Fortinet black logo

Release Notes

6.5.2
6.6.1
6.6.0
6.5.4
6.5.3
6.5.2
6.5.1
6.5.0
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.3.4
6.3.3
6.3.2
6.3.1
6.3.0
6.2.2
6.2.1
6.2.0
6.1.3
6.1.2
6.1.1
6.1.0
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.5.0
5.4.1
5.4.0
5.3.1
5.3.0
5.2.2
5.2.1
5.2.0
5.1.2
5.1.1
5.1.0
5.0.0
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.1
4.2.0

Upgrading from 4.x/5.x/6.x

Upgrading from 4.x/5.x/6.x

FortiAuthenticator 6.5.2 build 1329 officially supports upgrades from previous versions by following these supported FortiAuthenticator upgrade paths:

  • If currently running FortiAuthenticator 6.0.5 or older, first upgrade to 6.0.7, then upgrade to 6.5.2, else the following message will be displayed: Image validation failed: The firmware image model number is different from the appliance's.

  • If currently running FortiAuthenticator 6.0.7, then upgrade to 6.5.2 directly.

  • If currently running FortiAuthenticator between 6.1.0 and 6.2.0, first upgrade to 6.3.3, then upgrade to 6.5.2.

  • If currently running FortiAuthenticator 6.2.1 or later, then upgrade to 6.5.2 directly.

Note

When upgrading existing KVM and Xen virtual machines to FortiAuthenticator 6.5.2 from FortiAuthenticator 6.0.7, you must first increase the size of the virtual hard disk drive containing the operating system image (not applicable for AWS & OCI Cloud Marketplace upgrades). See Upgrading KVM / Xen virtual machines.

Upgrade to and from FortiAuthenticator 6.0.6 is not recommended.

Ensure the hypervisor provides at least 4GB of memory to the FortiAuthenticator-VM.

Firmware upgrade process

First, back up your configuration, then follow the procedure below to upgrade the firmware.

Before you can install FortiAuthenticator firmware, you must download the firmware image from the FortiCloud, then upload it from your computer to the FortiAuthenticator unit.

  1. Log in to the FortiCloud. In the Support > Download section of the page, select the Firmware Download link to download the firmware.
  2. To verify the integrity of the download, go back to the Download section of the login page and click the Firmware Image Checksum link.
  3. Log in to the FortiAuthenticator unit’s web-based manager using the admin administrator account.
  4. Upload the firmware and begin the upgrade.
    When upgrading from FortiAuthenticator 6.0.4 and earlier:
    1. Go to System > Dashboard > Status.
    2. In the System Information widget, in the Firmware Version row, select Upgrade. The Firmware Upgrade or Downgrade dialog box opens.
    3. In the Firmware section, select Choose File, and locate the upgrade package that you downloaded.
    When upgrading from FortiAuthenticator 6.1.0 or later.
    1. Click on the administrator name in the upper-right corner of the GUI to display the dropdown menu, and click Upgrade.
    2. In the Firmware Upgrade or Downgrade section, select Upload a file, and locate the upgrade package that you downloaded.
  5. Select OK to upload the file to the FortiAuthenticator.

    Your browser uploads the firmware file. The time required varies by the size of the file and the speed of your network connection. When the file transfer is complete, the following message is shown:

    Fortinet recommends to save a copy of the current configuration before proceeding with firmware upgrade.

    It is recommended that a system backup is taken at this point. Once complete, click Start Upgrade.

    Wait until the unpacking, upgrade, and reboot process completes (usually 3-5 minutes), then refresh the page.

Tooltip

Due to a known issue in 6.0.x and earlier releases, the port5 and port6 fiber ports are inverted in the GUI for FAC-3000E models (i.e. port5 in the GUI corresponds to the physical port6 and vice-versa).

This is resolved in 6.1.0 and later, however, the upgrade process does not swap these configurations automatically. If these ports are used in your configuration during the upgrade from 6.0.x to 6.1.0 and later, you will need to physically swap the port5 and port6 fibers to avoid inverting your connections following the upgrade.

Upgrading KVM / Xen virtual machines

When upgrading existing KVM and Xen virtual machines from FortiAuthenticator 6.0.7 to 6.5.2, it is necessary to manually increase the size of the virtual hard disk drive which contains the operating system image before starting the upgrade. This requires file system write-access to the virtual machine disk drives, and must be performed while the virtual machines are in an offline state, fully powered down.

Note

If your virtual machine has snapshots, the resize commands detailed below will exit with an error. You must delete the snapshots in order to perform this resize operation. Please make a separate copy of the virtual disk drives before deleting snapshots to ensure you have the ability to rollback.
Use the following command to run the resize on KVM:

qemu-img resize /path/to/fackvm.qcow2 1G

Use the following command to run the resize on Xen:

qemu-img resize /path/to/facxen.qcow2 1G

After this command has been completed, you may proceed with the upgrade from 6.0.7 to 6.5.2

Recovering improperly upgraded KVM / Xen virtual machines

If the upgrade was performed without completing the resize operation above, the virtual machine will fail to properly boot, instead displaying many initd error messages. If no snapshots are available, manual recovery is necessary.

To recover your virtual machine, you will need to replace the operating system disk with a good copy, which also requires write-access to the virtual hard disks in the file system while the virtual machines are in an offline state, fully powered down.

To recover an improperly upgraded KVM virtual machine:
  1. Download the 6.0.7 GA ZIP archive for KVM, FAC_VM_KVM-v6-build0059-FORTINET.out.kvm.zip.
  2. Extract the archive, then replace your virtual machine's fackvm.qcow2 with the one from the archive.
  3. Execute the following command:
    qemu-img resize /path/to/fackvm.qcow2 1G
To recover an improperly upgraded Xen virtual machine:
  1. Download the 6.0.7 GA ZIP archive for Xen, FAC_VM_XEN-v6-build0059-FORTINET.out.xen.zip.
  2. Extract the archive, then replace your virtual machine's facxen.qcow2 with the one from the archive.
  3. Execute the following command:
    qemu-img resize /path/to/facxen.qcow2 1G
Previous
Next

Upgrading from 4.x/5.x/6.x

FortiAuthenticator 6.5.2 build 1329 officially supports upgrades from previous versions by following these supported FortiAuthenticator upgrade paths:

  • If currently running FortiAuthenticator 6.0.5 or older, first upgrade to 6.0.7, then upgrade to 6.5.2, else the following message will be displayed: Image validation failed: The firmware image model number is different from the appliance's.

  • If currently running FortiAuthenticator 6.0.7, then upgrade to 6.5.2 directly.

  • If currently running FortiAuthenticator between 6.1.0 and 6.2.0, first upgrade to 6.3.3, then upgrade to 6.5.2.

  • If currently running FortiAuthenticator 6.2.1 or later, then upgrade to 6.5.2 directly.

Note

When upgrading existing KVM and Xen virtual machines to FortiAuthenticator 6.5.2 from FortiAuthenticator 6.0.7, you must first increase the size of the virtual hard disk drive containing the operating system image (not applicable for AWS & OCI Cloud Marketplace upgrades). See Upgrading KVM / Xen virtual machines.

Upgrade to and from FortiAuthenticator 6.0.6 is not recommended.

Ensure the hypervisor provides at least 4GB of memory to the FortiAuthenticator-VM.

Firmware upgrade process

First, back up your configuration, then follow the procedure below to upgrade the firmware.

Before you can install FortiAuthenticator firmware, you must download the firmware image from the FortiCloud, then upload it from your computer to the FortiAuthenticator unit.

  1. Log in to the FortiCloud. In the Support > Download section of the page, select the Firmware Download link to download the firmware.
  2. To verify the integrity of the download, go back to the Download section of the login page and click the Firmware Image Checksum link.
  3. Log in to the FortiAuthenticator unit’s web-based manager using the admin administrator account.
  4. Upload the firmware and begin the upgrade.
    When upgrading from FortiAuthenticator 6.0.4 and earlier:
    1. Go to System > Dashboard > Status.
    2. In the System Information widget, in the Firmware Version row, select Upgrade. The Firmware Upgrade or Downgrade dialog box opens.
    3. In the Firmware section, select Choose File, and locate the upgrade package that you downloaded.
    When upgrading from FortiAuthenticator 6.1.0 or later.
    1. Click on the administrator name in the upper-right corner of the GUI to display the dropdown menu, and click Upgrade.
    2. In the Firmware Upgrade or Downgrade section, select Upload a file, and locate the upgrade package that you downloaded.
  5. Select OK to upload the file to the FortiAuthenticator.

    Your browser uploads the firmware file. The time required varies by the size of the file and the speed of your network connection. When the file transfer is complete, the following message is shown:

    Fortinet recommends to save a copy of the current configuration before proceeding with firmware upgrade.

    It is recommended that a system backup is taken at this point. Once complete, click Start Upgrade.

    Wait until the unpacking, upgrade, and reboot process completes (usually 3-5 minutes), then refresh the page.

Tooltip

Due to a known issue in 6.0.x and earlier releases, the port5 and port6 fiber ports are inverted in the GUI for FAC-3000E models (i.e. port5 in the GUI corresponds to the physical port6 and vice-versa).

This is resolved in 6.1.0 and later, however, the upgrade process does not swap these configurations automatically. If these ports are used in your configuration during the upgrade from 6.0.x to 6.1.0 and later, you will need to physically swap the port5 and port6 fibers to avoid inverting your connections following the upgrade.

Upgrading KVM / Xen virtual machines

When upgrading existing KVM and Xen virtual machines from FortiAuthenticator 6.0.7 to 6.5.2, it is necessary to manually increase the size of the virtual hard disk drive which contains the operating system image before starting the upgrade. This requires file system write-access to the virtual machine disk drives, and must be performed while the virtual machines are in an offline state, fully powered down.

Note

If your virtual machine has snapshots, the resize commands detailed below will exit with an error. You must delete the snapshots in order to perform this resize operation. Please make a separate copy of the virtual disk drives before deleting snapshots to ensure you have the ability to rollback.
Use the following command to run the resize on KVM:

qemu-img resize /path/to/fackvm.qcow2 1G

Use the following command to run the resize on Xen:

qemu-img resize /path/to/facxen.qcow2 1G

After this command has been completed, you may proceed with the upgrade from 6.0.7 to 6.5.2

Recovering improperly upgraded KVM / Xen virtual machines

If the upgrade was performed without completing the resize operation above, the virtual machine will fail to properly boot, instead displaying many initd error messages. If no snapshots are available, manual recovery is necessary.

To recover your virtual machine, you will need to replace the operating system disk with a good copy, which also requires write-access to the virtual hard disks in the file system while the virtual machines are in an offline state, fully powered down.

To recover an improperly upgraded KVM virtual machine:
  1. Download the 6.0.7 GA ZIP archive for KVM, FAC_VM_KVM-v6-build0059-FORTINET.out.kvm.zip.
  2. Extract the archive, then replace your virtual machine's fackvm.qcow2 with the one from the archive.
  3. Execute the following command:
    qemu-img resize /path/to/fackvm.qcow2 1G
To recover an improperly upgraded Xen virtual machine:
  1. Download the 6.0.7 GA ZIP archive for Xen, FAC_VM_XEN-v6-build0059-FORTINET.out.xen.zip.
  2. Extract the archive, then replace your virtual machine's facxen.qcow2 with the one from the archive.
  3. Execute the following command:
    qemu-img resize /path/to/facxen.qcow2 1G
Previous
Next