New Member

Question

Autoupgrade firmware for expired support

Forum|Forum|7 months ago
October 24, 2025
7 replies
5108 views

My Fortigate device is out of support, and is currently running 7.4.8.

It has started to attempt upgrading to the latest patch (7.4.9) as per the new upgrade mechanism:

https://docs.fortinet.com/document/fortigate/7.4.0/new-features/320693/automatic-firmware-upgrades-for-fortigate-appliances-with-invalid-support-contracts-or-that-have-reached-end-of-support-7-4-8

However it keeps failing and sending emails that it has failed.

logdesc="A federated upgrade could not be completed by the root FortiGate" msg="Federated upgrade failed after reaching state downloading" reason="download failed"

Its sent that one a few times, is now also sendning emails regarding the schedule being changed:

logdesc="Automatic firmware upgrade schedule changed" user="system" msg="System patch-level auto-upgrade new image installation (re)scheduled to between local time Thu Oct 23 01:42:23 2025 and local time Thu Oct 23 04:00:00 2025. This installation is forced and cannot be cancelled."

Does anyone know how I can fix it so it is abel to upgrade it, or to disable the upgrades that keep erroring?

Many Thanks,

Chris

FortiGate

funkylicious

SuperUser

hi,

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-cancel-FortiGate-upgrade-using-Fabric/ta-p/261395

try doing a execute federated-upgrade cancel , then

config system federated-upgrade

set status disabled

end

"jack of all trades, master of none"

chrisgdgAuthor

New Member

Thanks.

The cancel command fails stating "The existing upgrades cannot be cancelled"

funkylicious

SuperUser

try execute auto-upgrade delay-installation and then cancel.

"jack of all trades, master of none"

chrisgdgAuthor

New Member

tried that, the cancel still reports that existing upgrades cannot be cancelled

Toshi_Esumi

SuperUser

I would try disabling upgrade first.
<if managed by FMG>
config sys central-management
set allow-pur-firmware disable
end
<for all>
config sys fortiguard
set auto-firmware-upgrade disable

set gui-prompt-auto-upgrade disable
end

If it still rejects because a schedule exists, I would try manually upgrade it to 7.4.9 that can be done without a valid license. Then if necessary, swap back the boot partition to the previous one with 7.4.8 image&config later.

Toshi

chrisgdgAuthor

New Member

Unfortunately that doesn't help. It also appears that in 7.4.8 they now disable the manual upgrade option if you are not in support, nor can I find the download for it anyway :(

MikeGoedken

New Member

I'm having the same exact issue, download failed. No other way to update.

msauve

Explorer

Did you ever get past this?

chrisgdgAuthor

New Member

Unfortunately not. I had to turn off the email notifications from the fortigate that kept telling me the upgrade had failed, and ignore the emails from fortinet that tell me that forticloud doesn't support it anymore!

ClemensD

Visitor III

There's a way around this.

Go to "Fabric Connectors" -> Central Management, set it to Enabled and just add any IP (e.g. 127.0.0.1 works).

It will tell you that it cannot retrieve the FMG Certificate, just press return.

Now the forced Update is gone and you will be able to manually upload FW files like before.

After updating you can just remove the FMG Connection again.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded