Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
akawade
Staff
Staff

Created on ‎12-26-2019 05:08 AM Edited on ‎03-27-2024 10:15 PM By Community Manager

Article Id 196998

Technical Tip: Failed to download firmware from FortiGuard

Description


This article provides information of the error which occurs when upgrading the firmware of FortiGate via GUI.

 

Scope

 

FortiGate.


Solution


To upgrade the firmware go to System -> Firmware.

The firmware management shows the current version running on the unit and the next available version.
Before performing the upgrade, verify the upgrade path (if applicable) and refer the release notes of the firmware which the unit suggests to upgrade.

Example:
If the Current version shows as FortiOS v6.0.7 build0302 (GA) It will show the firmware version which can be upgraded on unit as below:


 
 
The above is just an example, as per unit firmware and the available firmware versions to upgrade, it shows the information.

Select 'Backup config and upgrade', a new window will open as below:
 
 
 
Select 'Continue' to upgrade the firmware, it takes some seconds and if the upgrade gets failed, the below error appears:
 
 
The above error implies that the Fortigate device unable to contact the Fortiguard server to fetch the firmware image and hence the upgrade is Failed.
Now, check the Fortiguard reachability with the below command:
 
execute ping service.fortiguard.net <----- It shows some packets loss.
get system fortiguard <----- To verify the FortiGuard port (53 or 8888).To troubleshoot FortiGuard packet loss :
 
  1. Change the DNS : go to Network -> DNS and change primary as 8.8.8.8 and Secondary as 4.2.2.2.
  2. Shuffle the port between 53 and 8888. If set to 8888, change it to 53 as below:
 
# config system fortiguard
    set port 53
end
 
  1. Try disabling fortiguard-anycast:
 
config system fortiguard 
    set fortiguard-anycast disable 
end 
exec update-now
 
Now, check the FortiGuard accessibility again with the ping command as above.
If issue is still present, check if there is any issue in the upstream (L3) router and if it is still blocking the packets.
 
Or just ignore the upgrade failed error and perform the upgrade firmware manually, by downloading the firmware image from the support portal as per the FortiGate model (Refer to the related article for the manual upgrade).

 

Related srticle:

Technical Tip: Manual firmware upgrade by referring upgrade path

Labels:
54399
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.