  • Keep the old SSL version predefined config to ensure a smooth upgrade.
  • HSM does not support TLSv1.3. If the HSM certificate is used in VS, the TLSv1.3 handshake will fail.

    Workaround: Uncheck the TLSv1.3 in the SSL profile if you are using the HSM certificate to avoid potential handshake failure.

  • Since the v4.7.x release, FortiADC has introduced a parameter called config-priotity for HA configuration. It allows you to determine which configuration the system uses when synchronizing the configuration between the HA nodes. Therefore, upon upgrading to FortiADC 4.7.x or higher, we strongly recommend that you use this option to manually set different HA configuration priority values on the HA nodes. Otherwise, you'll have no control over the system's primary-secondary configuration sync behavior.

    When the configuration priority values are identical on both nodes (whether by default or by configuration), the system uses the configuration of the appliance with the larger serial number to override that of the appliance with the smaller serial number. When the configuration priority values on the nodes are different, the configuration of the appliance with the lower configuration priority will prevail.

    The request-body-detection in the WAF web-attack-signature profile will be changed from "disable" to "enable" automatically after upgrading to FortiADC 5.4.0.

  • Before downgrading from version 6.1.4, ensure the new L7 TCP or L7 UDP application profiles are deleted or changed to a profile type that is supported in the downgrade version. Otherwise, this will cause the cmdb to crash.

Special notes

Suggestions
  • HSM doesn't support TLS v1.3. If the HSM certificate is used in VS, the TLS v1.3 handshake will fail.
    Workaround: Uncheck the TLSv1.3 in the SSL profile if you're using the HSM certificate to avoid potential handshake failure.

  • The backup config file in versions 5.2.0-5.2.4/5.3.0-5.3.1 containing certificate config might not be restored properly (causing config to be lost). After upgrading to version 6.1.5, please discard the old 5.2.x/5.3.x config file and back up the config file in 6.1.5 again.
  • Keep the old SSL version predefined config to ensure a smooth upgrade.
  • HSM does not support TLSv1.3. If the HSM certificate is used in VS, the TLSv1.3 handshake will fail.

    Workaround: Uncheck the TLSv1.3 in the SSL profile if you are using the HSM certificate to avoid potential handshake failure.

  • Since the v4.7.x release, FortiADC has introduced a parameter called config-priotity for HA configuration. It allows you to determine which configuration the system uses when synchronizing the configuration between the HA nodes. Therefore, upon upgrading to FortiADC 4.7.x or higher, we strongly recommend that you use this option to manually set different HA configuration priority values on the HA nodes. Otherwise, you'll have no control over the system's primary-secondary configuration sync behavior.

    When the configuration priority values are identical on both nodes (whether by default or by configuration), the system uses the configuration of the appliance with the larger serial number to override that of the appliance with the smaller serial number. When the configuration priority values on the nodes are different, the configuration of the appliance with the lower configuration priority will prevail.

    The request-body-detection in the WAF web-attack-signature profile will be changed from "disable" to "enable" automatically after upgrading to FortiADC 5.4.0.

  • Before downgrading from version 6.1.4, ensure the new L7 TCP or L7 UDP application profiles are deleted or changed to a profile type that is supported in the downgrade version. Otherwise, this will cause the cmdb to crash.