Help
FortiAuthenticator
FortiAuthenticator provides centralized authentication services for the Fortinet Security Fabric including multi-factor authentication, single sign-on services, certificate management, and guest management.
Debbie_FTNT
Staff
Staff

Created on ‎03-23-2022 08:46 AM Edited on ‎05-23-2024 07:09 AM By Moderator

Article Id 207452

Technical Tip: Downgrading FortiAuthenticator

Description

 

This article explains how to downgrade a FortiAuthenticator to a previous version for recovery purposes.

 

Scope

 

FortiAuthenticator.

 

Solution

 

FortiAuthenticator upgrades may sometimes need to be reverted.

In this case, a downgrade becomes necessary.

 

What shape a downgrade can take depends on if the FortiAuthenticator in question is hardware or VM model.

 

The only way to recover a previous configuration is with a configuration backup from prior to the upgrade, or a VM snapshot from before the upgrade.

 

 

Hardware FortiAuthenticator.

 

To downgrade hardware FortiAuthenticators, the best solution is to format it, then install the desired firmware version via TFTP and restore a previous configuration backup.

 

This process is very similar to doing the same with a FortiGate:

 

Debbie_FTNT_0-1648048352784.png

 

 

  1. Reboot FortiAuthenticator.
  2. Interrupt the bootup when FortiAuthenticator displays 'Press any key to display configuration menu' by pressing any key.
  3. Type ‘F’ to format.
  4. Wait for FortiAuthenticator to come up again.
  5. Interrupt boot again as in step 2.
  6. Type ‘G’ to load firmware from TFTP.

 

More details on loading firmware from TFTP can be found in the FortiGate KB found here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Formatting-and-loading-FortiGate-firmware-...

 

VM FortiAuthenticator.

 

If the FortiAuthenticator in question is a VM, there are two options:

- Revert to a previous snapshot (if one was taken).

- Set up a new VM with the old firmware.

 

FortiAuthenticator VMs can be reverted to a previous snapshot without any issue.

If no snapshot was taken, the only other option is to set up a new VM with the desired firmware version, boot that up and restore the configuration backup from the original FortiAuthenticator.

 

This backup will include all associated licences and the new VM will have the same serial number, IP addresses, routing, etc. as the old VM.

Make sure the new VM has the same number of interfaces assigned, and those interfaces are associated with the same networks in the hypervisor.

 

Note: The configuration backup must be from the same firmware version currently in use. It is not possible to restore a configuration backup from a different firmware version.

2203
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.