FortiOS Upgrading Issues Specific to 5.6.x and 5.4.x

Source: Internet
Author: User
Keywords FortiOS Upgrading Upgrade to 5.6.x Upgrade to 5.4.x
Tags upgrade getting started forticloud fortios fortigate

Upgrade issues specific to 5.6.x

Use of Port 4433

This issue usually occurs when the Admin access port for HTTPS access is changed due to an SSL-VPN using 443.

The new FTM-push feature in 5.6.0 uses port 4433 by default. If a SysAdmin has changed the HTTP or HTTPS access port to 4433 before the upgrade and FTM is enabled on the interface, once the upgrade has been completed, FTM is now using this feature and the SysAdmin can be prevented from accessing the administrative features of the FortiGate through the GUI.

1. The CLI doesn’t give any warnings regarding this issue.
2. Removing FTM from the allowaccess setting does not get back the GUI access.
3. If this issue is encountered, temporarily reset the admin ports back to their default settings to regain GUI access.

IPsec

There is an issue with IPsec tunnels when upgrading from 5.4.5 to 5.6.0, but only between these two versions. Going from 5.4.4 to 5.6.0 doesn’t present an issue. If you do upgrade between these two versions any Phase 1 psksecrets will have to be reset.

Upgrade issues specific to 5.4.x

Wildcard FQDNs

FortiOS 5.2 allowed configurations to use wildcard FQDN objects in the firewall policies.  This functionality was removed starting in 5.4. If a user has a firewall running FOS 5.2 with firewall rules configured to use wildcard FQNDs, when the customer upgrades the firewall to FOS 5.4.x or later, the firewall rules using wildcard FQDNs will be deleted.  This can cause unexpected traffic to pass or be blocked.

Related Article

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.