Fortinet black logo

Upgrade Guide

Home FortiAnalyzer 7.4.1 Upgrade Guide
7.4.1
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.9
5.2.7
5.2.6
5.2.5
5.2.4
5.2.3
5.2.2
5.0.13
5.0.12
5.0.11

Firmware Upgrade Paths

Firmware Upgrade Paths

The following table identifies the supported FortiAnalyzer upgrade paths and whether the upgrade requires a rebuild of the log database. If you need information about upgrading to FortiAnalyzer 6.4, 7.0, o 7.2 see the corresponding FortiAnalyzer Upgrade Guide.

As a best practice, it typically is recommended to upgrade to the latest patch version before upgrading to the next major version. For recommended upgrade paths from a specific version, see the Upgrade Path tool on the support site.

Before upgrading your device, see details in the applicable FortiAnalyzer Release Notes.

Initial Version

Upgrade to

Log Database Rebuild

7.4.0

7.4.1

No

7.2.0 or later

Latest 7.2 version, then to 7.4.1

No

7.0.0 or later

Latest 7.2 version

No

6.4.0 or later

Latest 7.0 version

No

6.2.0 or later

Latest 6.4 version

Yes if upgrading from a previous maintenance release

FortiGate units with logdisk buffer log data while FortiAnalyzer units are rebooting. In most cases, the buffer is enough to cover the time needed for FortiAnalyzer to reboot. However, Fortinet still recommends configuring multiple log destinations to ensure no logs are lost.

Fortinet Security Fabric

If you are upgrading the firmware for a FortiAnalyzer unit that is part of a FortiOS Security Fabric, be aware of how the FortiOS Security Fabric upgrade affects the FortiAnalyzer upgrade. You must upgrade the products in the Security Fabric in a specific order. For example, you must upgrade FortiAnalyzer to 7.0.0 or later before you upgrade FortiOS to 7.0.0 or later.

PostgreSQL database upgrade

FortiAnalyzer 7.4.1 includes an upgrade of the PostgreSQL database. Upon upgrading to FortiAnalyzer 7.4.1, by default analytical features, such as Log View, FortiView, Reports, and Event Management are unavailable until the PostgreSQL database finishes upgrading. During this time, FortiAnalyzer will continue to receive new logs, but they will not be inserted into the PostgreSQL database. PostgreSQL database upgrade times depend on the number of ADOM configured and the analytical log volume. Some sample upgrade times are shown below.

Model Number of ADOMs Analytical Data Size DB Upgrade Time
FAZ-3700F 1200 5TB one hour
FAZ-3500G 100 1TB 15 minutes
FAZ-3000F 1 12TB 10 minutes

For customers who prefer to not wait for accessing the analytical features, such as Log View, FortiView, Reports, and Event Management, for new logs, they can execute a SQL. This command can take a long time to complete depending on the amount of data.

FAZVM64 # exec sql-local rebuild-db

Rebuild the entire log SQL database has been requested.

This operation will remove the log SQL database and rebuild from log data.

This operation will reboot the device.

Do you want to continue? (y/n)

Previous
Next

Firmware Upgrade Paths

The following table identifies the supported FortiAnalyzer upgrade paths and whether the upgrade requires a rebuild of the log database. If you need information about upgrading to FortiAnalyzer 6.4, 7.0, o 7.2 see the corresponding FortiAnalyzer Upgrade Guide.

As a best practice, it typically is recommended to upgrade to the latest patch version before upgrading to the next major version. For recommended upgrade paths from a specific version, see the Upgrade Path tool on the support site.

Before upgrading your device, see details in the applicable FortiAnalyzer Release Notes.

Initial Version

Upgrade to

Log Database Rebuild

7.4.0

7.4.1

No

7.2.0 or later

Latest 7.2 version, then to 7.4.1

No

7.0.0 or later

Latest 7.2 version

No

6.4.0 or later

Latest 7.0 version

No

6.2.0 or later

Latest 6.4 version

Yes if upgrading from a previous maintenance release

FortiGate units with logdisk buffer log data while FortiAnalyzer units are rebooting. In most cases, the buffer is enough to cover the time needed for FortiAnalyzer to reboot. However, Fortinet still recommends configuring multiple log destinations to ensure no logs are lost.

Fortinet Security Fabric

If you are upgrading the firmware for a FortiAnalyzer unit that is part of a FortiOS Security Fabric, be aware of how the FortiOS Security Fabric upgrade affects the FortiAnalyzer upgrade. You must upgrade the products in the Security Fabric in a specific order. For example, you must upgrade FortiAnalyzer to 7.0.0 or later before you upgrade FortiOS to 7.0.0 or later.

PostgreSQL database upgrade

FortiAnalyzer 7.4.1 includes an upgrade of the PostgreSQL database. Upon upgrading to FortiAnalyzer 7.4.1, by default analytical features, such as Log View, FortiView, Reports, and Event Management are unavailable until the PostgreSQL database finishes upgrading. During this time, FortiAnalyzer will continue to receive new logs, but they will not be inserted into the PostgreSQL database. PostgreSQL database upgrade times depend on the number of ADOM configured and the analytical log volume. Some sample upgrade times are shown below.

Model Number of ADOMs Analytical Data Size DB Upgrade Time
FAZ-3700F 1200 5TB one hour
FAZ-3500G 100 1TB 15 minutes
FAZ-3000F 1 12TB 10 minutes

For customers who prefer to not wait for accessing the analytical features, such as Log View, FortiView, Reports, and Event Management, for new logs, they can execute a SQL. This command can take a long time to complete depending on the amount of data.

FAZVM64 # exec sql-local rebuild-db

Rebuild the entire log SQL database has been requested.

This operation will remove the log SQL database and rebuild from log data.

This operation will reboot the device.

Do you want to continue? (y/n)

Previous
Next