About this document... 7 Document conventions... 7 Fortinet documentation ... 8 Fortinet Knowledge Center ... 9 Comments on Fortinet technical documentation ... 9 Customer service and technical support ... 9 Upgrade Notes... 11 Backing up configuration files ... 11 Setup Wizard ... 11 FortiLog name change ...
Page 4
Log Config... 29 Log Access ... 30 Report ... 30 HA ... 30 Upgrading the HA cluster for FortiOS 3.0 ... 31 SNMP MIBs and traps changes... 31 In-depth SNMP trap changes... 31 In-depth MIB file name changes ... 31 Backing up your configuration ...
Page 5
Upgrading to FortiOS 3.0 ... 34 Verifying the upgrade ... 36 Reverting to FortiOS v2.80MR11 ... 37 Backing up your FortiOS 3.0 configuration ... 37 Downgrading to FortiOS v2.80MR11 using web-based manager ... 38 Verifying the downgrade ... 38 Downgrading to FortiOS v2.80MR11 using the CLI ... 39 Restoring your configuration ...
Page 6
Contents Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424...
Introduction Over the past year, Fortinet has been developing, testing and refining a new operating system for your FortiGate unit. FortiOS 3.0 is a more dynamic and robust operating system, offering you even better protection, blocking and monitoring features for your network.
Go to VPN > IPSEC > Phase 1 and select Create New. Program output Welcome! <address_ipv4> Variables The most up-to-date publications and previous releases of Fortinet product documentation are available from the Fortinet Technical Documentation web site at http://docs.forticare.com. The following FortiGate product documentation •...
Please send information about any errors or omissions in this document, or any Fortinet technical documentation, to techdoc@fortinet.com. Customer service and technical support Fortinet Technical Support provides services designed to make sure that your Fortinet systems install quickly, configure easily, and operate reliably in your network.
Page 10
Customer service and technical support Introduction Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424...
3.0. The name change better reflects the product’s more robust reporting and logging features. LCD display changes After upgrading to FortiOS 3.0, FortiGate units with an LCD screen will display the following main menus: Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424...
Figure 2: LCD main menu setting for Transparent mode Menu [ Fortigat -> ] Transparent, Standalone The system dashboard in FortiOS 3.0 has been enhanced, with various system information now categorized and additional features added to better monitor your FortiGate unit.
FortiGate unit is not connected to a FortiAnalyzer unit. Changes to the web-based manager In FortiOS 3.0, there are several features that have merged with other features. See the If you need additional information on these new features, see FortiGate Administration Guide.
USB support USB support Other The USB is supported in FortiOS 3.0. The FortiUSB key (purchased separately) enables you to backup configuration files and restore backed up configuration files. You can even configure the FortiGate unit to automatically install a firmware image and restore configuration settings on a system reboot using the FortiUSB key.
Page 15
• Lists from FortiOS 2.80MR11 cannot be restored in FortiOS 3.0. Make sure to document these lists before upgrading. If you upgrade using the web-based manager, these lists may carry forward. Use both the web-based manager and CLI to verify these lists carried forward if you upgraded using the web-based manager.
Page 16
Other Upgrade Notes Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424...
New features and changes New features and changes There are several new features included in FortiOS 3.0, as well as changes to existing features. This chapter outlines the new features as well as the changes. Before you proceed to upgrade your FortiGate unit, it is recommended you review this document and the following documents to familiarize yourself the new features and changes.
System Status Sessions Network Config The Status page displays the System Dashboard. The System Dashboard is categorized and five new items have been added: • CPU, memory usage statistics history • FortiGuard Subscription-based services and license information • Image of the FortiGate unit’s port status settings •...
Also, there is a Download Debug log option. You can download an encrypted debug log to a file and then send it to Fortinet Technical Support to help diagnose problems with your FortiGate unit. Figure 4: Backup and Restore page Upgrade Guide for FortiOS v3.0...
Virtual Domain The FortiGuard Center, previously the Update Center, displays several options for enabling the FortiGate unit to connect to the Fortinet Distribution Network (FDN), and for updating antivirus and attack definitions. You can also test the availability of FortiGuard services from this page.
New features and changes • an administration account with access profile that provides read and write access to • only the admin administrator account can configure a VDOM unless you create and assign a regular administrator to that VDOM Router The Router menu consists of the following menus: •...
Firewall Monitor Firewall Policy Address Service Virtual IP Protection Profiles The Routing Monitor tab displays the entries in the FortiGate routing table. You can apply a filter to display certain routes to search for specific routing protocols. The Firewall menu consists of the following menus: •...
Notes FortiOS 3.0MR1 to review known issues and changes for configuring VPNs. Note: VPN settings may need to be reconfigured after you upgrade to FortiOS 3.0. Also, VPN IPSec Phase 2 settings source and destination ports are reset to zero during the upgrade.
CLI, under Radius in the User chapter. See the FortiGate CLI Reference for more information. The Windows AD menu, new for FortiOS 3.0, enables you to configure your FortiGate unit on a Windows Active Directory (AD) network so it can transparently authenticate the user without asking for their username and password.
Anomaly Note: Make sure to document all FortiOS 2.80 IPS group settings before upgrading to FortiOS 3.0, since certain IPS group settings are not carried forward and must be configured manually. See the Release Notes FortiOS 3.0MR1 for more information.
• FortiGuard-Web Filter Note: The lists you configured in FortiOS 2.80 may carry forward to FortiOS 3.0 if you upgrade using the web-based manager. Make sure to document these lists for reference to verify after the upgrade is successful. See the Release Notes for FortiOS 3.0MR1 for more information.
Also, the “clear” action for banned words in an email is now available in the CLI to support upgrade. Since the “clear” action is no longer a valid spam action in FortiOS 3.0, avoid using it when configuring banned words. Note: The Black/White lists are not separate. You may need to re-enable MIME Headers when you upgrade to FortiOS 3.0.
• User The IM/P2P menu is new for FortiOS 3.0. Since instant messaging and peer to peer (P2P) networks have grown, FortiOS 3.0 now includes a separate menu for these new technologies. You can control the amount of bandwidth allocated for P2P.
New features and changes Statistics The Statistics menu provides administrators with a view of instant messaging and point to point statistics to gain insight into how these protocols are being used within the network. The Overview tab provides detail statistics for all IM/P2P protocols. The Protocol tab displays statistics for current users, blocked users and users since last reset.
VoIP. There are significant changes, including new features, for high availability in FortiOS 3.0. The most significant change for HA is virtual clustering, where you can configure HA for individual virtual domains. The virtual clustering can handle two FortiGate units per virtual cluster.
SNMP MIBs and traps changes In FortiOS 3.0 the trap file is combined into the MIB file - there is only one MIB file to download and install to your SNMP management system. SNMP traps and variables that used hyphens (for example xxx-yyy) have dropped the hyphen and capitalized the second term (xxxYyy).
Page 32
SNMP MIBs and traps changes fnSysMemCapacity fnHaLBSchedule fnHaGroupID fnHaPriority fnHaOverride fnHaAutoSync Options fnOptAuthTimeout fnOptionLanguage fnOptLcdProtection Management fnManSysSerial fnManIfName fnManIfIp fnManIfMask Administrator fnAdminTable Accounts perm New features and changes fnHaSchedule fnHaGroupID No longer available No longer available No longer available No longer available Upgrade Guide for FortiOS v3.0 01-30000-0317-20060424...
Upgrading to FortiOS 3.0 Upgrading to FortiOS 3.0 Before you begin upgrading to FortiOS 3.0, it is recommended that you first review this chapter as well as the release notes so you can be fully aware of these new features and changes.
After successfully backing up your configuration file(s), either from the CLI or the web-based manager, proceed with the upgrade to FortiOS 3.0. You can upgrade to FortiOS 3.0 using either the web-based manager or CLI. Use the following procedures to upgrade your existing firmware version to FortiOS 3.0.
Go to System > Maintenance > Backup and Restore to save the configuration settings that carried forward. Note: After upgrading to FortiOS 3.0, perform an “Update Now” to retrieve the latest AV/NIDS signatures from the FortiGuard Distribution Network (FDN) as the signatures included in the firmware may be older than those currently available on the FDN.
Even though your configuration settings have carried forward, you should verify these settings. Verifying your settings also gives you an opportunity to familiarize yourself with the new features and changes in FortiOS 3.0. You can verify your configuration settings by: •...
Downgrading to FortiOS v2.80MR11 using the CLI Backing up your FortiOS 3.0 configuration If you have configured additional settings in FortiOS 3.0, it is recommended that you back up your FortiOS 3.0 configuration before downgrading to FortiOS v2.80MR11. This ensures you have a current configuration file for FortiOS 3.0 if you decide to upgrade.
System accprofiles Use the following procedure to downgrade to FortiOS v2.80MR11 in the web-based manager. If you have created additional settings in FortiOS 3.0, make sure you back up your configuration before downgrading. See for more up your FortiOS 3.0 configuration” on page 37 To downgrade using the web-based manager Go to System >...
Downgrading to FortiOS v2.80MR11 using the CLI Use the following procedure to downgrade to FortiOS v2.80MR11 in the CLI. If you have created additional settings in FortiOS 3.0, make sure you back up your configuration before downgrading. See configuration” on page 37 To downgrade using the CLI Make sure the TFTP server is running.
FortiOS v2.80MR11. You can restore your configuration settings for FortiOS v2.80MR11 with the configuration file(s) you saved before upgrading to FortiOS 3.0. You can restore the FortiOS v2.80MR11 configuration settings using the web-based manager. Use the following procedure to restore these settings.
Page 41
Reverting to FortiOS v2.80MR11 Enter the following command to copy the backup configuration file to restore the file on the FortiGate unit: execute restore allconfig <name_str> <tftp_ipv4> <passwrd> Where <name_str> is the name of the backup configuration file and <tftp_ipv4> is the IP address of the TFTP server and <passwrd> is the password you entered when you backup your configuration settings.
Page 42
Restoring your configuration Reverting to FortiOS v2.80MR11 Update Guide for FortiOS v3.0 01-30000-0317-20060424...
CLI 34 backup and restore 19 CLI changes 13 comments, documentation 9 customer service 9 documentation commenting on 9 Fortinet 8 downgrading v2.80MR11 using the CLI 39 v2.80MR11 using web-based manager 38 firewall address menu 22 policy menu 22...
Page 44
system menu admin 19 backup and restore 19 config 18 maintenance 19 network 18 sessions 18 status 18 technical support 9 upgrade notes 11, 12, 13, 14 backing up config 11 backing up config files 11 backing up config, v2.80MR11 33 CLI changes 13 name change, FortiLog 11 other 14...
Need help?
Do you have a question about the FortiOS 3.0 and is the answer not in the manual?
Questions and answers