FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Vbharath_FTNT
Article Id 194980

Description

 

This article describes how to upgrade FortiGate firmware. FortiGate administrators whose access profiles contain system configuration read and write privileges and the FortiGate admin user can change the FortiGate firmware.

Download the most recent firmware build from the Fortinet Technical Support web site at http://support.fortinet.com/.

 

Scope

 

FortiGate.

 

Solution

 

Before upgrading.

 

It is important to read the release notes which are as well available from the Fortinet Customer Service & Support site (https://support.fortinet.com/) at the same location from where the firmware image was downloaded. After downloading, review the special notices, upgrade information, product integration and support, resolved issue, known issues and limitations

 

Also, check the upgrade path tool for a correct upgrade path.

Under 'select product' on the firmware download page, make sure to pick the correct product and version, then select the destination version and then select 'go'. Failure to follow a valid upgrade path will cause issues.

 

To upgrade the firmware using the web-based manager.

 

Note: Always upgrade the firmware from a local copy. Never perform firmware upgrade over the Internet.


5.2.x & 5.4.x versions

To upgrade the firmware

  1. Log into the web-based manager as the administrative user.
  2. Go to System -> Dashboard -> Status and locate the System Information widget.
  3. Beside Firmware Version, select Update.
  4. In the next screen, select the 'Browse' or 'Upload Firmware' button.
  5. Locate the file on the local computer and select the firmware image file.
  6. Select the 'Backup config and upgrade' button to backup the configuration and start a firmware upgrade.

The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the FortiGate login. This process takes a few minutes.


5.6.x, 6.0.x & 6.2.x Versions
.

 

  1. Log into the web-based manager as the administrative user.
  2. Go to System -> Firmware -> Select the 'Browse' button to locate the firmware image file.
  3. Locate the file on the local computer and select the firmware image file.
  4. Select the 'Backup config and upgrade' button to back up the configuration and start a firmware upgrade.
  5. The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the FortiGate login. This process takes a few minutes.

 

7.0.x, Versions.

 

  1. Log into the web-based manager as the admin user.
  2. Go to System -> Firmware and there would be 4 tabs: Latest, All Upgrades, All Downgrades and File Upload.
  3. Select option File upload, click on the Browse button to locate the firmware image file.
  4. Locate the file on the local computer and select the firmware image file.
  5. Select the 'Backup config and upgrade' button to back up the configuration and start a firmware upgrade.
  6. The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the FortiGate login. This process takes a few minutes.
  7. An alternative process is to go to System -> Fabric Management, select the FortiGate, and select the Upgrade option. Similarly, 4 tabs will appear: follow steps 3 to 6.

 

7.2.x and 7.4.x Versions:

 

  1. Log into the web-based manager as the admin user.
  2. Go to System -> Fabric Management and select the FortiGate and then select option Upgrade. 4 tabs would appear:  Latest, All Upgrades, All Downgrades and File Upload.
  3. Select the File upload option and select the Browse button to locate the firmware image file.
  4. Locate the file on the local computer and select the firmware image file.
  5. Select the 'Backup config and upgrade' button to back up the configuration and start firmware upgrade.
  6. The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the FortiGate login. This process takes a few minutes.
     

Upgrading the firmware through the CLI.

Before starting, ensure a TFTP server is running and accessible to the FortiGate unit.

Copy the new firmware image file to the root directory of the TFTP server.

Log into the CLI.

Make sure the FortiGate unit can connect to the TFTP server.

Use the following command to ping the computer running the TFTP server. For example, if the IP address of the TFTP server is 192.168.1.168:

 

execute ping 192.168.1.168

Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit:

 

execute restore image tftp <filename> <tftp_ipv4>

 

The FortiGate unit responds with the message:

    This operation will replace the current firmware version!

    Do you want to continue? (y/n)

 

Type y. The FortiGate unit will upload the firmware image file, upgrade to the new firmware version, and restart. This process takes a few minutes.


Reconnect to the CLI.

 

Updating the firmware on FortiGate.

1.      

Browse to support.fortinet.com and log in.

Go to Downloads -> Firmware Images -> Fortigate -> Vr _ -> MR_ -> Patch _ and view the list for the image file matching the device model.

Backup the Fortigate Config by going to the menu tabs on the left of the interface window.

  • Go to System -> Dashboard -> Status -> System Information -> System Config -> Backup.
  • Select 'Backup' and allow the browser to save the file to a secure location.
  • Load the firmware and reboot by going to the menu tabs on the left of the interface window.
  • Go to System -> Dashboard -> Status -> System Information -> Firmware Version -> Update.
  • In the 'Upgrade From' field, choose 'Local Hard Disk'.
  • Browse to the location of the saved firmware, downloaded in step 2 by pressing the 'Browse' button.
  • Take note of the 'Upgrade Partition' (this cannot be altered here).
  • To boot to the firmware, ensure that the “Boot the New Firmware” box is selected. This option is not available on earlier firmwares.
  • Press OK. The Fortigate will reboot.

Upgrading From the Details window.

 

Load the firmware and reboot by going to the menu tabs on the left of the interface window. Go to System > Dashboard > Status > System Information > Firmware Version > Details.

  • Select the partition to upload the firmware to. (It is best practice to select the non-active partition for fallback reasons.)
  • Select Upload at the top
  • In the 'Upgrade From' field choose 'Local Hard Disk'.
  • Browse to the location of the saved firmware downloaded in step 2 above by pressing the 'Browse button'.
  • Take note of the 'Upgrade Partition' (this cannot be altered here).
  • To boot to the firmware, ensure that the 'Boot the New Firmware' box is selected. This option is not available on earlier firmwares.
  • If it is not desirable to boot immediately to the new firmware, deselect the 'Boot the New Firmware' box.
  • Press OK.

The Fortigate will reboot.

 

Upload and Boot to Firmware at a later time or Boot to Previous Firmware.

 

In the CLI, use the following commands:

 

diag sys flash list   

 

(Lists partitions and checks if they are active.)

 

execute set-next-reboot <primary|secondary>

 

(Indicates what partition to boot from next time the device reboots. Partition#1 = primary, Partition 2 = Secondary).

 

execute reboot

 

(Will cause the fortigate to reboot.)