Fortinet black logo

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Special notes

Suggestions
  • HSM doesn't support TLS v1.3. If the HSM certificate is used in VS, the TLS v1.3 handshake will fail.
    Workaround: Uncheck the TLSv1.3 in the SSL profile if you're using the HSM certificate to avoid potential handshake failure.

  • The backup config file in versions 5.2.0-5.2.4/5.3.0-5.3.1 containing certificate config might not be restored properly (causing config to be lost). After upgrading to version 6.2.4, please discard the old 5.2.x/5.3.x config file and back up the config file in 6.2.4 again.
  • Keep the old SSL version predefined config to ensure a smooth upgrade.
  • Since the v4.7.x release, FortiADC has introduced a parameter called config-priotity for HA configuration. It allows you to determine which configuration the system uses when synchronizing the configuration between the HA nodes. Therefore, upon upgrading to FortiADC 4.7.x or higher, we strongly recommend that you use this option to manually set different HA configuration priority values on the HA nodes. Otherwise, you'll have no control over the system's primary-secondary configuration sync behavior.

    When the configuration priority values are identical on both nodes (whether by default or by configuration), the system uses the configuration of the appliance with the larger serial number to override that of the appliance with the smaller serial number. When the configuration priority values on the nodes are different, the configuration of the appliance with the lower configuration priority will prevail.

    The request-body-detection in the WAF web-attack-signature profile will be changed from "disable" to "enable" automatically after upgrading to FortiADC 5.4.0.

  • In version 6.2.0, the default mode of QAT SSL has been changed to polling.

  • To use the SRIOV feature, users must deploy a new VM.

  • Before downgrading from 6.1.4, ensure the new L7 TCP or L7 UDP application profiles are deleted or changed to a profile type that is supported in the downgrade version. Otherwise, this will cause the cmdb to crash.

  • After upgrading to 6.2.4, in HA environments where both nodes have been installed with certificate embedded licenses and are using FortiSandbox Cloud functions, you must reinstall the licenses. As the nodes would have been synchronized and overwritten during the upgrade, the certificates would not be recoverable. Reinstalling the certificate embedded licenses is required to ensure the certificate-related functions would work properly.

Special notes

Suggestions
  • HSM doesn't support TLS v1.3. If the HSM certificate is used in VS, the TLS v1.3 handshake will fail.
    Workaround: Uncheck the TLSv1.3 in the SSL profile if you're using the HSM certificate to avoid potential handshake failure.

  • The backup config file in versions 5.2.0-5.2.4/5.3.0-5.3.1 containing certificate config might not be restored properly (causing config to be lost). After upgrading to version 6.2.4, please discard the old 5.2.x/5.3.x config file and back up the config file in 6.2.4 again.
  • Keep the old SSL version predefined config to ensure a smooth upgrade.
  • Since the v4.7.x release, FortiADC has introduced a parameter called config-priotity for HA configuration. It allows you to determine which configuration the system uses when synchronizing the configuration between the HA nodes. Therefore, upon upgrading to FortiADC 4.7.x or higher, we strongly recommend that you use this option to manually set different HA configuration priority values on the HA nodes. Otherwise, you'll have no control over the system's primary-secondary configuration sync behavior.

    When the configuration priority values are identical on both nodes (whether by default or by configuration), the system uses the configuration of the appliance with the larger serial number to override that of the appliance with the smaller serial number. When the configuration priority values on the nodes are different, the configuration of the appliance with the lower configuration priority will prevail.

    The request-body-detection in the WAF web-attack-signature profile will be changed from "disable" to "enable" automatically after upgrading to FortiADC 5.4.0.

  • In version 6.2.0, the default mode of QAT SSL has been changed to polling.

  • To use the SRIOV feature, users must deploy a new VM.

  • Before downgrading from 6.1.4, ensure the new L7 TCP or L7 UDP application profiles are deleted or changed to a profile type that is supported in the downgrade version. Otherwise, this will cause the cmdb to crash.

  • After upgrading to 6.2.4, in HA environments where both nodes have been installed with certificate embedded licenses and are using FortiSandbox Cloud functions, you must reinstall the licenses. As the nodes would have been synchronized and overwritten during the upgrade, the certificates would not be recoverable. Reinstalling the certificate embedded licenses is required to ensure the certificate-related functions would work properly.