Skip to main content
CRi_sysadmin
CRi_sysadmin
New Member
May 29, 2026
Question

FortiGate F50G forced firmware upgrade failed from7.4.11 to 7.4.12

  • May 29, 2026
  • 3 replies
  • 146 views

Hi All, I have issue with F50G automatically upgrade to the latest patch 7.4.11 to 7.4.12 while the contract is expired.
It keep sending Email with message “This installation is forced and cannot be cancelled”. It has failed to install multiple times and keeps rescheduling. I checked the system events, which show that the download failed. Do you have any ideas on how to fix this?

I tried with this guide , and no lucks.
https://docs.fortinet.com/document/fortigate/7.4.11/administration-guide/320693/required-firmware-upgrades-for-fortigate-appliances-with-invalid-support-contracts-or-that-have-reached-eoes

Diagnose log:

[989] fds_load_upg_matrix_map_img_id: Same major.minor: Patch 11 leads to Patch 12
[999] fds_load_upg_matrix_map_img_id: Auto-upg chooses patch 7.4.12 (b2902)
[1002] fds_load_upg_matrix_map_img_id: This upgrade will not be forced upgrade
[989] fds_load_upg_matrix_map_img_id: Same major.minor: Patch 10 leads to Patch 12
[1013] fds_load_upg_matrix_map_img_id: Auto-upgrade has chosen image id:07004000FIMG0033104012
[1014] fds_load_upg_matrix_map_img_id: Auto-upgrade path: v7.4.11(b2878) -> v7.4.12(b2902),
[906] fds_auto_upg_path_preview: Auto-upgrade path overview:
[908] fds_auto_upg_path_preview: 7.4.11 --> 7.4.12
[1020] fds_load_upg_matrix_map_img_id: This upgrade will not be forced upgrade
[3051] tsk_send_image_list: num=12
[527] fds_send_reply: Sending 824 bytes data.
[471] fds_free_tsk: cmd=1; req.noreply=1
[471] fds_free_tsk: cmd=1; req.noreply=0
[3551] fds_handle_request: Received cmd 2 from pid-17789, len 257
[37] fds_queue_task: req-2 is added to fds-update
[614] fds_https_start_server: server: 173.243.140.6:443
[615] fds_https_start_server: source-ip: 0.0.0.0:0
[119] __ssl_cert_ctx_load: Added cert FGT50G*********, root ca Fortinet_CA, idx 0 (default)
[500] ssl_ctx_use_builtin_store: Loaded Fortinet Trusted Certs
[520] ssl_ctx_use_builtin_store: Enable CRL checking.
[527] ssl_ctx_use_builtin_store: Enable OCSP Stapling.
[843] ssl_ctx_create_new: SSL CTX is created
[870] ssl_new: SSL object is created
[93] https_create: proxy server 0.0.0.0 port:0
[241] forticldd_add_hostname_check: Add hostname checking 'globalupdate.fortinet.net'
[592] __tcps_tcp_start_connect: sockfd=11, server=173.243.140.6:443, use_harelay=0, use_proxy=0
[596] __tcps_tcp_start_connect: ret=-1
[601] __tcps_tcp_start_connect: errno=115(Operation now in progress)
[888] tcps_connect: 173.243.140.6:443 -- ret 0, state 0x0(Intialized) -> 0x11(Connecting)
[888] tcps_connect: 173.243.140.6:443 -- ret 0, state 0x11(Connecting) -> 0x12(SSL-Connecting)
[888] tcps_connect: 173.243.140.6:443 -- ret 1, state 0x12(SSL-Connecting) -> 0x12(SSL-Connecting)
[350] __ssl_crl_verify_cb: CRL not found. Depth 0
[402] __bio_mem_dump: OCSP status good

[773] __tcps_ssl_connect: SSL connected.
[888] tcps_connect: 173.243.140.6:443 -- ret 0, state 0x12(SSL-Connecting) -> 0x5(Established)
[507] fds_https_connect: https_connect(173.243.140.6:443) is established.
[300] fds_svr_default_on_established: fds-update has connected to ip=173.243.140.6:443
[307] fds_svr_default_on_established: server-fds-update handles cmd-2
[1385] img_untar_req: image=[07004000FIMG0033104012], outfile=[/var/log/federated_upgrade/FGT50G*********-7-4-12.img]
[160] fds_pack_objects: number of objects: 1
[130] fds_print_msg: FCPC: len=161
[137] fds_print_msg: Protocol=2.0
[137] fds_print_msg: Command=SelectiveUpdate
[137] fds_print_msg: Firmware=FGT50G-FW-7.04-2878
[137] fds_print_msg: SerialNumber=FGT50G*********
[137] fds_print_msg: PhysicalSN=FGT50G*********
[137] fds_print_msg: DataItem=07004000FIMG0033104012
[130] fds_print_msg: http req: len=264
[137] fds_print_msg: POST https://173.243.140.6:443/FCPService/FirmwareUpgrade HTTP/1.1
[137] fds_print_msg: User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1)
[137] fds_print_msg: Host: 173.243.140.6:443
[137] fds_print_msg: Cache-Control: no-cache
[137] fds_print_msg: Connection: close
[137] fds_print_msg: Content-Type: application/octet-stream
[137] fds_print_msg: Content-Length: 353
[511] fds_https_connect: http request to 173.243.140.6:443: header=264, ext=353.
[245] fds_https_send: sent 264 bytes: pos=0, len=264
[252] fds_https_send: 173.243.140.6:443: sent 264 byte header, now send 353-byte body
[245] fds_https_send: sent 353 bytes: pos=0, len=353
[260] fds_https_send: sent the entire request to server: 173.243.140.6:443
[285] fds_https_recv: no data is available
[296] fds_https_recv: read 15 bytes: pos=15, buf_len=8192
[296] fds_https_recv: read 2 bytes: pos=17, buf_len=8192
[296] fds_https_recv: read 40 bytes: pos=57, buf_len=8192
[296] fds_https_recv: read 21 bytes: pos=78, buf_len=8192
[296] fds_https_recv: read 19 bytes: pos=97, buf_len=8192
[296] fds_https_recv: read 2 bytes: pos=99, buf_len=8192
[318] fds_https_recv: received the header from server: 173.243.140.6:443, [HTTP/1.1 200 OK
Content-Type: application/otect-stream
Content-Length: 368
Connection: Close]
[391] fds_https_recv: server: 173.243.140.6:443, buf_len=368, pos=0
[296] fds_https_recv: read 368 bytes: pos=368, buf_len=368
[406] fds_https_recv: Read all content in no_unpack mode.buf_len=368, pos=368, content_read 368 == content_length 368
[667] fds_https_stop_server: 173.243.140.6:443
[212] __ssl_data_ctx_free: Done
[1123] ssl_free: Done
[204] __ssl_cert_ctx_free: Done
[1133] ssl_ctx_free: Done
[1114] ssl_disconnect: Shutdown
[333] fds_svr_default_on_response: server-fds-update handles cmd-2
[1595] sg_parse_res: content_read=0, new=368, total=368
[1646] sg_parse_res: FCPR:Protocol=2.0|Response=401|Firmware=FDS010-FW-1.00-001|SerialNumber=FPT-FGT-DELL0708|Server=FDSG|Persistent=false|Geolocation=KMG-APAC|Respons
eItem=07004000FIMG00331:401


[130] fds_print_msg: fcpr:  len=168
[137] fds_print_msg: Protocol=2.0
[137] fds_print_msg: Response=401
[137] fds_print_msg: Firmware=FDS010-FW-1.00-001
[137] fds_print_msg: SerialNumber=FPT-FGT-DELL0708
[137] fds_print_msg: Server=FDSG
[137] fds_print_msg: Persistent=false
[137] fds_print_msg: Geolocation=KMG-APAC
[137] fds_print_msg: ResponseItem=07004000FIMG00331:401
[1648] sg_parse_res: Wrong FCPR code

3 replies

msanjaypadma
Staff
msanjaypadma
Staff
May 29, 2026

Hi ​@CRi_sysadmin ,

Could you review the document below and follow the specified process? If you encounter any issues, record all steps and logs, and share them if possible.


If you have found a solution, please like and mark it as solved to make it easily accessible for everyone

Thanks,
Mayur Padma

    CRi_sysadmin
    CRi_sysadminAuthor
    New Member
    May 29, 2026

    i cancelled the federated-upgrade but the schedule still unchanged,
    any solutions to perform upgrade instead of cancel the upgrade?

    msanjaypadma
    Staff
    msanjaypadma
    Staff
    May 29, 2026

    Hi ​@CRi_sysadmin ,

    Did you tried to do manual upgrade file ? 
     

    Thanks,
    Mayur Padma

    CRi_sysadmin
    CRi_sysadminAuthor
    New Member
    June 5, 2026

    Hi All,

    The scheduled firmware update failed again during an unscheduled window.

    Could you please confirm if this device is eligible to update to the latest 7.4.x minor release while the support license is expired?

    I have attached the device logs for your review. Please let me know the next steps to resolve the update failure.

     

    msanjaypadma
    Staff
    msanjaypadma
    Staff
    June 5, 2026

    Hi ​@CRi_sysadmin ,

    Yes, you can able to upgrade the device to 7.4.x minor release. However as per the Fortinet Doc, for FortiGate appliances with invalid support contracts, the required upgrade may fail where the firmware download is blocked by FDS. Instead, users can obtain their firmware image and perform the upgrade manually in the CLI with TFTP.

    https://docs.fortinet.com/document/fortigate/7.4.8/administration-guide/320693/automatic-firmware-upgrades-for-fortigate-appliances-with-invalid-support-contracts-or-that-have-reached-end-of-support-new

    In your case, you may not see any firmware for FortiGate in your Fortinet Support Portal account. This could be because there are no other FortiGate appliances under contract.
     


    If you have found a solution, please like and mark it as solved to make it easily accessible for everyone.

    Thanks,
    Mayur Padma
     

      CRi_sysadmin
      CRi_sysadminAuthor
      New Member
      June 5, 2026

      None of the methods you provided solved the issue. The firewall log keeps showing 'update failed,' so you asked me to perform a manual firmware upgrade. However, I cannot obtain the firmware image.

       

      The device is trying to force its own firmware upgrade, and blocked by your system, and the result is you told me “This could be because there are no other FortiGate appliances under contract.”


      This makes absolutely no sense—how can the device automate an upgrade that your own platform refuses to permit?"

      Why don't you just provide a direct, unrestricted download link for the required firmware image.

      Terms & ConditionsAccessibility statement