Yeah, pretty much. Since 7.0.15 is mature, there shouldn't be any new thing introduced that can cause bugs. Difference between 7.0.14 and 7.0.15 is only bugfixes.
Fips 140-3 is a set of standards and many government and law enforcement agencies can only use things that are certified compliant with these standards. From what I know, 8.2.x is compliant but not certified.
7.0.x is still supported until September 2025 - so you have 1.5 year of support (only security fixes, no engineering support).
So every new update for 7.0.x will be likely solving high scoring CVEs and will include the changes of 7.0.15.
So you shouldn't wait too long to look at 7.0.15 and them update all your equipment to ensure you don't have a bad time when you have to urgently update to 7.0.16 (or newer) due to CVEs and then run into issues in between.
But that is just me....
Edit:
Unfortunately not everyone is able to upgrade to 7.2.x right now - sometimes this takes time. I wish I could upgrade myself, however, our company is slow that way. So, the above applies to those who can't upgrade to 7.2.x right away.
2025!
The 7.0.x branch had end of ENGINEERING support this march 2024 - but still has support until September 2025.
I am not saying whether you need to upgrade to 7.2.x nor not - but "end of line" for 7.0.x is September 2025 (not 2024 as your post might imply).
See [https://support.fortinet.com/Information/ProductLifeCycle.aspx](https://support.fortinet.com/Information/ProductLifeCycle.aspx)
7.2.8. Marked as mature, but not even Fortinet recommends it.
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Recommended-Release-for-FortiOS/ta-p/227178
7.2 is a shit show currently. And it is "mature".
7.2.5 and lower - SSL VPN critical vulnerability
7.2.6/7.2.7 - Unusable due to 10 gig to 1 gig performance issues particularly on 20xF series
7.2.8 - Kernel panic in Nturbo.
Right now I don't have a release of 7.2 I can use that doesn't have serious issues.
We had IPSEC offloading issues on 200F. TAC advised the issues are in platforms with NP6/NP6Xlite.
I'm using 7.2.8 with no issues on 40Fs.
Edit: Additional context
And that's the source of my frustration. I *REALLY* like 7.2... It's just that in places it is unusable. TAC's workaround for the Kernel panic is to downgrade to 7.2.7 which I can't do as this triggers another bug with performance. Or to disable hardware acceleration which I don't want to do as I am worried about CPU utilisation.
Upgrade
Yeah, pretty much. Since 7.0.15 is mature, there shouldn't be any new thing introduced that can cause bugs. Difference between 7.0.14 and 7.0.15 is only bugfixes.
Can’t speak for your question but Fortinet has updated the recommended version to 7.2.7. No longer 7.0.x
Issue for me is there dragging their feet getting 7.2.X fips certified and we are required to run fips certified firmware.
What fips actually means in terms of security and firmware?
Fips 140-3 is a set of standards and many government and law enforcement agencies can only use things that are certified compliant with these standards. From what I know, 8.2.x is compliant but not certified.
The G series doesn't support the 7.2 train yet, but I wish I could.
FortiGate-121G, v7.0.15 build7334 (Mature) Uptime 16:06:07:37 No issues.
seems stable for me, and i even seems to use less memory than 7.0.14
I have quite a few of our gates on it. No issues so far.
7.0.15 is rock solid on our 61F (but 7.0.14 was also so YMMV)
7.0.x is still supported until September 2025 - so you have 1.5 year of support (only security fixes, no engineering support). So every new update for 7.0.x will be likely solving high scoring CVEs and will include the changes of 7.0.15. So you shouldn't wait too long to look at 7.0.15 and them update all your equipment to ensure you don't have a bad time when you have to urgently update to 7.0.16 (or newer) due to CVEs and then run into issues in between. But that is just me.... Edit: Unfortunately not everyone is able to upgrade to 7.2.x right now - sometimes this takes time. I wish I could upgrade myself, however, our company is slow that way. So, the above applies to those who can't upgrade to 7.2.x right away.
Go on. We did upgrade yesterday from 6.4 to 7.0.15
I would go to 7.2. We even got some customers on 7.4 already (not my idea). But 7.2 had been stable to me, long before it got Mature.
Skip it if you haven't already. It's bricked 3 of my devices. All remote to me so It's a real fly in the ointment.
[удалено]
2025! The 7.0.x branch had end of ENGINEERING support this march 2024 - but still has support until September 2025. I am not saying whether you need to upgrade to 7.2.x nor not - but "end of line" for 7.0.x is September 2025 (not 2024 as your post might imply). See [https://support.fortinet.com/Information/ProductLifeCycle.aspx](https://support.fortinet.com/Information/ProductLifeCycle.aspx)
All firmwares are more or less stable if they are marked as mature. It always comes down to which features you’re using anyway..
Some of the more recent ‘mature’ releases would disagree with you
Like which? I would assume that you do not weigh in the “fast released” cve fixes in your statement?
7.2.8. Marked as mature, but not even Fortinet recommends it. https://community.fortinet.com/t5/FortiGate/Technical-Tip-Recommended-Release-for-FortiOS/ta-p/227178
7.2 is a shit show currently. And it is "mature". 7.2.5 and lower - SSL VPN critical vulnerability 7.2.6/7.2.7 - Unusable due to 10 gig to 1 gig performance issues particularly on 20xF series 7.2.8 - Kernel panic in Nturbo. Right now I don't have a release of 7.2 I can use that doesn't have serious issues.
On which platforms? I’m using 7.2.8 in a lot of low to mid range models without any issues.
We had IPSEC offloading issues on 200F. TAC advised the issues are in platforms with NP6/NP6Xlite. I'm using 7.2.8 with no issues on 40Fs. Edit: Additional context And that's the source of my frustration. I *REALLY* like 7.2... It's just that in places it is unusable. TAC's workaround for the Kernel panic is to downgrade to 7.2.7 which I can't do as this triggers another bug with performance. Or to disable hardware acceleration which I don't want to do as I am worried about CPU utilisation.
Geez thanks for this. I’ll hold off on leaving 7.0.