When buying/renewing Fortigate firewalls it is important to take into accountthe Support/Updates life cycle. Fortinet use few terms in this regard we need tounderstand.
- End of Order Date
The last date we can buy a particular model of theFortigate. Those dates are individual for each model and are announced onongoing basis. The source of truth for all models is the pagehttps://support.fortinet.com/Information/ProductLifeCycle.aspx, which is beingupdated periodically. The page requires Forticloud registration, but is free andavailable to everyone. This date is the starting point of all the other datecalculations.
- End of Support (EOS)
The last date in the Fortigate model life cycle. There will beno hardware or software support for this model beyond this date. The usualpractice is to have EOS 60 months (5 years) since the End of Order date.After this date, nor hardware nor software support is provided, even the critical vulnerabilities in the FortiOS (software)will not be fixed.
- Last Service Extension Date (LSED)
The last date we can extendsupport/subscription service for a model which is not being sold anymore. Thisdate will be at the latest 12 months before the End of Support date.
- End of Engineering Support Date (EOES)
This is for firmware (FortiOS) only -after this date, only the critical security patches and updates will be issued for agiven version of FortiOS, until the End of Support for this FortiOS version. The regular bugs will not be fixed or reported.Currently, it is 36 months (3 years) starting with the date of the first release in agiven FortiOS version.
Now let’s look at examples. Fortigate 100E - End of Order is August 17th of2021, Last Service Extension Date is 17th of August year 2025, and End of Supportis 17th of August year 2026. This means we cannot (2023) order this modelanymore as new, we can extend subscription services like AV/IPS/etc. till the17th of August 2025, and after the 17th of August 2026 we cannot opensupport/RMA tickets or get new patches/software for this Fortigate. On theFortiOS level, the release notes for FortiOS 7.2.3 list Fortigate 100E assupported, so we can safely assume that until the End of Engineering Support forthis version (7.2.x), set at 31st of March 2025, we will haveupdated versions fixing bugs and security vulnerabilities available as well.After that date we can hope Fortinet will issue patches for criticalvulnerabilities in 7.2.x, but no regular bugs would be fixed.After the End of Support for 7.2 date, which happens at 30th of September 2026,given that hardware model issupported until 17th August of 2026, there will be no newreleases of any FortiOS for this Fortigate 100E.
Important | Life cycles of Fortigate hardware models and FortiOS firmware versionsare unrelated. Fortinet drops FortiOS new releases support forsmaller models first. |
Let’s look at Fortigate 30E - which was released in 2015. The End of Order is31st of March 2022, End of Service Extension is 31st of March 2026, and the End ofSupport is on 31st of March, 2027. The logic is the same as for the Fortigate 100E,but the latest version of FortiOS available for this model is 6.2.x train andthere will be no 6.4/7.0/7.2/etc. versions for it. End of Engineering Supportfor 6.2 happened on 28th of March 2022, which means even though we have modelsupport up to 2027, Fortinet will not release new features or fix regular bugsfor this 6.2 versions. Moreover, the critical vulnerabilities will be fixeduntil 28th of September 2023. So we may potentially have a supported hardwaremodel until 2027, but which has/will have critical vulnerabilities in itsFortiOS version unfixed for 4 years. Be aware of this in your calculations.
N.B. It is not all black or white - for the recent critical heap-basedbuffer overflow Fortinet did create a fix even for beyond End ofSupport version 6.0 (6.0.16), but it is not guaranteed or even promised.
Resources
Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what Ipublish on Linkedin, Github, blog, and more.
