Table of Contents
Related Manuals for Fortinet FortiOS 3.0
Summary of Contents for Fortinet FortiOS 3.0
- Page 1 U P G R A D E G U I D E Upgrade Guide for FortiOS 3.0 www.fortinet.com...
- Page 2 Upgrade Guide for FortiOS 3.0 24 April 2006 01-30000-0317-20060424 © Copyright 2006 Fortinet, Inc. All rights reserved. No part of this publication including text, examples, diagrams or illustrations may be reproduced, transmitted, or translated in any form or by any means, electronic, mechanical, manual, optical or otherwise, for any purpose, without prior written permission of Fortinet, Inc.
-
Page 3: Table Of Contents
About this document... 7 Document conventions... 7 Fortinet documentation ... 8 Fortinet Knowledge Center ... 9 Comments on Fortinet technical documentation ... 9 Customer service and technical support ... 9 Upgrade Notes... 11 Backing up configuration files ... 11 Setup Wizard ... 11 FortiLog name change ... - Page 4 Log Config... 29 Log Access ... 30 Report ... 30 HA ... 30 Upgrading the HA cluster for FortiOS 3.0 ... 31 SNMP MIBs and traps changes... 31 In-depth SNMP trap changes... 31 In-depth MIB file name changes ... 31 Backing up your configuration ...
- Page 5 Upgrading to FortiOS 3.0 ... 34 Verifying the upgrade ... 36 Reverting to FortiOS v2.80MR11 ... 37 Backing up your FortiOS 3.0 configuration ... 37 Downgrading to FortiOS v2.80MR11 using web-based manager ... 38 Verifying the downgrade ... 38 Downgrading to FortiOS v2.80MR11 using the CLI ... 39 Restoring your configuration ...
- Page 6 Contents Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424...
-
Page 7: Introduction
Introduction Over the past year, Fortinet has been developing, testing and refining a new operating system for your FortiGate unit. FortiOS 3.0 is a more dynamic and robust operating system, offering you even better protection, blocking and monitoring features for your network. -
Page 8: Typographic Conventions
Go to VPN > IPSEC > Phase 1 and select Create New. Program output Welcome! <address_ipv4> Variables The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com. The following FortiGate product documentation •... -
Page 9: Fortinet Knowledge Center
Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network. - Page 10 Customer service and technical support Introduction Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424...
-
Page 11: Upgrade Notes
3.0. The name change better reflects the product’s more robust reporting and logging features. LCD display changes After upgrading to FortiOS 3.0, FortiGate units with an LCD screen will display the following main menus: Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424... -
Page 12: Web-Based Manager Changes
Figure 2: LCD main menu setting for Transparent mode Menu [ Fortigat -> ] Transparent, Standalone The system dashboard in FortiOS 3.0 has been enhanced, with various system information now categorized and additional features added to better monitor your FortiGate unit. -
Page 13: Changes To The Web-Based Manager
FortiGate unit is not connected to a FortiAnalyzer unit. Changes to the web-based manager In FortiOS 3.0, there are several features that have merged with other features. See the If you need additional information on these new features, see FortiGate Administration Guide. -
Page 14: Usb Support
USB support USB support Other The USB is supported in FortiOS 3.0. The FortiUSB key (purchased separately) enables you to backup configuration files and restore backed up configuration files. You can even configure the FortiGate unit to automatically install a firmware image and restore configuration settings on a system reboot using the FortiUSB key. - Page 15 • Lists from FortiOS 2.80MR11 cannot be restored in FortiOS 3.0. Make sure to document these lists before upgrading. If you upgrade using the web-based manager, these lists may carry forward. Use both the web-based manager and CLI to verify these lists carried forward if you upgraded using the web-based manager.
- Page 16 Other Upgrade Notes Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424...
-
Page 17: New Features And Changes
New features and changes New features and changes There are several new features included in FortiOS 3.0, as well as changes to existing features. This chapter outlines the new features as well as the changes. Before you proceed to upgrade your FortiGate unit, it is recommended you review this document and the following documents to familiarize yourself the new features and changes. -
Page 18: Status
System Status Sessions Network Config The Status page displays the System Dashboard. The System Dashboard is categorized and five new items have been added: • CPU, memory usage statistics history • FortiGuard Subscription-based services and license information • Image of the FortiGate unit’s port status settings •... -
Page 19: Admin
Also, there is a Download Debug log option. You can download an encrypted debug log to a file and then send it to Fortinet Technical Support to help diagnose problems with your FortiGate unit. Figure 4: Backup and Restore page Upgrade Guide for FortiOS v3.0... -
Page 20: Virtual Domain
Virtual Domain The FortiGuard Center, previously the Update Center, displays several options for enabling the FortiGate unit to connect to the Fortinet Distribution Network (FDN), and for updating antivirus and attack definitions. You can also test the availability of FortiGuard services from this page. -
Page 21: Router
New features and changes • an administration account with access profile that provides read and write access to • only the admin administrator account can configure a VDOM unless you create and assign a regular administrator to that VDOM Router The Router menu consists of the following menus: •... -
Page 22: Monitor
Firewall Monitor Firewall Policy Address Service Virtual IP Protection Profiles The Routing Monitor tab displays the entries in the FortiGate routing table. You can apply a filter to display certain routes to search for specific routing protocols. The Firewall menu consists of the following menus: •... -
Page 23: Vpn
Notes FortiOS 3.0MR1 to review known issues and changes for configuring VPNs. Note: VPN settings may need to be reconfigured after you upgrade to FortiOS 3.0. Also, VPN IPSec Phase 2 settings source and destination ports are reset to zero during the upgrade. -
Page 24: User
CLI, under Radius in the User chapter. See the FortiGate CLI Reference for more information. The Windows AD menu, new for FortiOS 3.0, enables you to configure your FortiGate unit on a Windows Active Directory (AD) network so it can transparently authenticate the user without asking for their username and password. -
Page 25: Antivirus
Anomaly Note: Make sure to document all FortiOS 2.80 IPS group settings before upgrading to FortiOS 3.0, since certain IPS group settings are not carried forward and must be configured manually. See the Release Notes FortiOS 3.0MR1 for more information. -
Page 26: Anomaly
• FortiGuard-Web Filter Note: The lists you configured in FortiOS 2.80 may carry forward to FortiOS 3.0 if you upgrade using the web-based manager. Make sure to document these lists for reference to verify after the upgrade is successful. See the Release Notes for FortiOS 3.0MR1 for more information. -
Page 27: Antispam (Formerly Spam Filter)
Also, the “clear” action for banned words in an email is now available in the CLI to support upgrade. Since the “clear” action is no longer a valid spam action in FortiOS 3.0, avoid using it when configuring banned words. Note: The Black/White lists are not separate. You may need to re-enable MIME Headers when you upgrade to FortiOS 3.0. -
Page 28: Banned Word
• User The IM/P2P menu is new for FortiOS 3.0. Since instant messaging and peer to peer (P2P) networks have grown, FortiOS 3.0 now includes a separate menu for these new technologies. You can control the amount of bandwidth allocated for P2P. -
Page 29: Statistics
New features and changes Statistics The Statistics menu provides administrators with a view of instant messaging and point to point statistics to gain insight into how these protocols are being used within the network. The Overview tab provides detail statistics for all IM/P2P protocols. The Protocol tab displays statistics for current users, blocked users and users since last reset. -
Page 30: Log Access
VoIP. There are significant changes, including new features, for high availability in FortiOS 3.0. The most significant change for HA is virtual clustering, where you can configure HA for individual virtual domains. The virtual clustering can handle two FortiGate units per virtual cluster. -
Page 31: Upgrading The Ha Cluster For Fortios 3.0
SNMP MIBs and traps changes In FortiOS 3.0 the trap file is combined into the MIB file - there is only one MIB file to download and install to your SNMP management system. SNMP traps and variables that used hyphens (for example xxx-yyy) have dropped the hyphen and capitalized the second term (xxxYyy). - Page 32 SNMP MIBs and traps changes fnSysMemCapacity fnHaLBSchedule fnHaGroupID fnHaPriority fnHaOverride fnHaAutoSync Options fnOptAuthTimeout fnOptionLanguage fnOptLcdProtection Management fnManSysSerial fnManIfName fnManIfIp fnManIfMask Administrator fnAdminTable Accounts perm New features and changes fnHaSchedule fnHaGroupID No longer available No longer available No longer available No longer available Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424...
-
Page 33: Upgrading To Fortios 3.0
Upgrading to FortiOS 3.0 Upgrading to FortiOS 3.0 Before you begin upgrading to FortiOS 3.0, it is recommended that you first review this chapter as well as the release notes so you can be fully aware of these new features and changes. -
Page 34: Backing Up Your Configuration Using The Cli
After successfully backing up your configuration file(s), either from the CLI or the web-based manager, proceed with the upgrade to FortiOS 3.0. You can upgrade to FortiOS 3.0 using either the web-based manager or CLI. Use the following procedures to upgrade your existing firmware version to FortiOS 3.0. -
Page 35: Upgrading Using The Cli
Go to System > Maintenance > Backup and Restore to save the configuration settings that carried forward. Note: After upgrading to FortiOS 3.0, perform an “Update Now” to retrieve the latest AV/NIDS signatures from the FortiGuard Distribution Network (FDN) as the signatures included in the firmware may be older than those currently available on the FDN. -
Page 36: Verifying The Upgrade
Even though your configuration settings have carried forward, you should verify these settings. Verifying your settings also gives you an opportunity to familiarize yourself with the new features and changes in FortiOS 3.0. You can verify your configuration settings by: •... -
Page 37: Reverting To Fortios V2.80Mr11
Downgrading to FortiOS v2.80MR11 using the CLI Backing up your FortiOS 3.0 configuration If you have configured additional settings in FortiOS 3.0, it is recommended that you back up your FortiOS 3.0 configuration before downgrading to FortiOS v2.80MR11. This ensures you have a current configuration file for FortiOS 3.0 if you decide to upgrade. -
Page 38: Downgrading To Fortios V2.80Mr11 Using Web-Based Manager
System accprofiles Use the following procedure to downgrade to FortiOS v2.80MR11 in the web-based manager. If you have created additional settings in FortiOS 3.0, make sure you back up your configuration before downgrading. See for more up your FortiOS 3.0 configuration” on page 37 To downgrade using the web-based manager Go to System >... -
Page 39: Downgrading To Fortios V2.80Mr11 Using The Cli
Downgrading to FortiOS v2.80MR11 using the CLI Use the following procedure to downgrade to FortiOS v2.80MR11 in the CLI. If you have created additional settings in FortiOS 3.0, make sure you back up your configuration before downgrading. See configuration” on page 37 To downgrade using the CLI Make sure the TFTP server is running. -
Page 40: Restoring Your Configuration
FortiOS v2.80MR11. You can restore your configuration settings for FortiOS v2.80MR11 with the configuration file(s) you saved before upgrading to FortiOS 3.0. You can restore the FortiOS v2.80MR11 configuration settings using the web-based manager. Use the following procedure to restore these settings. - Page 41 Reverting to FortiOS v2.80MR11 Enter the following command to copy the backup configuration file to restore the file on the FortiGate unit: execute restore allconfig <name_str> <tftp_ipv4> <passwrd> Where <name_str> is the name of the backup configuration file and <tftp_ipv4> is the IP address of the TFTP server and <passwrd> is the password you entered when you backup your configuration settings.
- Page 42 Restoring your configuration Reverting to FortiOS v2.80MR11 Update Guide for FortiOS v3.0 01-30000-0317-20060424...
-
Page 43: Index
CLI 34 backup and restore 19 CLI changes 13 comments, documentation 9 customer service 9 documentation commenting on 9 Fortinet 8 downgrading v2.80MR11 using the CLI 39 v2.80MR11 using web-based manager 38 firewall address menu 22 policy menu 22... - Page 44 system menu admin 19 backup and restore 19 config 18 maintenance 19 network 18 sessions 18 status 18 technical support 9 upgrade notes 11, 12, 13, 14 backing up config 11 backing up config files 11 backing up config, v2.80MR11 33 CLI changes 13 name change, FortiLog 11 other 14...
- Page 45 www.fortinet.com...
- Page 46 www.fortinet.com...