Fortinet Document Library

Version:


Table of Contents

6.4.1
Download PDF
Copy Link

Upgrading from FortiManager, SD-WAN Orchestrator, and FortiOS 6.4.0 to 6.4.1

In this scenario, you are starting the upgrade with the following items:

  • FortiManager 6.4.0 with ADOMs enabled.
  • SD-WAN Orchestrator 6.4.0
  • FortiGates running FortiOS 6.4.0

In FortiManager, a 6.4 ADOM contains the FortiGates.

To upgrade SD-WAN Orchestrator:
  1. Upgrade FortiManager to 6.4.1.

    After FortiManager reboots, SD-WAN Orchestrator is automatically upgraded to 6.4.1.

  2. In FortiManager, upgrade FortiOS from 6.4.0 to 6.4.1.
    1. Go to Device Manager > Firmware.

      The Upgrade Available column displays 6.4.1.

    2. Select the FortiGates, and click Upgrade.

      When the firmware upgrade completes, click Close.

  3. Initiate the creation of normalized interfaces and new policy blocks by going to Management Extensions > SD-WAN Orchestrator.

    In FortiManager, you can view the new policy blocks by going to Policy & Objects > Policy Packages, and expanding the Policy Blocks tree menu. The following policy blocks are created:

    • SDWAN_Overlay_PB_EDGE
    • SDWAN_Overlay_PB_HUB

    You can view normalized interfaces by going to Policy & Objects > Object Configuration > Normalized Interface. The following normalized interfaces with per-platform mappings are created:

    • overlay_edge2hub
    • overlay_hub2edge
    • overlay_hub2hub
    • underlay
    • sdwan_loopback

    The interfaces are used by the automatically-generated policy blocks or by other custom policies.

  4. In FortiManager, append new policy blocks to policy packages used by hub and spoke devices.
    1. Go to Policy & Objects > Policy Packages.
    2. In the tree menu, select the policy package for the hub device, and from the Policy Block menu, select Append Policy Block.

      The Insert Policy Block dialog box appears.

    3. From the list, select the policy block for hub devices, and click OK.
    4. Repeat this procedure for edge devices, if necessary.
    5. Delete from the policy package the policy block named SDWAN_Overlay_PB that was created in 6.4.0.
    6. Add other policies if necessary.
  5. In SD-WAN Orchestrator, install all configurations.
    1. Go to Management Extensions > SD-WAN Orchestrator.
    2. Go to Configuration > Device, and click the Install all configuration button.
  6. In FortiManager, install policy packages to hub and edge devices.
  7. Check the configuration on FortiGate for the following changes:
    • SD-WAN configuration is migrated to config system sdwan.
    • New SD-WAN zones are created, and member interfaces have been added to corresponding zones.
    • Business rules remain unchanged, and SLA is up.
    • Firewall policies have been updated.

Upgrading from FortiManager, SD-WAN Orchestrator, and FortiOS 6.4.0 to 6.4.1

In this scenario, you are starting the upgrade with the following items:

  • FortiManager 6.4.0 with ADOMs enabled.
  • SD-WAN Orchestrator 6.4.0
  • FortiGates running FortiOS 6.4.0

In FortiManager, a 6.4 ADOM contains the FortiGates.

To upgrade SD-WAN Orchestrator:
  1. Upgrade FortiManager to 6.4.1.

    After FortiManager reboots, SD-WAN Orchestrator is automatically upgraded to 6.4.1.

  2. In FortiManager, upgrade FortiOS from 6.4.0 to 6.4.1.
    1. Go to Device Manager > Firmware.

      The Upgrade Available column displays 6.4.1.

    2. Select the FortiGates, and click Upgrade.

      When the firmware upgrade completes, click Close.

  3. Initiate the creation of normalized interfaces and new policy blocks by going to Management Extensions > SD-WAN Orchestrator.

    In FortiManager, you can view the new policy blocks by going to Policy & Objects > Policy Packages, and expanding the Policy Blocks tree menu. The following policy blocks are created:

    • SDWAN_Overlay_PB_EDGE
    • SDWAN_Overlay_PB_HUB

    You can view normalized interfaces by going to Policy & Objects > Object Configuration > Normalized Interface. The following normalized interfaces with per-platform mappings are created:

    • overlay_edge2hub
    • overlay_hub2edge
    • overlay_hub2hub
    • underlay
    • sdwan_loopback

    The interfaces are used by the automatically-generated policy blocks or by other custom policies.

  4. In FortiManager, append new policy blocks to policy packages used by hub and spoke devices.
    1. Go to Policy & Objects > Policy Packages.
    2. In the tree menu, select the policy package for the hub device, and from the Policy Block menu, select Append Policy Block.

      The Insert Policy Block dialog box appears.

    3. From the list, select the policy block for hub devices, and click OK.
    4. Repeat this procedure for edge devices, if necessary.
    5. Delete from the policy package the policy block named SDWAN_Overlay_PB that was created in 6.4.0.
    6. Add other policies if necessary.
  5. In SD-WAN Orchestrator, install all configurations.
    1. Go to Management Extensions > SD-WAN Orchestrator.
    2. Go to Configuration > Device, and click the Install all configuration button.
  6. In FortiManager, install policy packages to hub and edge devices.
  7. Check the configuration on FortiGate for the following changes:
    • SD-WAN configuration is migrated to config system sdwan.
    • New SD-WAN zones are created, and member interfaces have been added to corresponding zones.
    • Business rules remain unchanged, and SLA is up.
    • Firewall policies have been updated.