Fortinet white logo
Fortinet white logo

Administration Guide

Using mixed versions in ADOMs

Using mixed versions in ADOMs

FortiManager 7.2.2 supports mixed version ADOMs, allowing you to upgrade an ADOM's version without first being required to update the firmware of all devices in the ADOM.

See the table below for device firmware versions that are supported by each ADOM version:

ADOM Version

Device management support

6.4 Manage devices with firmware version 6.4, and 7.0.
7.0 Manage devices with firmware 6.4, 7.0, and 7.2.

7.2

Manage devices with firmware 7.0 and 7.2

You can upgrade the ADOM version before all of the devices within the ADOM have been updated.

The general steps for upgrading ADOM versions are as follows:

  1. In the ADOM, update one or more of the FortiGate units to the new firmware version.
    For example, update the FortiGate from version 6.4 to 7.0, and then resynchronize the device. All of the ADOM objects, including Policy Packages, remain as 6.4 objects.
  2. Upgrade the ADOM to the new ADOM version. See Upgrading an ADOM for more information.

    For example, upgrade the ADOM from version 6.4. to 7.0. All of the database objects will be converted to 7.0 format, and the GUI content for the ADOM will change to reflect 7.0 features and behavior.

After the ADOM is upgraded, you can install configuration changes to FortiGates running the same version or one version earlier. FortiManager ADOM versions 6.4 and 7.0 support mixed FortiOS versions by automatically downgrading the CLI syntax to the same version as the device when you install configuration changes to FortiGates running an earlier version of FortiOS.

Automatic downgrade of CLI syntax is handled as follows:

  • New CLI syntax that does not exist in the previous version is discarded during downgrade and isn't used.
  • Modified CLI syntax is reverted to the previous version's CLI syntax and used.
  • Deleted CLI syntax is converted to the previous version's CLI syntax and uses the default values from that version.
Tooltip

Although you can install configuration changes to FortiGates running an earlier firmware version than the ADOM, the best practice is to install configuration changes to devices that are on the same version as the ADOM.

Caution

You cannot import configurations from devices on different firmware versions than the ADOM version. For example, the configuration of a FortiGate device on 7.0.x cannot be imported into a FortiManager 7.2 ADOM.

Using mixed versions in ADOMs

Using mixed versions in ADOMs

FortiManager 7.2.2 supports mixed version ADOMs, allowing you to upgrade an ADOM's version without first being required to update the firmware of all devices in the ADOM.

See the table below for device firmware versions that are supported by each ADOM version:

ADOM Version

Device management support

6.4 Manage devices with firmware version 6.4, and 7.0.
7.0 Manage devices with firmware 6.4, 7.0, and 7.2.

7.2

Manage devices with firmware 7.0 and 7.2

You can upgrade the ADOM version before all of the devices within the ADOM have been updated.

The general steps for upgrading ADOM versions are as follows:

  1. In the ADOM, update one or more of the FortiGate units to the new firmware version.
    For example, update the FortiGate from version 6.4 to 7.0, and then resynchronize the device. All of the ADOM objects, including Policy Packages, remain as 6.4 objects.
  2. Upgrade the ADOM to the new ADOM version. See Upgrading an ADOM for more information.

    For example, upgrade the ADOM from version 6.4. to 7.0. All of the database objects will be converted to 7.0 format, and the GUI content for the ADOM will change to reflect 7.0 features and behavior.

After the ADOM is upgraded, you can install configuration changes to FortiGates running the same version or one version earlier. FortiManager ADOM versions 6.4 and 7.0 support mixed FortiOS versions by automatically downgrading the CLI syntax to the same version as the device when you install configuration changes to FortiGates running an earlier version of FortiOS.

Automatic downgrade of CLI syntax is handled as follows:

  • New CLI syntax that does not exist in the previous version is discarded during downgrade and isn't used.
  • Modified CLI syntax is reverted to the previous version's CLI syntax and used.
  • Deleted CLI syntax is converted to the previous version's CLI syntax and uses the default values from that version.
Tooltip

Although you can install configuration changes to FortiGates running an earlier firmware version than the ADOM, the best practice is to install configuration changes to devices that are on the same version as the ADOM.

Caution

You cannot import configurations from devices on different firmware versions than the ADOM version. For example, the configuration of a FortiGate device on 7.0.x cannot be imported into a FortiManager 7.2 ADOM.