Fortinet black logo

Administration Guide

Home FortiManager 7.4.2 Administration Guide
7.4.2
7.4.2
7.4.1
7.4.0
7.2.5
7.2.4
7.2.3
7.2.2
7.2.1
7.2.0
7.0.12
7.0.11
7.0.10
7.0.9
7.0.8
7.0.7
7.0.6
7.0.5
7.0.4
7.0.3
7.0.2
7.0.1
7.0.0
6.4.14
6.4.13
6.4.12
6.4.11
6.4.10
6.4.9
6.4.8
6.4.7
6.4.6
6.4.5
6.4.4
6.4.3
6.4.2
6.4.1
6.4.0
6.2.12
6.2.11
6.2.10
6.2.9
6.2.8
6.2.7
6.2.6
6.2.6
6.2.5
6.2.3
6.2.2
6.2.1
6.2.0
6.0.12
6.0.11
6.0.10
6.0.9
6.0.8
6.0.7
6.0.6
6.0.5
6.0.4
6.0.3
6.0.2
6.0.1
6.0.0
5.6.11
5.6.10
5.6.9
5.6.8
5.6.7
5.6.6
5.6.5
5.6.4
5.6.3
5.6.2
5.6.1
5.6.0
5.4.7
5.4.6
5.4.5
5.4.4
5.4.3
5.4.2
5.4.1
5.4.0
5.2.10
5.2.7
5.2.6
5.2.4
5.2.3
5.2.2
5.2.1
5.2.0
5.0.12
5.0.11
5.0.10
5.0.9
5.0.8
5.0.7
5.0.6
5.0.5
5.0.4
5.0.3
5.0.2
4.3.8
4.3.7
4.3.6
4.3.5
4.3.4
4.3.3
4.3.2
4.3.1
4.3.0
4.2.9
4.2.8
4.2.7
4.2.6
4.2.5
4.2.4
4.2.3
4.2.2
4.2.1
4.2.0
4.1.0
4.0.3
4.0.2
4.0.1
4.0.0

ADOM versions

ADOM versions

Each ADOM is associated with a specific firmware version. This version is selected when creating a new ADOM. See Creating ADOMs.

ADOMs are able to manage devices on the same firmware version as the ADOM. Some ADOMs also support managing devices on earlier or later versions. For example, ADOM version 7.2 can manage FortiGate devices with firmware 7.0, 7.2 and 7.4. This allows you to continue to manage the ADOM as normal while upgrading the devices within that ADOM.

See the table below for the FortiGate firmware versions that are supported by each ADOM version:

ADOM Version

Device Firmware Version

Import Configuration Support
7.0

7.0, 7.2.

7.0

7.2

7.0, 7.2, 7.4.

7.2

7.4

7.0, 7.2, 7.4.

7.0, 7.2, 7.4.

While you can manage FortiGate devices on mixed firmware versions, it is not recommended to permanently leave the ADOM with devices that contain a mix of firmware versions because of restrictions. For example, you cannot use features from the higher firmware version, such as templates that reference syntax from the higher version.

When adding a new FortiGate unit to an ADOM, the FortiGate unit should have the same FortiOS version as the ADOM.

Upgrading ADOM versions

The general steps for upgrading ADOM versions are as follows:

  1. In the ADOM, update one or more of the FortiGate units to the new firmware version.
    For example, update the FortiGate from version 7.0 to 7.2, and then resynchronize the device. All of the ADOM objects, including Policy Packages, remain as 7.0 objects.

  2. Upgrade the ADOM to the new ADOM version. See Upgrading an ADOM for more information.

    For example, upgrade the ADOM from version 7.0 to 7.2. All of the database objects will be converted to 7.2 format, and the GUI content for the ADOM will change to reflect 7.2 features and behavior.

Note

ADOMs managing devices on mixed firmware versions can be upgraded before all of the devices within the ADOM have been updated as long as the lowest device firmware version it is currently managing it still supported on the new ADOM version.

Installing configurations

After the ADOM is upgraded, you can install configuration changes to managed FortiGate devices on supported firmware versions. FortiManager ADOMs support mixed FortiOS versions by automatically downgrading the CLI syntax to the same version as the device when you install configuration changes to FortiGates running an earlier version of FortiOS. See the table above for device management support.

Automatic downgrade of CLI syntax is handled as follows:

  • New CLI syntax that does not exist in the previous version is discarded during downgrade and isn't used.

  • Modified CLI syntax is reverted to the previous version's CLI syntax and used.

  • Deleted CLI syntax is converted to the previous version's CLI syntax and uses the default values from that version.

Tooltip

Although you can install configuration changes to FortiGates running an earlier firmware version than the ADOM, the best practice is to install configuration changes to devices that are on the same version as the ADOM.

Importing configurations

You can import the configuration of a managed FortiGate device into the FortiManager database based on the following:

  • ADOMs on version 7.2 and earlier cannot import configurations from devices on different firmware versions than the ADOM version. For example, the configuration of a FortiGate device on 7.4.x or 7.0.x cannot be imported into a FortiManager 7.2 ADOM.

  • ADOMs on version 7.4 and later support importing configurations from devices up to two versions below the ADOM version. For example, the 7.4 ADOM can import configurations from 7.4, 7.2 and 7.0 devices.

Previous
Next

ADOM versions

Each ADOM is associated with a specific firmware version. This version is selected when creating a new ADOM. See Creating ADOMs.

ADOMs are able to manage devices on the same firmware version as the ADOM. Some ADOMs also support managing devices on earlier or later versions. For example, ADOM version 7.2 can manage FortiGate devices with firmware 7.0, 7.2 and 7.4. This allows you to continue to manage the ADOM as normal while upgrading the devices within that ADOM.

See the table below for the FortiGate firmware versions that are supported by each ADOM version:

ADOM Version

Device Firmware Version

Import Configuration Support
7.0

7.0, 7.2.

7.0

7.2

7.0, 7.2, 7.4.

7.2

7.4

7.0, 7.2, 7.4.

7.0, 7.2, 7.4.

While you can manage FortiGate devices on mixed firmware versions, it is not recommended to permanently leave the ADOM with devices that contain a mix of firmware versions because of restrictions. For example, you cannot use features from the higher firmware version, such as templates that reference syntax from the higher version.

When adding a new FortiGate unit to an ADOM, the FortiGate unit should have the same FortiOS version as the ADOM.

Upgrading ADOM versions

The general steps for upgrading ADOM versions are as follows:

  1. In the ADOM, update one or more of the FortiGate units to the new firmware version.
    For example, update the FortiGate from version 7.0 to 7.2, and then resynchronize the device. All of the ADOM objects, including Policy Packages, remain as 7.0 objects.

  2. Upgrade the ADOM to the new ADOM version. See Upgrading an ADOM for more information.

    For example, upgrade the ADOM from version 7.0 to 7.2. All of the database objects will be converted to 7.2 format, and the GUI content for the ADOM will change to reflect 7.2 features and behavior.

Note

ADOMs managing devices on mixed firmware versions can be upgraded before all of the devices within the ADOM have been updated as long as the lowest device firmware version it is currently managing it still supported on the new ADOM version.

Installing configurations

After the ADOM is upgraded, you can install configuration changes to managed FortiGate devices on supported firmware versions. FortiManager ADOMs support mixed FortiOS versions by automatically downgrading the CLI syntax to the same version as the device when you install configuration changes to FortiGates running an earlier version of FortiOS. See the table above for device management support.

Automatic downgrade of CLI syntax is handled as follows:

  • New CLI syntax that does not exist in the previous version is discarded during downgrade and isn't used.

  • Modified CLI syntax is reverted to the previous version's CLI syntax and used.

  • Deleted CLI syntax is converted to the previous version's CLI syntax and uses the default values from that version.

Tooltip

Although you can install configuration changes to FortiGates running an earlier firmware version than the ADOM, the best practice is to install configuration changes to devices that are on the same version as the ADOM.

Importing configurations

You can import the configuration of a managed FortiGate device into the FortiManager database based on the following:

  • ADOMs on version 7.2 and earlier cannot import configurations from devices on different firmware versions than the ADOM version. For example, the configuration of a FortiGate device on 7.4.x or 7.0.x cannot be imported into a FortiManager 7.2 ADOM.

  • ADOMs on version 7.4 and later support importing configurations from devices up to two versions below the ADOM version. For example, the 7.4 ADOM can import configurations from 7.4, 7.2 and 7.0 devices.

Previous
Next