Version:

Version:

Version:

Version:

Version:

Version:

Version:

Version:


Table of Contents

Special notices

Support of FortiLink features

Refer to the FortiSwitchOS feature matrix for details about the FortiLink features supported by each FortiSwitchOS model.

Downgrading FortiSwitchOS 7.0.0 and later to versions earlier than 6.2.6 or 6.4.4 is not supported

Downgrading FortiSwitchOS 7.0.0 and later to FortiSwitchOS 6.2.6 and later 6.2 versions is supported. Downgrading FortiSwitchOS 7.0.0 and later to FortiSwitchOS 6.4.4 and later 6.4 versions is supported. Downgrading FortiSwitchOS 7.0.0 and later to versions earlier than FortiSwitchOS 6.2.6 or 6.4.4 is not supported.

Downgrading FortiSwitchOS 7.0.0 and later requires converting the admin password first

Because FortiSwitchOS 7.0.0 changed from SHA1 to SHA256 encryption for admin passwords, you need to convert the format of the admin password before downgrading from FortiSwitchOS 7.0.0 and later to an earlier FortiSwitchOS version.

caution icon If you do not convert the admin password before downgrading from FortiSwitchOS 7.0.0 and later, the admin password will not work after the switch reboots with the earlier FortiSwitchOS version.

The encrypted admin password in FortiSwitchOS 7.0.0 and higher starts with “SH2”, and the encrypted admin password for earlier FortiSwitchOS versions starts with “AK1”.

If you do not want to convert the format of the FortiSwitch admin password, you can use the FortiOS CLI to override the managed FortiSwitch admin password with the FortiGate admin password.

To convert the format of the admin password in FortiSwitchOS 7.0.0 and later before downgrading to an earlier FortiSwitchOS version:
  1. Enter the following FortiSwitchOS CLI command to convert the admin password from SHA256 to SHA1 encryption:

     

    execute system admin account-convert <admin_name>

     

  2. Downgrade your firmware.
To override the managed FortiSwitch admin password with the FortiGate admin password:

config switch-controller switch profile

edit <FortiSwitch_profile_name>

set login-passwd-override enable

set login-passwd <new_password>

end

NAC policies not maintained or converted when upgrading to 7.0.0

Existing NAC policies are not maintained or automatically converted into dynamic port policies after upgrading to FortiOS 7.0.0. They have to be reconfigured.

Special notices

Support of FortiLink features

Refer to the FortiSwitchOS feature matrix for details about the FortiLink features supported by each FortiSwitchOS model.

Downgrading FortiSwitchOS 7.0.0 and later to versions earlier than 6.2.6 or 6.4.4 is not supported

Downgrading FortiSwitchOS 7.0.0 and later to FortiSwitchOS 6.2.6 and later 6.2 versions is supported. Downgrading FortiSwitchOS 7.0.0 and later to FortiSwitchOS 6.4.4 and later 6.4 versions is supported. Downgrading FortiSwitchOS 7.0.0 and later to versions earlier than FortiSwitchOS 6.2.6 or 6.4.4 is not supported.

Downgrading FortiSwitchOS 7.0.0 and later requires converting the admin password first

Because FortiSwitchOS 7.0.0 changed from SHA1 to SHA256 encryption for admin passwords, you need to convert the format of the admin password before downgrading from FortiSwitchOS 7.0.0 and later to an earlier FortiSwitchOS version.

caution icon If you do not convert the admin password before downgrading from FortiSwitchOS 7.0.0 and later, the admin password will not work after the switch reboots with the earlier FortiSwitchOS version.

The encrypted admin password in FortiSwitchOS 7.0.0 and higher starts with “SH2”, and the encrypted admin password for earlier FortiSwitchOS versions starts with “AK1”.

If you do not want to convert the format of the FortiSwitch admin password, you can use the FortiOS CLI to override the managed FortiSwitch admin password with the FortiGate admin password.

To convert the format of the admin password in FortiSwitchOS 7.0.0 and later before downgrading to an earlier FortiSwitchOS version:
  1. Enter the following FortiSwitchOS CLI command to convert the admin password from SHA256 to SHA1 encryption:

     

    execute system admin account-convert <admin_name>

     

  2. Downgrade your firmware.
To override the managed FortiSwitch admin password with the FortiGate admin password:

config switch-controller switch profile

edit <FortiSwitch_profile_name>

set login-passwd-override enable

set login-passwd <new_password>

end

NAC policies not maintained or converted when upgrading to 7.0.0

Existing NAC policies are not maintained or automatically converted into dynamic port policies after upgrading to FortiOS 7.0.0. They have to be reconfigured.