Fortinet black logo

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Upgrade Information

Upgrading to FortiManager 5.6.11

You can upgrade FortiManager 5.4.0 or later directly to 5.6.11. If you are upgrading from versions earlier than 5.4.x, you should upgrade to the latest patch version of FortiManager 5.4 first.

note icon

When upgrading from FortiManager 5.4 or 5.6.0 to 5.6.1, it is required to run the following CLI for proper rendering of GUI pages:

diagnose cdb upgrade force-retry resync-dbcache

note icon

When upgrading from FMG 5.2, an Import Policy Package should be performed on all FortiGates using Local-In-Polices. As of FMG 5.4, these are handled in Policies & Objects.

note icon

During upgrade from 5.2.4 or earlier, invalid dynamic mappings and duplicate package settings are removed from the ADOM database. Please allow sufficient time for the upgrade to complete.

note icon

For details about upgrading your FortiManager device, see the FortiManager Upgrade Guide.

Upgrading from 5.2.x

Starting with FortiManager 5.4.0, you can create a maximum number of Global and ADOM objects for each object category, and the maximum is enforced. The maximum numbers are high and unlikely to be met. The purpose of the maximum is to help avoid excessive database sizes, which can impact performance.

During upgrade from FortiManager 5.2.x to 5.4.x to 5.6.11, objects are preserved, even if the 5.2 ADOM contains more than the maximum number of allowed objects. If you have met the maximum number of allowed objects, you cannot add additional objects after upgrading to FortiManager 5.6.11.

Following are examples of object limits:

  • Firewall service custom: 8192 objects
  • Firewall service group: 2000 objects

If you have reached the maximum number of allowed objects, you can reduce the number of objects by deleting duplicate or obsolete objects from the ADOM.

You can also reach the maximum number of allowed objects if you have multiple FortiGate/VDOMs in the same ADOM. You can reduce the number of objects by moving the FortiGates/VDOMs into different ADOMs.

Downgrading to previous firmware versions

FortiManager does not provide a full downgrade path. You can downgrade to a previous firmware release via the GUI or CLI, but doing so results in configuration loss. A system reset is required after the firmware downgrading process has completed. To reset the system, use the following CLI commands via a console port connection:

execute reset {all-settings | all-except-ip}

execute format {disk | disk-ext4 | disk-ext3}

FortiManager VM firmware

Fortinet provides FortiManager VM firmware images for Amazon AWS, Citrix and Open Source XenServer, Linux KVM, Microsoft Hyper-V Server, and VMware ESX/ESXi virtualization environments.

Amazon Web Services
  • The 64-bit Amazon Machine Image (AMI) is available on the AWS marketplace.
Citrix XenServer and Open Source XenServer
  • .out: Download the 64-bit firmware image to upgrade your existing FortiManager VM installation.
  • .out.OpenXen.zip: Download the 64-bit package for a new FortiAnalyzer VM installation. This package contains the QCOW2 file for the Open Source Xen Server.
  • .out.CitrixXen.zip: Download the 64-bit package for a new FortiManager VM installation. This package contains the Citrix XenServer Virtual Appliance (XVA), Virtual Hard Disk (VHD), and OVF files.
Google GCP
  • .out: Download the 64-bit firmware image to upgrade your existing FortiManager VM installation.
  • .out.gcp.zip: Download the 64-bit package for a new FortiManager VM installation.
Linux KVM
  • .out: Download the 64-bit firmware image to upgrade your existing FortiManager VM installation.
  • .out.kvm.zip: Download the 64-bit package for a new FortiManager VM installation. This package contains QCOW2 that can be used by qemu.
Microsoft Azure

The files for Microsoft Azure have AZURE in the filenames, for example FMG_VM64_AZURE-v<number>-build<number>-FORTINET.out.hyperv.zip.

  • .out: Download the firmware image to upgrade your existing FortiManager VM installation.
  • .hyperv.zip: Download the package for a new FortiManager VM installation. This package contains a Virtual Hard Disk (VHD) file for Microsoft Azure.
Microsoft Hyper-V Server

The files for Microsoft Hyper-V Server have HV in the filenames, for example, FMG_VM64_HV-v<number>-build<number>-FORTINET.out.hyperv.zip.

  • .out: Download the firmware image to upgrade your existing FortiManager VM installation.
  • .hyperv.zip: Download the package for a new FortiManager VM installation. This package contains a Virtual Hard Disk (VHD) file for Microsoft Hyper-V Server.
note icon

Microsoft Hyper-V 2016 is supported.

VMware ESX/ESXi
  • .out: Download the 64-bit firmware image to upgrade your existing VM installation.
  • .ovf.zip: Download either the 64-bit package for a new VM installation. This package contains an Open Virtualization Format (OVF) file for VMware and two Virtual Machine Disk Format (VMDK) files used by the OVF file during deployment.
note icon

For more information see the FortiManager product data sheet available on the Fortinet web site, http://www.fortinet.com/products/fortimanager/virtualappliances.html. VM installation guides are available in the Fortinet Document Library.

Firmware image checksums

The MD5 checksums for all Fortinet software and firmware releases are available at the Customer Service & Support portal, https://support.fortinet.com. After logging in select Download > Firmware Image Checksums, enter the image file name including the extension, and select Get Checksum Code.

SNMP MIB files

You can download the FORTINET-FORTIMANAGER-FORTIANALYZER.mib MIB file in the firmware image file folder. The Fortinet Core MIB file is located in the main FortiManager version 5.00 file folder.

Upgrade Information

Upgrading to FortiManager 5.6.11

You can upgrade FortiManager 5.4.0 or later directly to 5.6.11. If you are upgrading from versions earlier than 5.4.x, you should upgrade to the latest patch version of FortiManager 5.4 first.

note icon

When upgrading from FortiManager 5.4 or 5.6.0 to 5.6.1, it is required to run the following CLI for proper rendering of GUI pages:

diagnose cdb upgrade force-retry resync-dbcache

note icon

When upgrading from FMG 5.2, an Import Policy Package should be performed on all FortiGates using Local-In-Polices. As of FMG 5.4, these are handled in Policies & Objects.

note icon

During upgrade from 5.2.4 or earlier, invalid dynamic mappings and duplicate package settings are removed from the ADOM database. Please allow sufficient time for the upgrade to complete.

note icon

For details about upgrading your FortiManager device, see the FortiManager Upgrade Guide.

Upgrading from 5.2.x

Starting with FortiManager 5.4.0, you can create a maximum number of Global and ADOM objects for each object category, and the maximum is enforced. The maximum numbers are high and unlikely to be met. The purpose of the maximum is to help avoid excessive database sizes, which can impact performance.

During upgrade from FortiManager 5.2.x to 5.4.x to 5.6.11, objects are preserved, even if the 5.2 ADOM contains more than the maximum number of allowed objects. If you have met the maximum number of allowed objects, you cannot add additional objects after upgrading to FortiManager 5.6.11.

Following are examples of object limits:

  • Firewall service custom: 8192 objects
  • Firewall service group: 2000 objects

If you have reached the maximum number of allowed objects, you can reduce the number of objects by deleting duplicate or obsolete objects from the ADOM.

You can also reach the maximum number of allowed objects if you have multiple FortiGate/VDOMs in the same ADOM. You can reduce the number of objects by moving the FortiGates/VDOMs into different ADOMs.

Downgrading to previous firmware versions

FortiManager does not provide a full downgrade path. You can downgrade to a previous firmware release via the GUI or CLI, but doing so results in configuration loss. A system reset is required after the firmware downgrading process has completed. To reset the system, use the following CLI commands via a console port connection:

execute reset {all-settings | all-except-ip}

execute format {disk | disk-ext4 | disk-ext3}

FortiManager VM firmware

Fortinet provides FortiManager VM firmware images for Amazon AWS, Citrix and Open Source XenServer, Linux KVM, Microsoft Hyper-V Server, and VMware ESX/ESXi virtualization environments.

Amazon Web Services
  • The 64-bit Amazon Machine Image (AMI) is available on the AWS marketplace.
Citrix XenServer and Open Source XenServer
  • .out: Download the 64-bit firmware image to upgrade your existing FortiManager VM installation.
  • .out.OpenXen.zip: Download the 64-bit package for a new FortiAnalyzer VM installation. This package contains the QCOW2 file for the Open Source Xen Server.
  • .out.CitrixXen.zip: Download the 64-bit package for a new FortiManager VM installation. This package contains the Citrix XenServer Virtual Appliance (XVA), Virtual Hard Disk (VHD), and OVF files.
Google GCP
  • .out: Download the 64-bit firmware image to upgrade your existing FortiManager VM installation.
  • .out.gcp.zip: Download the 64-bit package for a new FortiManager VM installation.
Linux KVM
  • .out: Download the 64-bit firmware image to upgrade your existing FortiManager VM installation.
  • .out.kvm.zip: Download the 64-bit package for a new FortiManager VM installation. This package contains QCOW2 that can be used by qemu.
Microsoft Azure

The files for Microsoft Azure have AZURE in the filenames, for example FMG_VM64_AZURE-v<number>-build<number>-FORTINET.out.hyperv.zip.

  • .out: Download the firmware image to upgrade your existing FortiManager VM installation.
  • .hyperv.zip: Download the package for a new FortiManager VM installation. This package contains a Virtual Hard Disk (VHD) file for Microsoft Azure.
Microsoft Hyper-V Server

The files for Microsoft Hyper-V Server have HV in the filenames, for example, FMG_VM64_HV-v<number>-build<number>-FORTINET.out.hyperv.zip.

  • .out: Download the firmware image to upgrade your existing FortiManager VM installation.
  • .hyperv.zip: Download the package for a new FortiManager VM installation. This package contains a Virtual Hard Disk (VHD) file for Microsoft Hyper-V Server.
note icon

Microsoft Hyper-V 2016 is supported.

VMware ESX/ESXi
  • .out: Download the 64-bit firmware image to upgrade your existing VM installation.
  • .ovf.zip: Download either the 64-bit package for a new VM installation. This package contains an Open Virtualization Format (OVF) file for VMware and two Virtual Machine Disk Format (VMDK) files used by the OVF file during deployment.
note icon

For more information see the FortiManager product data sheet available on the Fortinet web site, http://www.fortinet.com/products/fortimanager/virtualappliances.html. VM installation guides are available in the Fortinet Document Library.

Firmware image checksums

The MD5 checksums for all Fortinet software and firmware releases are available at the Customer Service & Support portal, https://support.fortinet.com. After logging in select Download > Firmware Image Checksums, enter the image file name including the extension, and select Get Checksum Code.

SNMP MIB files

You can download the FORTINET-FORTIMANAGER-FORTIANALYZER.mib MIB file in the firmware image file folder. The Fortinet Core MIB file is located in the main FortiManager version 5.00 file folder.