Upgrading from 6.0 to 7.0.2
FortiPortal may be upgraded from 6.0 to 7.0.2. You must first upgrade your system from any earlier version to 6.0.12 or later.
See Notes below for important details that may affect your upgrade. |
To upgrade FortiPortal 6.0 to 7.0.2:
-
Create a MySQL backup file from your FortiPortal 6.0 database.
The backup file can be created by running this command in your terminal:
mysqldump -u[Your_User_Name] -p[Your_Password] --all_databases > [Your_FileName]
Example:
mysqldump -uJohnDoe -pPassword --all_databses > MyFPCv6.sql
-
Download the
upgrade_tool
script from the Fortinet Customer Service & Support website (https://support.fortinet.com/).This script processes your database backup file and outputs a new file you will upload to your new FortiPortal 7.0.2 installation.
The upgrade tool must be run in a Linux environment. The required version is Ubuntu 22.04 or later with Python 3.9.x or higher. Other operating system families such as Debian and CentOS are not verified and are not guaranteed to work successfully.
It requires root (
sudo
) access to run. -
In your terminal, run
chmod +x upgrade_tool
to make it executable. -
Run
sudo ./upgrade_tool
. When prompted, input your linux system password. -
At the prompt
Please enter your file name:
, enter the path to the MySQL dump file you created in step 1. For example,MyFPCv6.sql
.After the upgrade tool finishes running, a file
fpc_upgrade.bk
is created. -
Shutdown the FortiPortal 6.0 VM.
-
Install a new FortiPortal 7.0.2 VM (see Installing FortiPortal 7.0.8).
-
In FortiPortal 7.0.2, go to Dashboard > System Configuration, click Restore System, and upload the
fpc_upgrade.bk
file. The system reboots when the restore process is complete.
The upgrade tool generates a json file named |
Notes
-
Themes, alerts, and FortiAP devices are not retained in this upgrade process.
-
You must re-enter the passwords for all connected FortiManagers and FortiAnalyzers.
-
If SMTP email authentication is enabled, you must re-enter that password.
-
User spuser from FortiPortal 6.0 is changed to spuser_old.
-
The authentication method is reset to local.
If re-enabling remote authentication, you must to re-enter the Remote Server Key (FortiAuthenticator and RADIUS) but other remote authentication info is retained.
-
Users will need to use their temporary password from the
user_pwd
file generated by the upgrade tool to log in. -
The policy installation scheduler installation time is reset to
00:00
. -
The FortiManager device repo status is set to Unknown, as there is no such data in the previous version.
-
Device display name are now in the format of {adom}/{serial_number}/vdom.
-
All profiles now have a prefix of v6- (for example, v6-System Admin).
-
Any role with a combination of multiple roles is converted into a new profile with a new name combining the roles (for eaxmple, v6-foo_v6-bar).
-
FortiPortal 6.0 and 7.0 have different permission control designs. These are the permission changes made during the upgrade:
-
Provider > Organization: If Customer, Sites, and Reports permissions are different, Organization is set to Custom.
-
Provider > Device: If FortiManager and FortiAnalyzer have different permissions, Device is set to Custom.
-
Provider > System: If Settings/Profile/Admins/Themes have different permissions, System is set to Custom.
-
Provider > Additional Resources: Set to Read.
-
Provider > Notification: Set to Read.
-
Provider > Audit: Set to Read/Write.
-
Customer > Insights: If Dashboard, Monitor, Health, and Logs have different permission, Insights is set to Custom.
-
Customer > Insights > Monitors: Shares the same permissions as Logs.
-
Customer > Insights > Logs: If Traffic, IPS, Sandbox, AV, DNS, App-Control, Web-Filter, and Event have different permissions, Logs is set to Custom.
-
Customer > Security: If Policy, Firewall, Network, Routing have different permissions, Security is set to Custom.
-
Customer > Security > Policy: Everything under Policy retains permissions from 6.0.
-
Customer > Security > Objects: If not everything under Objects share the same permissions, Firewall Objects is set to Custom.
-
Customer > Security > Network: If not everything under Network shares the same permissions, Network is set to Custom.
-
Customer > Security > Routing: Set to None.
-
Customer > SD-WAN: If Monitoring and Configuration have different permissions, SD-WAN is set to Custom.
-
Customer > Switch: Set to None.
-
Any other permissions that are new in FortiPortal 7.0 are set to None.
-