Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
All Products
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Web Application Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • Web Application / API Protection
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions
    • All Products

    Release Notes

    Home FortiWeb 8.0.0 Release Notes
    8.0.0
    8.0.4
    8.0.3
    8.0.2
    8.0.1
    8.0.0
    7.6.7
    7.6.6
    7.6.5
    7.6.4
    7.6.3
    7.6.2
    7.6.1
    7.6.0
    7.4.12
    7.4.11
    7.4.10
    7.4.9
    7.4.8
    7.4.7
    7.4.7
    7.4.6
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.12
    7.2.11
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.3
    6.3.23
    6.2.8
    6.1.4
    6.0.8
    6.0.7
    6.0.6
    6.0.5
    6.0.4
    6.0.3
    6.0.2
    6.0.1
    6.0.0
    5.9.1
    5.8.7
    5.7.3
    5.7.0
    5.6.2
    5.6.1
    5.6.0
    5.6.0
    5.6.0
    5.6.0
    5.5.7
    5.5.0
    5.5.0
    5.5.0
    5.4.0
    5.4.0
    5.4.0
    5.4.0
    5.1.0
    5.0.1
    5.0.0

    Upgrading from previous releases

    Supported upgrade paths

    This section discusses the general paths to upgrade FortiWeb from previous releases.

    If you are upgrading from a version that is 7.6.1 or lower, then you will need to upgrade to version 7.6.2 before proceeding with subsequent updates.

    For example, to upgrade from 7.2.1 to 7.6.3, you will follow the upgrade path below:

    7.2.1 → 7.6.2 → 7.6.3

    Version 7.6.2 introduces an expanded partition size. Ensure the log disk has at least 1.5 GB of free space before upgrading.

    For details, refer to the FortiWeb 7.6.2 Release Notes.
    To upgrade to FortiWeb 8.0.0

    Upgrade to version 7.6.2 before proceeding to upgrade to version 8.0.0.

    To upgrade from FortiWeb 7.6.0/7.6.1 to 7.6.2

    Upgrade directly.

    To upgrade from FortiWeb 7.4.x to 7.6.2

    Upgrade directly.

    To upgrade from FortiWeb 7.2.x to 7.6.2

    Upgrade directly.

    If you had enabled Threat Analytics in previous releases but did not have a valid license, the 14-day eval license will be automatically applied after upgrading to version 7.2.2 and later.

    In this case, if you don't want to start the 14-day eval immediately after upgrade, it's recommended to disable the Threat Analytics first, then execute upgrade.
    To upgrade from FortiWeb 7.0.x to 7.6.2

    Upgrade directly.

    To upgrade from FortiWeb 6.4.x to 7.6.2

    Upgrade directly.

    To upgrade from FortiWeb 6.3.x to 7.6.2

    Upgrade directly.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.
    To upgrade from FortiWeb 6.1.x and 6.2.x to 7.6.2

    Upgrade directly.

    The machine learning data will be lost after the upgrade as the database format is enhanced in 6.3.0. Machine Learning will automatically start collecting data again after the upgrade.

    For FortiWeb-VM on docker platform, it's not supported to upgrade to 8.0.0 from versions earlier than 6.3.0. You need to install FortiWeb-VM 8.0.0 instead of upgrading to 8.0.0. For how to install, see FortiWeb-VM on docker.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.
    To upgrade from FortiWeb 6.0 or 6.0.x to 7.6.2

    Upgrade directly.

    After the upgrade:

    • If you upgrade from 6.0, there might be database compatibility issue after the upgrade, because the MarisDB database version is upgraded to 10.3.8 since FortiWeb 6.0.2.
      • Run get system status to check the Database Status.
      • If it shows Available, it means the database works well. If it shows Not Available, you need to run execute db rebuild to solve the database compatibility issue. Please note in HA mode running execute db rebuild on primary appliance will take effect on all secondary appliances simultaneously.
    • If you upgrade from 6.0.1, it's not necessary to run execute db rebuild because the database format has already been enhanced in 6.0.1, so that it's compatible with the new database.
    tooltip icon

    The machine learning data will be lost after the upgrade as the database format is enhanced in 6.3.0. Machine Learning will automatically start collecting data again after the upgrade.

    For FortiWeb-VM on docker platform, it's not supported to upgrade to 8.0.0 from versions earlier than 6.3.0. You need to install FortiWeb-VM 8.0.0 instead of upgrading to 8.0.0. For how to install, see FortiWeb-VM on docker.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.
    To upgrade from FortiWeb 5.5.x, 5.6.x, 5.7.x, 5.8.x, or 5.9.x to 7.6.2

    Before the upgrade:

    • If you upgrade from a version of FortiWeb previous to 5.9.0 on Azure platform, first change the addressing mode to DHCP in Network > Interface, then upgrade to FortiWeb 6.1.1, because FortiWeb on Azure platform has enforced the DHCP addressing mode since release 5.9.0.

    After the upgrade:

    • There might be database compatibility issue after the upgrade, because the MarisDB database version is upgraded to 10.3.8 since FortiWeb 6.0.2.
      • Run get system status to check the Database Status.
      • If it shows Available, it means the database works well. If it shows Not Available, you need to run execute db rebuild to solve the database compatibility issue. Please note in HA mode, running execute db rebuild on primary appliance will take effect on all secondary appliances simultaneously.
    tooltip icon

    If you upgrade from a version of FortiWeb previous to 5.5.4, the upgrade process deletes any HTTP content routing policies that match X509 certificate content. You can re-create these policies using the new, enhanced X509 certificate settings.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.
    To upgrade from FortiWeb 5.4.x to 7.6.2

    Before the upgrade:

    After the upgrade:

    • There might be database compatibility issue after the upgrade, because the MarisDB database version is upgraded to 10.3.8 since FortiWeb 6.0.2.
      • Run get system status to check the Database Status.
      • If it shows Available, it means the database works well. If it shows Not Available, you need to run execute db rebuild to solve the database compatibility issue. Please note in HA mode, running execute db rebuild on primary appliance will take effect on all secondary appliances simultaneously.
    tooltip icon

    The upgrade process deletes any HTTP content routing policies that match X509 certificate content. You can re-create these policies using the new, enhanced X509 certificate settings.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.
    To upgrade from FortiWeb 5.3.x to 7.6.2

    Before the upgrade:

    After the upgrade:

    • There might be database compatibility issue after the upgrade, because the MarisDB database version is upgraded to 10.3.8 since FortiWeb 6.0.2.
      • Run get system status to check the Database Status.
      • If it shows Available, it means the database works well. If it shows Not Available, you need to run execute db rebuild to solve the database compatibility issue. Please note in HA mode, running execute db rebuild on primary appliance will take effect on all secondary appliances simultaneously.
    tooltip icon
    • If you are upgrading FortiWeb-VM on a hypervisor other than VMware vSphere, see FortiWeb-VM license validation after upgrade from pre-5.4 version.
    • The upgrade process deletes any HTTP content routing policies that match X509 certificate content. You can re-create these policies using the new, enhanced X509 certificate settings.
    • If you upgrade from a version of FortiWeb previous to 5.3.4 and your server policy configuration includes settings that customize an attack blocking or server unavailable error page, the upgrade deletes these server-based settings. The functionality is replaced by the global, default FortiWeb pages.
    • If you upgrade from a version of FortiWeb previous to 5.3.6, the upgrade process deletes any V-zone IP addresses, which are no longer required. This operation has no impact on routing or connectivity after the upgrade.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.
    To upgrade from a version previous to FortiWeb 5.3 to 7.6.2

    FortiWeb5.3.exe is a Microsoft Windows executable script that automatically migrates your FortiWeb 5.2.x configuration settings to a 5.3.x configuration.

    1. If your version is 5.0.x or 5.1.x, upgrade to FortiWeb 5.2.x.
    2. Use System > Maintenance > Backup & Restore to back up your FortiWeb configuration. Fortinet recommends that you use the Backup entire configuration option.
    3. To obtain the upgrade script, log in to the Fortinet Customer Service & Support website:

      4. https://support.fortinet.com

      In the menus at the top of the page, click Download, and then click Firmware Images.

    4. For product, select FortiWeb. Then, on the Download tab, navigate to the following folder:

      5. /FortiWeb/v5.00/5.3/Upgrade_script/

    5. Download the .zip compressed archive (for example, FortiWeb5.3Upgrade_v1.9.zip) to a location you can access from your Windows PC.
    6. In Windows, extract the .zip archive's contents, and then use a command line interface to execute the upgrade script.

      7. For example, in the directory where the file FortiWeb5.3Upgrade.exe and your backup configuration file are located, execute the following command:

      FortiWeb5.3Upgrade.exe -i YOUR_CONFIG_NAME.conf –o 5.3_new.conf

      The script removes the Domain Server, Physical Server, Server Farm, Content Routing policy configurations and generates a new configuration file named 5.3_new.conf.

    7. Resize your FortiWeb hard disk partitions. See Repartitioning the hard disk.
    8. Upgrade to 6.3.9 first, then upgrade to 8.0.0.
    9. Use System > Maintenance > Backup & Restore to restore the configuration file you created using the script (for example, 5.3_new.conf).
    10. There might be database compatibility issue after the upgrade, because the MarisDB database version is upgraded to 10.3.8 since FortiWeb 6.0.2:
    • Run get system status to check the Database Status.
    • If it shows Available, it means the database works well. If it shows Not Available, you need to run execute db rebuild to solve the database compatibility issue. Please note in HA mode, running execute db rebuild on primary appliance will take effect on all secondary appliances simultaneously.
    tooltip icon
    • If you are upgrading FortiWeb-VM on a hypervisor other than VMware vSphere, see FortiWeb-VM license validation after upgrade from pre-5.4 version.
    • The upgrade process deletes any HTTP content routing policies that match X509 certificate content. You can re-create these policies using the new, enhanced X509 certificate settings.
    • If your server policy configuration includes settings that customize an attack blocking or server unavailable error page, the upgrade deletes these server-based settings. The functionality is replaced by the global, default FortiWeb pages.
    • The upgrade process deletes any V-zone IP addresses, which are no longer required. This operation has no impact on routing or connectivity after the upgrade.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.

    Note: To upgrade from 4.0 MR4, Patch x or earlier, please contact Fortinet Technical Support.

    Previous
    Next

    Upgrading from previous releases

    Supported upgrade paths

    This section discusses the general paths to upgrade FortiWeb from previous releases.

    If you are upgrading from a version that is 7.6.1 or lower, then you will need to upgrade to version 7.6.2 before proceeding with subsequent updates.

    For example, to upgrade from 7.2.1 to 7.6.3, you will follow the upgrade path below:

    7.2.1 → 7.6.2 → 7.6.3

    Version 7.6.2 introduces an expanded partition size. Ensure the log disk has at least 1.5 GB of free space before upgrading.

    For details, refer to the FortiWeb 7.6.2 Release Notes.
    To upgrade to FortiWeb 8.0.0

    Upgrade to version 7.6.2 before proceeding to upgrade to version 8.0.0.

    To upgrade from FortiWeb 7.6.0/7.6.1 to 7.6.2

    Upgrade directly.

    To upgrade from FortiWeb 7.4.x to 7.6.2

    Upgrade directly.

    To upgrade from FortiWeb 7.2.x to 7.6.2

    Upgrade directly.

    If you had enabled Threat Analytics in previous releases but did not have a valid license, the 14-day eval license will be automatically applied after upgrading to version 7.2.2 and later.

    In this case, if you don't want to start the 14-day eval immediately after upgrade, it's recommended to disable the Threat Analytics first, then execute upgrade.
    To upgrade from FortiWeb 7.0.x to 7.6.2

    Upgrade directly.

    To upgrade from FortiWeb 6.4.x to 7.6.2

    Upgrade directly.

    To upgrade from FortiWeb 6.3.x to 7.6.2

    Upgrade directly.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.
    To upgrade from FortiWeb 6.1.x and 6.2.x to 7.6.2

    Upgrade directly.

    The machine learning data will be lost after the upgrade as the database format is enhanced in 6.3.0. Machine Learning will automatically start collecting data again after the upgrade.

    For FortiWeb-VM on docker platform, it's not supported to upgrade to 8.0.0 from versions earlier than 6.3.0. You need to install FortiWeb-VM 8.0.0 instead of upgrading to 8.0.0. For how to install, see FortiWeb-VM on docker.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.
    To upgrade from FortiWeb 6.0 or 6.0.x to 7.6.2

    Upgrade directly.

    After the upgrade:

    • If you upgrade from 6.0, there might be database compatibility issue after the upgrade, because the MarisDB database version is upgraded to 10.3.8 since FortiWeb 6.0.2.
      • Run get system status to check the Database Status.
      • If it shows Available, it means the database works well. If it shows Not Available, you need to run execute db rebuild to solve the database compatibility issue. Please note in HA mode running execute db rebuild on primary appliance will take effect on all secondary appliances simultaneously.
    • If you upgrade from 6.0.1, it's not necessary to run execute db rebuild because the database format has already been enhanced in 6.0.1, so that it's compatible with the new database.
    tooltip icon

    The machine learning data will be lost after the upgrade as the database format is enhanced in 6.3.0. Machine Learning will automatically start collecting data again after the upgrade.

    For FortiWeb-VM on docker platform, it's not supported to upgrade to 8.0.0 from versions earlier than 6.3.0. You need to install FortiWeb-VM 8.0.0 instead of upgrading to 8.0.0. For how to install, see FortiWeb-VM on docker.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.
    To upgrade from FortiWeb 5.5.x, 5.6.x, 5.7.x, 5.8.x, or 5.9.x to 7.6.2

    Before the upgrade:

    • If you upgrade from a version of FortiWeb previous to 5.9.0 on Azure platform, first change the addressing mode to DHCP in Network > Interface, then upgrade to FortiWeb 6.1.1, because FortiWeb on Azure platform has enforced the DHCP addressing mode since release 5.9.0.

    After the upgrade:

    • There might be database compatibility issue after the upgrade, because the MarisDB database version is upgraded to 10.3.8 since FortiWeb 6.0.2.
      • Run get system status to check the Database Status.
      • If it shows Available, it means the database works well. If it shows Not Available, you need to run execute db rebuild to solve the database compatibility issue. Please note in HA mode, running execute db rebuild on primary appliance will take effect on all secondary appliances simultaneously.
    tooltip icon

    If you upgrade from a version of FortiWeb previous to 5.5.4, the upgrade process deletes any HTTP content routing policies that match X509 certificate content. You can re-create these policies using the new, enhanced X509 certificate settings.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.
    To upgrade from FortiWeb 5.4.x to 7.6.2

    Before the upgrade:

    After the upgrade:

    • There might be database compatibility issue after the upgrade, because the MarisDB database version is upgraded to 10.3.8 since FortiWeb 6.0.2.
      • Run get system status to check the Database Status.
      • If it shows Available, it means the database works well. If it shows Not Available, you need to run execute db rebuild to solve the database compatibility issue. Please note in HA mode, running execute db rebuild on primary appliance will take effect on all secondary appliances simultaneously.
    tooltip icon

    The upgrade process deletes any HTTP content routing policies that match X509 certificate content. You can re-create these policies using the new, enhanced X509 certificate settings.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.
    To upgrade from FortiWeb 5.3.x to 7.6.2

    Before the upgrade:

    After the upgrade:

    • There might be database compatibility issue after the upgrade, because the MarisDB database version is upgraded to 10.3.8 since FortiWeb 6.0.2.
      • Run get system status to check the Database Status.
      • If it shows Available, it means the database works well. If it shows Not Available, you need to run execute db rebuild to solve the database compatibility issue. Please note in HA mode, running execute db rebuild on primary appliance will take effect on all secondary appliances simultaneously.
    tooltip icon
    • If you are upgrading FortiWeb-VM on a hypervisor other than VMware vSphere, see FortiWeb-VM license validation after upgrade from pre-5.4 version.
    • The upgrade process deletes any HTTP content routing policies that match X509 certificate content. You can re-create these policies using the new, enhanced X509 certificate settings.
    • If you upgrade from a version of FortiWeb previous to 5.3.4 and your server policy configuration includes settings that customize an attack blocking or server unavailable error page, the upgrade deletes these server-based settings. The functionality is replaced by the global, default FortiWeb pages.
    • If you upgrade from a version of FortiWeb previous to 5.3.6, the upgrade process deletes any V-zone IP addresses, which are no longer required. This operation has no impact on routing or connectivity after the upgrade.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.
    To upgrade from a version previous to FortiWeb 5.3 to 7.6.2

    FortiWeb5.3.exe is a Microsoft Windows executable script that automatically migrates your FortiWeb 5.2.x configuration settings to a 5.3.x configuration.

    1. If your version is 5.0.x or 5.1.x, upgrade to FortiWeb 5.2.x.
    2. Use System > Maintenance > Backup & Restore to back up your FortiWeb configuration. Fortinet recommends that you use the Backup entire configuration option.
    3. To obtain the upgrade script, log in to the Fortinet Customer Service & Support website:

      4. https://support.fortinet.com

      In the menus at the top of the page, click Download, and then click Firmware Images.

    4. For product, select FortiWeb. Then, on the Download tab, navigate to the following folder:

      5. /FortiWeb/v5.00/5.3/Upgrade_script/

    5. Download the .zip compressed archive (for example, FortiWeb5.3Upgrade_v1.9.zip) to a location you can access from your Windows PC.
    6. In Windows, extract the .zip archive's contents, and then use a command line interface to execute the upgrade script.

      7. For example, in the directory where the file FortiWeb5.3Upgrade.exe and your backup configuration file are located, execute the following command:

      FortiWeb5.3Upgrade.exe -i YOUR_CONFIG_NAME.conf –o 5.3_new.conf

      The script removes the Domain Server, Physical Server, Server Farm, Content Routing policy configurations and generates a new configuration file named 5.3_new.conf.

    7. Resize your FortiWeb hard disk partitions. See Repartitioning the hard disk.
    8. Upgrade to 6.3.9 first, then upgrade to 8.0.0.
    9. Use System > Maintenance > Backup & Restore to restore the configuration file you created using the script (for example, 5.3_new.conf).
    10. There might be database compatibility issue after the upgrade, because the MarisDB database version is upgraded to 10.3.8 since FortiWeb 6.0.2:
    • Run get system status to check the Database Status.
    • If it shows Available, it means the database works well. If it shows Not Available, you need to run execute db rebuild to solve the database compatibility issue. Please note in HA mode, running execute db rebuild on primary appliance will take effect on all secondary appliances simultaneously.
    tooltip icon
    • If you are upgrading FortiWeb-VM on a hypervisor other than VMware vSphere, see FortiWeb-VM license validation after upgrade from pre-5.4 version.
    • The upgrade process deletes any HTTP content routing policies that match X509 certificate content. You can re-create these policies using the new, enhanced X509 certificate settings.
    • If your server policy configuration includes settings that customize an attack blocking or server unavailable error page, the upgrade deletes these server-based settings. The functionality is replaced by the global, default FortiWeb pages.
    • The upgrade process deletes any V-zone IP addresses, which are no longer required. This operation has no impact on routing or connectivity after the upgrade.

    The "Bad Robot" and "SQL Injection (Syntax Based Detection)" signatures had been integrated into WAF modules "Bot Mitigation > Known Bots" and "SQL/XSS Syntax Based Detection" since 6.3.3. If you upgrade from a version earlier than 6.3.3, all settings of these two signatures will be merged to corresponding modules except the exception list.

    Make sure to add the exception list manually after the upgrade, otherwise certain traffic will be blocked unexpectedly because of the missing of the exception list.

    Note: To upgrade from 4.0 MR4, Patch x or earlier, please contact Fortinet Technical Support.

    Previous
    Next