Glad to have you back! I wish we could schedule an upgrade to happen on a date... I don't have a 24x7 operation, but I have a security system that goes offline during an upgrade, so I need to preplan to be offline with the security vendor.
I read about this, but I think I still rather do it manually. Good to see you back! If you need tips on what topics to discuss... maybe go over a deep dive in all that you can do with diagnose and when to use execute vs get vs diagnose. For instance, how to search your Fortinet stack (i.e., when using FortiLink connected switches) for a particular endpoint MAC address or something. I figured out how to do this, but maybe others could use help.
Mike great to see you back, I'm assuming this feature is best for standalone units not being managed by FMG or perhaps the 7.4 FMG would give you a central pane of glass to define it's use. Haven't jumped into 7.4 yet but it's always neat seeing what's on the horizon.
The other time I might hesitate is with HA deployments. I have had, on more than one occasion, the update of an HA pair not complete correctly. I.e. only one updates for some random reason. I like to manually update HA pairs so I can monitor the process from start to finish etc. Cheers ~M
I know what you mean. I've never personally experienced this when updating the HA setups including full upgrades. Although I am not running the latest branch firmware either. 7.0 is working for me right now. I do have plans to bump it up to the next version. Just hate moving away from stable versions but eventually will no longer be supported.
When I upgraded a couple branches to the new firmware I have noticed this new update feature so went ahead and enabled it. I've set it to update itself in 7 days after it's release to give it time to be field tested. I feel 3 days is just too short in case of serious bugs. I get it about zero day CVE these days but friggin annoying to see an office go down and not come back up due to bad update. 7 days is a good balance to me. You're correct that I would never enable this on big production firewalls like at Corporate or Data Centers.
Does the automatic update feature read the release notes for known issues and mitigate them or not upgrade if it will cause an impact to the environment? One could dream. :D
Thank you for the feature update. You mentioned you probably wouldn't automate a 24Hr production environment. Do you have any general advice on managing say firmware in a 24Hr running environment with one person?
I just wouldn’t do automatic on a datacenter. Branches are fine. Big operations you just schedule windows and properly execute change management requirements.
@@MM-ne3mg Interesting you say HA as the main site is in HA. I've applied firmware and lost complete access for about 15 minutes. Even Forticloud showed no connectivity during an update. I was remote assuming HA would be fine. Don't trust it now
@@kd42424 I hear you. Most of my deployments are HA, it generally does work well. You just need to watch out for some of those gotchas i.e. When updating it appears like you loss connection but really you need to reconnect since the other unit has taken over, ensure cabling setup is confirmed, be aware of what applications may not like the HA handover etc. Don't give up on it, it does work! If you encountered issues just monitor it really closely next time to see what broke during the update or reach out to TAC prior to the update. The support team at Fortinet are fantastic.
@@MM-ne3mg I have a couple of locations with HA (Corporate and Data Center). They always update without issues and almost zero disruptions. The disruptions are usually very brief and nobody notices it. Whenever I lose connection to the firewall I just refresh the page because the MGT's virtual IP is being moved to the active box. Then I can get back in to monitor the remaining updates on the secondary box.
Correction: This feature is not new to 7.4.1! My time away has cost me some knowledge! Thanks for the alert guys! Love Ya'll!
It's good to see you here again, I really like your videos and they have helped me a lot.
this channel is so underrated. Please don't stop making videos
Exactly this! Thanks mike😊
Nice to have you back, I've always watched your channel and it taught me a lot. Greetings from Poland
Glad to have you back! I wish we could schedule an upgrade to happen on a date... I don't have a 24x7 operation, but I have a security system that goes offline during an upgrade, so I need to preplan to be offline with the security vendor.
glad to see you again!
Thanks Mike, great to see you back. Looking forward to more of your great content. Cheers from New Zealand.
Glad your back!
Glad to see you back Mike! Thanks for another great video!
Thank you for the amazing videos 🙏
Glad to have you back Mike
I read about this, but I think I still rather do it manually. Good to see you back! If you need tips on what topics to discuss... maybe go over a deep dive in all that you can do with diagnose and when to use execute vs get vs diagnose. For instance, how to search your Fortinet stack (i.e., when using FortiLink connected switches) for a particular endpoint MAC address or something. I figured out how to do this, but maybe others could use help.
As always, great video! Thanks, Mike!
Mike great to see you back, I'm assuming this feature is best for standalone units not being managed by FMG or perhaps the 7.4 FMG would give you a central pane of glass to define it's use. Haven't jumped into 7.4 yet but it's always neat seeing what's on the horizon.
Great to have you back.
The other time I might hesitate is with HA deployments. I have had, on more than one occasion, the update of an HA pair not complete correctly. I.e. only one updates for some random reason. I like to manually update HA pairs so I can monitor the process from start to finish etc. Cheers ~M
Oh lawd. Don’t get me started on HA updates 😂
I know what you mean. I've never personally experienced this when updating the HA setups including full upgrades. Although I am not running the latest branch firmware either. 7.0 is working for me right now. I do have plans to bump it up to the next version. Just hate moving away from stable versions but eventually will no longer be supported.
Hi Mike,
Could you make a video on the Fortimanager.
When I upgraded a couple branches to the new firmware I have noticed this new update feature so went ahead and enabled it. I've set it to update itself in 7 days after it's release to give it time to be field tested. I feel 3 days is just too short in case of serious bugs. I get it about zero day CVE these days but friggin annoying to see an office go down and not come back up due to bad update. 7 days is a good balance to me. You're correct that I would never enable this on big production firewalls like at Corporate or Data Centers.
i don't know if you talked about FortiSase but it would be nice if you could.
Is it only the Minor Update that the FortiGate do or the newst Version, for example a Major Update from 7.2.6 to 7.4.1?
Good question. I can't imagine they would automatically upgrade to the next major version without your consent. Even the installed version is EOL.
Ah yes the friday Yolo feature
Does the automatic update feature read the release notes for known issues and mitigate them or not upgrade if it will cause an impact to the environment? One could dream. :D
Thank you for the feature update.
You mentioned you probably wouldn't automate a 24Hr production environment.
Do you have any general advice on managing say firmware in a 24Hr running environment with one person?
I just wouldn’t do automatic on a datacenter. Branches are fine. Big operations you just schedule windows and properly execute change management requirements.
Depending on the deployment, HA might be a good option. It can allow for a seamless update
@@MM-ne3mg Interesting you say HA as the main site is in HA. I've applied firmware and lost complete access for about 15 minutes. Even Forticloud showed no connectivity during an update. I was remote assuming HA would be fine. Don't trust it now
@@kd42424 I hear you. Most of my deployments are HA, it generally does work well. You just need to watch out for some of those gotchas i.e. When updating it appears like you loss connection but really you need to reconnect since the other unit has taken over, ensure cabling setup is confirmed, be aware of what applications may not like the HA handover etc. Don't give up on it, it does work! If you encountered issues just monitor it really closely next time to see what broke during the update or reach out to TAC prior to the update. The support team at Fortinet are fantastic.
@@MM-ne3mg I have a couple of locations with HA (Corporate and Data Center). They always update without issues and almost zero disruptions. The disruptions are usually very brief and nobody notices it. Whenever I lose connection to the firewall I just refresh the page because the MGT's virtual IP is being moved to the active box. Then I can get back in to monitor the remaining updates on the secondary box.
Thx for the video. but the Feature was already released on 7.2.3;)
That’s how behind the times I am!
@@FortinetGuru not true. ;) too much work as everyone
could u pls use mic. ur voice rather soft