This section highlights some of the operational changes that administrators should be aware of in 7.0.0.
Starting in FortiManager 7.0.0, firmware templates should be used to schedule firmware upgrades on managed FortiGates. Attempting firmware upgrade from the FortiManager GUI by using legacy methods may ignore the schedule upgrade option and result in FortiGates being upgraded immediately.
Currently, there is no ADOM upgrade option for ADOM version 6.4 to move to version 7.0. In order to manage FortiGates running 7.0, please add the devices to a 7.0 ADOM.
Due to design change with SD-WAN Template, upgrading to FortiManager 7.0 may be unable to maintain dynamic mappings for all SD-WAN interface members. Please reconfigure all the missing interface mappings after upgrade.
Citrix XenServer limits ramdisk to 128M by default. However the FMG-VM64-XEN image is larger than 128M. Before updating to FortiManager 6.4, increase the size of the ramdisk setting on Citrix XenServer.
- On Citrix XenServer, run the following command:
xenstore-write /mh/limits/pv-ramdisk-max-size 536,870,912
- Confirm the setting is in effect by running
limits = ""
pv-kernel-max-size = "33554432"
pv-ramdisk-max-size = "536,870,912"
boot-time = ""
- Remove the pending files left in
The ramdisk setting returns to the default value after rebooting.
Prior to using the FortiManager to push a multi-step firmware upgrade, confirm the upgrade path matches the path outlined on our support site. To confirm the path, please run:
dia fwmanager show-dev-upgrade-path <device name> <target firmware>
Alternatively, you can push one firmware step at a time.
A Hyper-V FMG-VM running on a PC with an AMD CPU may experience a kernel panic. Fortinet recommends running VMs on an Intel-based PC.
Due to known vulnerabilities in the SSLv3 protocol, FortiManager-VM64-AWS only enables TLSv1 by default. All other models enable both TLSv1 and SSLv3. If you wish to disable SSLv3 support, please run:
config system global
set ssl-protocol t1sv1