Technical Tip: The importance of FortiGate Upgrade Path
Description
This article describes the importance of adhering to the Fortinet recommended firmware upgrade path for FortiGate devices. It outlines the associated risks of skipping upgrade steps and provides best practices for safely upgrading FortiOS to maintain system stability, security, and supportability.
Scope
FortiGate.
Solution
FortiGate Upgrade Path.
The FortiGate upgrade path refers to the officially documented sequence of firmware versions required to reach a specific FortiOS target release. Each step in the path is tested by Fortinet to ensure proper system operation and configuration migration.
Use the official Fortinet Upgrade Path Tool (authentication required) to determine the correct upgrade sequence for the specific FortiGate model and firmware version.
Risks of Skipping the Upgrade Path.
- Configuration Loss or Corruption: Skipping intermediate versions can cause schema mismatches and loss of settings.
- Feature Incompatibility: Introduced or deprecated features may not migrate correctly.
- Boot Failures or Kernel Panics: Firmware relies on sequential updates to maintain system integrity.
- Downgrade Limitations: Reverting may not recover a consistent or usable configuration.
Benefits of Following the Recommended Upgrade Path.
| Benefit | Description |
|---|---|
| ✔ Stability | Each step is verified by Fortinet for version compatibility. |
| ✔ Configuration Integrity | Settings are preserved and safely migrated across versions. |
| ✔ Feature Readiness | New features and system components are initialized correctly. |
| ✔ Supportability | Fortinet TAC can provide support more effectively with a compliant upgrade path. |
Best Practices for Firmware Upgrades.
- Use the Fortinet Upgrade Path Tool to determine the required steps.
- Backup the configuration before upgrading:
- GUI:
- Select the user name in the upper right-hand corner of the screen and select Configuration -> Backup. Backup directly to the local PC or to a USB Disk.
- CLI:
- GUI:
execute backup config flash <comment>
execute backup config ftp <backup_filename> <ftp_server>[<:ftp_port>] [<user_name>] [<password>] [<backup_password>]
execute backup config tftp <backup_filename> <tftp_servers> [<backup_password>]
execute backup config sftp <backup_filename> <sftp_server>[<:sftp_port>] <user> <password> [<backup_password>]
execute backup config management-station <comment>
execute backup config usb <backup_filename> [<backup_password>]
- Review release notes for each version to identify changes or deprecated features.
- Test upgrades in a lab environment when possible.
- Schedule upgrades during planned maintenance windows to reduce operational impact.
- Monitor system logs and interfaces after each upgrade step to validate functionality.
- Avoid remote firmware upgrades. If possible, have an on-site person available with console access to troubleshoot if required.
- Follow the Compatibility Matrix Guide:
- FortiManager with FortiGate (FortiOS):FortiOS Compatibility Tool
- FortiAnalyzer with FortiGate (FortiOS):FortiOS Compatibility Tool
- FortiAuthenticator with FortiGate (FortiOS): FortiOS support
- FortiAP with FortiGate (FortiOS): FortiAP and FortiOS 7.x Compatibility Matrix
- FortiSwitch with FortiGate (FortiOS): FortiLink Compatibility
Example Upgrade Path: v6.2.7 to v7.4.2.
Using the Fortinet Upgrade Path Tool, the following sequence may be required:
- v6.2.7 → v6.4.9.
- v6.4.9 → v7.0.11.
- v7.0.11 → v7.2.6.
- v7.2.6 → v7.4.2.
Verify Upgrade path Link: Upgrade Path Tool Table
Each step ensures configuration consistency and system stability.
Related documents:
FortiGate/FortiOS Upgrade Path
Conclusion:
Skipping the FortiGate firmware upgrade path can cause critical failures, configuration issues, and service interruptions. Following the documented upgrade sequence ensures a smooth transition between versions and maintains system reliability and supportability. Always plan, verify, and implement upgrades using the official upgrade path.