Feature Specific Considerations
Version |
Description |
---|---|
8.x/9.x |
Upgrade path requirements:
|
8.x |
Upgrading NAC from pre-8 versions to 8.x could break communication with agents running version 3.0 through 3.2. Hosts that have security disabled are not affected. In newer agent versions 3.3 and greater, the communication protocol was changed from SSLv3 to TLS to address the POODLE vulnerability (CVE-2014-3566). As of Network Sentry 8.0.0, SSLv3 has been disabled completely. In newer agent versions 3.3 and greater, the communication protocol was changed from SSLv3 to TLS to address the POODLE vulnerability (CVE-2014-3566). As of Network Sentry 8.0.0, SSLv3 has been disabled completely. For details and workaround for the above, see KB article 194426. |
8.3.x |
For new installs and upgrades from older than 8.2, the "Default UDP" Persistent Agent Transport Configuration (UDP 4567) will initially be disabled. Agent versions 3.x and 4.x use both TCP 4568 and UDP 4567 to communicate. . For details and workaround for the above, see KB article 196082. |
8.5.x and higher |
|
8.8.x |
Note: As of 8.8.2, the default protocol was changed to HTTP. Customers that currently do not have a README and want to upgrade themselves should do the following:
Customers that currently have a README, do not want to upgrade themselves, or cannot make the temporary firewall change should contact Support to schedule the upgrade. |
8.8.3 |
|
8.8.5 |
|
9.2 |
As of Persistent Agent version 5.3, there is no option to disable secure agent communications. Agents upgraded from previous versions to 5.3 or greater will communicate over TCP 4568 regardless of the "securityEnabled" Persistent Agent setting. Therefore, the following must be done prior to upgrading hosts to agent version 5.3:
|
9.2 |
The number of Operating System and Anti-Virus program options in the Scan Configuration have been reduced. Only those currently supported or commonly in use are now listed. For a list of available Operating Systems and Anti-Virus programs, see KB article 198098. |
9.2.7 |
SSH keyboard-interactive is disabled by default starting with versions 9.2.7, 9.4.2 and F7.2. This may affect FortiNAC's CLI access to a limited number of devices (like Arista switches). For details and workaround see KB article 244979. |
Versions 9.4, 7.2 and greater |
See Upgrade Requirements in the appropriate release notes for additional considerations. |