Each ADOM is associated with a specific firmware version, based on the firmware version of the devices that are in that ADOM. This version is selected when creating a new ADOM. See Creating ADOMs.
ADOM version N can manage devices with firmware version N. For example, ADOM version 6.4 can manage devices with firmware version 6.4.
When upgrading firmware for managed devices, ADOM version N can tolerate to manage devices with firmware version N+1. This is sometimes called mixed mode or migration mode. For example, ADOM version 6.2 can manage devices with firmware 6.2 and 6.4. This lets you continue to manage an ADOM as normal while upgrading the devices within that ADOM. You can only update the ADOM version from N to N+1 after all of the devices within the ADOM have been updated to firmware version N+1.
When adding a new FortiGate unit to an ADOM, the FortiGate unit should have the same FortiOS version as the ADOM.
You can use this feature to facilitate upgrading managed devices to new firmware. It is not recommended to permanently leave the ADOM with devices that contain a mix of firmware versions because of restrictions.
For example, you cannot use features from the higher firmware version, such as templates that reference syntax from the higher version. You also cannot import policies from devices that are running higher firmware versions than the ADOM version.
However installation to devices running higher firmware versions is supported.
For a complete list of supported devices and firmware versions, see the FortiManager Release Notes.
The general steps for upgrading an ADOM containing multiple devices running FortiOS 6.2 from 6.2 to 6.4 are as follows:
- In the ADOM, upgrade one of the FortiGate units to FortiOS 6.4, and then resynchronize the device. See Firmware for more information.
All of the ADOM objects, including Policy Packages, remain as 6.2 objects.
- Upgrade the rest of the FortiGate units in the ADOM to FortiOS 6.4.
- Upgrade the ADOM to 6.4. See Upgrading an ADOM for more information.
All of the database objects will be converted to 6.4 format, and the GUI content for the ADOM will change to reflect 6.4 features and behavior.
An ADOM can only be upgraded after all the devices within the ADOM have been upgraded.