Upgrade issues specific to 5.6.x
Use of Port 4433
This issue usually occurs when the Admin access port for HTTPS access is changed due to an SSL-VPN using 443.
The new FTM-push feature in 5.6.0 uses port 4433 by default. If a SysAdmin has changed the HTTP or HTTPS access port to 4433 before the upgrade and FTM is enabled on the interface, once the upgrade has been completed, FTM is now using this feature and the SysAdmin can be prevented from accessing the administrative features of the FortiGate through the GUI.
1. The CLI doesn’t give any warnings regarding this issue.
2. Removing FTM from the allowaccess setting does not get back the GUI access.
3. If this issue is encountered, temporarily reset the admin ports back to their default settings to regain GUI access.
IPsec
There is an issue with IPsec tunnels when upgrading from 5.4.5 to 5.6.0, but only between these two versions. Going from 5.4.4 to 5.6.0 doesn’t present an issue. If you do upgrade between these two versions any Phase 1 psksecrets will have to be reset.
Upgrade issues specific to 5.4.x
Wildcard FQDNs
FortiOS 5.2 allowed configurations to use wildcard FQDN objects in the firewall policies. This functionality was removed starting in 5.4. If a user has a firewall running FOS 5.2 with firewall rules configured to use wildcard FQNDs, when the customer upgrades the firewall to FOS 5.4.x or later, the firewall rules using wildcard FQDNs will be deleted. This can cause unexpected traffic to pass or be blocked.
Start building with 50+ products and up to 12 months usage for Elastic Compute Service
1 on 1 presale consultation
24/7 Technical Support 6 Free Tickets per Quarter Faster Response
Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.
A comprehensive suite of global cloud computing services to power your business
Payment Methods We Support
