Skip to main content
earthlab
earthlab
Explorer
February 10, 2024
Question

Can not update to FortiOS 7.2.7 on 60F.

  • February 10, 2024
  • 14 replies
  • 25031 views

Hi all,

 

I'm using FortiOS 7.2.6 on a FortiGate 60F. The current firmware is v7.2.6 build 1575. However, this version has a critical vulnerability [CWE-787]. You can find more details here: https://fortiguard.fortinet.com/psirt/FG-IR-24-015.

 

I attempted to upgrade to 7.2.7 through the FortiGate's fabric management page, but the page indicated that my firmware is up to date.

 

So I disabled SSL-VPN :(

 

Has anyone successfully upgraded to 7.2.7 on a FortiGate 60F through the fabric management page without having to manually upload the firmware?

 

Thank you.
Earthlab

14 replies

mpeddalla
Staff
mpeddalla
Staff
February 10, 2024

Hello  @earthlab ,

 

Thank you for contacting the Fortinet Forum portal.

-I would recommend upgrading manually for now as all the users are attempting on fabric Fortiguard might be slow.

article :

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-manually-download-Firmware-of-FortiGate-and/ta-p/197069

 

 

Best regards,

Manasa.

 

If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.

earthlab
earthlabAuthor
Explorer
February 10, 2024

Hello @mpeddalla 

Thank you for your advice.

I agree that FortiGuard might be slow.
For example, Download timeout or fail or Very slow.

 

But the system said 'The firmware is up to date.'

I think the correct message was "Getting firmware information failed.'
or "Firmware information is not up to date. please check later." .

 

A Junior stuff will thinks that "It's already up to date. So I don't have to sometiong.", Because Fortinet annouced that "We already distribution a fixed firmware."

#Of course, We have to compare the version. but...

 

Thank you,
Earthlab

funkylicious
SuperUser
funkylicious
SuperUser
February 10, 2024

Hi,

I noticed the exact same thing on several models running 7.2.6 saying its at the latest version.

The download from the portal, was horrible last night 20 CET, it took me 2 hours to download 60F and 200F v7.2.7 firmware.

"jack of all trades, master of none"
JBlaster
JBlaster
New Member
February 10, 2024

hello @earthlab
you can get the 7.2.7 upgrade file from support.fortinet.com downloads 7.0>7.2.7 > then find your model device then click HTTP link to download
Once you have file you can click link browse for file and update that way.

Just completed upgrade last night Upgrade path was 7.2.4> 7.2.6 > manual upgrade>7.2.7
Hope this helps
Jblaster

SecurityPlus
SecurityPlus
Explorer III
February 10, 2024

Also trying to update a 60F to 7.2.7. Under System/Fabric Management, I see "Upgrade to 7.2.7 shortly" under the Upgrade Status column to the right of the firewall. I don't see the System/Firmware page in the left nav as it shows via the link: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-manually-download-Firmware-of-FortiGate-and/ta-p/197069 

 

Also, I don't see how to manually provide the firmware update via this new interface.

 

I read that FortiGate firewalls lower than 100 series have automatic upgrades enabled. Is there a way to temporarily disable the automatic update to resolve this security vulnerability? I tried the following but I'm not sure that this worked, and I don't see access to manually update the firmware via the GUI:

config system fortiguard
set auto-firmware-upgrade disable

 

funkylicious
SuperUser
funkylicious
SuperUser
February 10, 2024

That option changed since 7.0, you now have it under Fabric Management

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/788240/fabric-management-page-7-0-2

 

The last tab after you right click and choose upgrade lets you upload the firmware ( File upload ) .

"jack of all trades, master of none"
    SecurityPlus
    SecurityPlus
    Explorer III
    February 10, 2024

    Also trying to update a 60F to 7.2.7. Under System/Fabric Management, I see "Upgrade to 7.2.7 shortly" under the Upgrade Status column to the right of the firewall. I don't see the System/Firmware page in the left nav as it shows via the link above titled: How-to-manually-download-Firmware-of-FortiGate

     

    Also, I don't see how to manually provide the firmware update via this new interface.

     

    I read that FortiGate firewalls lower than 100 series have automatic upgrades enabled. Is there a way to temporarily disable the automatic update to resolve this security vulnerability? I tried the following but I'm not sure that this worked, and I don't see access to manually update the firmware via the GUI:

    config system fortiguard
    set auto-firmware-upgrade disable

    SecurityPlus
    SecurityPlus
    Explorer III
    February 10, 2024

    I don't find the interface to manually update the firmware on a 70F currently running 7.2.6. The System/Firmware page is not present. The interface to provide the manual update file is not visible. Suggestions?

     

    Also, is it possible to instruct the automatic firmware updates to update NOW? If this is possible and is selected, does it run immediately or is it likely that there would be a delay?

    SecurityPlus
    SecurityPlus
    Explorer III
    February 10, 2024

    I just noticed that I can click Cancel Fabric Upgrade from the System/Fabric Management page and then continue with the manual update.

      fanus
      fanus
      Visitor III
      February 15, 2024

      Also had the same, the automatic update could not be approved or initiated, Cancelled and clicked on upgrade. Worked!

      SecurityPlus
      SecurityPlus
      Explorer III
      February 10, 2024

      Yes, I just successfully completed a manual update to a 60F (not sure what the build was) and it said it needed the update from 7.2.6 to 7.2.7.

       

      I'm logged into another 60F running 7.2.6 build 1575, but this one does not say that it needs to be updated to 7.2.7. Under the FortiGate Upgrade Select Firmware Latest tab, it says: The firmware is up to date. It only offers updates to 7.4.x. Is there a reason it does not think it needs the 7.2.7 update? Should I use the File Upload option?

      funkylicious
      SuperUser
      funkylicious
      SuperUser
      February 10, 2024

      Yes, for all devices that dont detect the latest version from 7.2.X train, do it manually.

      "jack of all trades, master of none"
      SecurityPlus
      SecurityPlus
      Explorer III
      February 10, 2024

      Can anyone tell me what the M means in the following firmware image: 

      FGR_60F-v7.2.7.M-build1577-FORTINET.out?

       

      I tried to use this image to update a FortiGate 60F (FGT60F) build 1575 from 7.2.6 to 7.2.7. When I provide the image via FortiGate Upgrade/Select Firmware/File Upload, I get a message that says: Image file doesn't match platform. I did check the checksum against the falue provided and it matches.

      SecurityPlus
      SecurityPlus
      Explorer III
      February 11, 2024

      Self-inflicted error. I should have been using the image that starts FGT_60F not FGR_60F. I presume that the R in FGR means rugged. When I used FGT_60F I encountered no errors.

      Toshi_Esumi
      SuperUser
      Toshi_Esumi
      SuperUser
      February 10, 2024

      I think M=Maintenance. By the way FGR_ images are for the rugged models. FGT_ images are for the regular FGT models.

      Toshi

        amuda
        Staff
        amuda
        Staff
        February 14, 2024

        M= Mature

        F= Feature

         

        More info here: https://docs.fortinet.com/document/fortigate/7.2.0/new-features/173707/introduce-maturity-firmware-levels

          Show more replies
          Terms & ConditionsAccessibility statement