This article describes the precedence and independence of automatic patch upgrades between FortiGate Cloud Premium and local FortiGate settings. It clarifies which settings take precedence and how they interact with each other.
Scope
FortiGates using FortiGate Cloud (both Premium and Standard portals), Automatic firmware updates via both FortiGate Cloud and local settings, FortiCloud v24.2.0 and v7.2.
Solution
FortiGates have the option to manage automatic patch upgrades through both FortiGate Cloud and local settings. Below is a detailed explanation of how these settings interact and which takes precedence:
Parallel Operation:
The automatic patch feature in FortiGate Cloud operates in parallel with the local FortiGate setting.
Users can enable or disable the automatic patch feature in FortiGate Cloud if the FortiGate is registered with a FortiGate Cloud Service subscription.
Adjusting the automatic patch setting in the cloud does not affect the local FortiGate setting and vice versa.
Precedence:
In cases where an automatic patch upgrade is scheduled on both the cloud and local sides, the upgrade task that is scheduled to occur first will take precedence.
If the cloud detects that the firmware version has already been patched on the FortiGate device by the local setting, the cloud will not push another upgrade.
Buffer Period:
The auto patch feature on the Cloud side is currently under a 90-day buffer period as recommended by the legal team.
This means changes to the auto patch setting on the cloud side will not take immediate effect.
