FortiAuthenticator
FortiAuthenticator provides access management and single sign on.
Debbie_FTNT
Staff
Staff
Article Id 207452

Description

 

This article explains how to downgrade a FortiAuthenticator to a previous version for recovery purposes.

 

Scope

 

FortiAuthenticator

 

Solution

 

FortiAuthenticator upgrades may sometimes need to be reverted.

In this case, a downgrade becomes necessary.

 

What shape a downgrade can take depends on if the FortiAuthenticator in question is hardware or VM model.

 

The only way to recover a previous configuration is with a configuration backup or a VM snapshot.

 

 

Hardware FortiAuthenticator.

 

To downgrade hardware FortiAuthenticators, the best solution is to format it, then install the desired firmware version via TFTP and restore a previous configuration backup.

 

This process is very similar to doing the same with a FortiGate:

 

Debbie_FTNT_0-1648048352784.png

 

 

1) Reboot FortiAuthenticator.

2) Interrupt the bootup when FortiAuthenticator displays 'Press any key to display configuration menu' by pressing any key.

3) Type ‘F’ to format.

4) Wait for FortiAuthenticator to come up again.

5) Interrupt boot again as in step 2.

6) Type ‘G’ to load firmware from TFTP.

 

More details on loading firmware from TFTP can be found in the FortiGate KB found here: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Formatting-and-loading-FortiGate-firmware-...

 

VM FortiAuthenticator.

 

If the FortiAuthenticator in question is a VM, there are two options:

- Revert to a previous snapshot (if one was taken).

- Set up a new VM with the old firmware.

 

FortiAuthenticator VMs can be reverted to a previous snapshot without any issue.

If no snapshot was taken, the only other option is to set up a new VM with the desired firmware version, boot that up and restore the configuration backup from the original FortiAuthenticator.

 

This backup will include all associated licences and the new VM will have the same serial number, IP addresses, routing, etc. as the old VM.

Make sure the new VM has the same number of interfaces assigned, and those interfaces are associated with the same networks in the hypervisor.

Contributors