Skip to main content
johnlloyd_13
johnlloyd_13
Explorer III
December 11, 2025
Solved

FortiGate Downgrade

  • December 11, 2025
  • 3 replies
  • 1504 views

hi,

i got a brand new FGT and it got a default OS 7.4.8M.

i need to downgrade to 7.2.10M to be consistent in our environment.

per checking the upgrade path tool, it is a direct path.

since this is a brand new chassis with no config yet, can i safely downgrade directly from 7.4.8M > 7.2.10M?

 

image.png

 

Best answer by AEK

Hi John

Yes you can, but the config may be corrupted after that, so you need to run factory reset after the downgrade.

On the other hand it is better to downgrade to 7.2.12, since 7.2.10 has a couple of nasty vulnerabilities.

https://www.fortiguard.com/psirt?filter=1&product=FortiOS-6K7K%2CFortiOS&version=7.2.10&severity=5&severity=4&keyword=

 

3 replies

AEK
SuperUser
AEKAnswer
SuperUser
December 11, 2025

Hi John

Yes you can, but the config may be corrupted after that, so you need to run factory reset after the downgrade.

On the other hand it is better to downgrade to 7.2.12, since 7.2.10 has a couple of nasty vulnerabilities.

https://www.fortiguard.com/psirt?filter=1&product=FortiOS-6K7K%2CFortiOS&version=7.2.10&severity=5&severity=4&keyword=

 

AEK
    johnlloyd_13
    johnlloyd_13Author
    Explorer III
    December 12, 2025

    hi,

    thanks for the tip and advise!

    just curious, is there a fortinet link to tech tip saying you'll need to factory reset after a downgrade (for a new box)?

    AEK
    SuperUser
    AEK
    SuperUser
    December 13, 2025

    Hi John

    I found the official info for other Fortinet equipment like FortiMail.

    https://docs.fortinet.com/document/fortimail/6.0.12/ga-release-notes/857090/firmware-upgrade-and-downgrade

    But as per my knowledge it is also the same for FortiOS. This is because the upgrade path handles configuration transportation from a one version to a higher version (when following upgrade path), but this is not the case in downgrades.

    It means when you downgrade you may have some config fragments that are not transported to the lower version and not known by this lower version, it means you may have some configuration errors.

     

    Edit: As per my knowledge it is also the same for a new box, since even fresh config may have some config fragments that are specific to a version but unknown by a lower versions.

    AEK
      johnlloyd_13
      johnlloyd_13Author
      Explorer III
      December 18, 2025

      hi,

      i just did a downgrade on a new FG 7.6 > 7.2, so far it's been doing ok.

      i also did a config factory reset once it's on 7.2 just to be sure there will be no issue.

       

        Terms & ConditionsAccessibility statement