Skip to main content
unpredictable1
unpredictable1
New Member
March 9, 2018
Question

Can you view the previous firmware before an upgrade?

  • March 9, 2018
  • 1 reply
  • 12743 views

I have a FortiWifi 60E that I got in the first half of 2017, I did a newb mistake this morning in upgrading the firmware straight to v5.4.8, build6501 instead of following the proper upgrade path.

My problem is, I don't recall the previous firmware. I believe it was 5.4.3 but really not certain.

I did take a backup of the config before doing the upgrade but when I try to revert back, still comes up 5.4.8

 

My router still works outside of the Wifi from the Fortigate is barely usable. (I'm thinking I might have other problems I haven't come across yet)

 

Is there a way to dissect the config file I have? Should I download a firmware and start fresh at a certain revision?

    1 reply

    Markus
    Markus
    New Member
    March 9, 2018

    Hi, Welcome to the forum You can see the version in the backup file. Opened in text editor, the first line shows something similar #config-version=FWF60E-5.6.3-FW-build1547-171204 I would recommend that you download this version and downgrade your FG. Then it should be possible to restore the configuration. Some points to cover for downgrading http://help.fortinet.com/fos50hlp/54/Content/FortiOS/fortigate-best-practices-54/Firmware/Performing_Firmware_Downgrade.htm

     

    Good luck

    ede_pfau
    SuperUser
    ede_pfau
    SuperUser
    March 9, 2018

    My suggestion would be to keep calm and have a look first which parts of the config are damaged - if any. Going from v5.4.x directly to v5.4.8 isn't nice as an upgrade may include transformations of parts of the config where e.g. the syntax has changed. These transform routines are included in the firmware image and run automatically.

     

    This would really be detrimental if you skipped from one FortiOS main version to another. Currently, there is v5.2, v5.4, v5.6 and (soon, bleeding edge) v6.0 as the main OS versions. But in my experience skipping a patch release will only affect small parts of the config. It would be wise to first assess the damage before downgrading as this will 100% revert the FGT to factory defaults. If you don't have physical access to the FGT this will be really a showstopper.

     

    Just download the current config (without password a.k.a. as cleartext) and compare that with a diff tool to your backup. Chances are high that only the version comment in the first line and all encrypted strings are different. The latter will still be valid.

    If you upgraded from, say v5.2, to v5.4 there might be more places which differ. You could patch these manually, either in the config file, or via GUI/CLI of the live FGT.

    emnoc
    emnoc
    New Member
    March 9, 2018

    What you could do if you have a latest backup at the time of the upgrade

     

    1>  revert back to   the previous version ( the  image is on the 2nd partition that's now in active )

     

    2> reload that  previous version

     

    3> restore the cfg

     

    4>  and now upgrade using the  FTNT-support  upgrade migration path

     

    Make backups along the way

     

    Ken

     

    Terms & ConditionsAccessibility statement