Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
samandeep
Staff
Staff

Created on ‎03-27-2024 10:52 PM Edited on ‎11-24-2024 11:56 PM By Moderator

Article Id 306899

Technical Tip: Auto-firmware-update enabled by default when upgrading FortiOS from v7.0.X to v7.2.6

Description

This article describes that Auto-firmware-update is enabled by default when upgrading FortiOS from v7.0.x to v7.2.6 and how to disable it.

This issue is resolved on v7.2.9.
Scope FortiGate v7.2.5, v7.2.6. FortiGate 7.4.4.
Solution

In some models, when units are upgraded from the v7.0.x series to v7.2.5 or v7.2.6, this auto-firmware feature just gets enabled.

 

Note:

From Firmware v7.4.5 and higher the 'automatic firmware upgrade option has changed'.

 

The command 'auto-firmware-upgrade' is enabled for all the models, also including the VMs. 

 

Changes in default behavior for automatic firmware upgrade control  

 

However, when deploying fresh v7.2.6 and v7.4.4 on FortiGates, the auto-firmware feature will be disabled by default.

 

If upgrading from v7.0.x series to v7.2.8 or later via v7.2.5/7.2.6 based on the FortiOS upgrade path, based on the requirement, it is possible to disable this feature.

 

To check whether this feature is enabled or not, check the below command:

 

diagnose test application forticldd 13

 

If enabled, the CLI response would be:

 

Automatic image upgrade: enabled

 

If disabled, the CLI response would be:

 

diagnose test application forticldd 13

Scheduled push image upgrade: no

Scheduled Config Restore: no

Scheduled Script Restore: no

Automatic image upgrade: Disabled.

 

To preview the setting in the CLI, run:

 

config sys fortiguard
sh full | grep auto

  

The output should show in the CLI as follows:

 

FortiGate # config sys fortiguard

FortiGate(fortiguard) # sh full | grep auto
    set auto-join-forticloud enable
    set auto-firmware-upgrade enabled   <-----
    set gui-prompt-auto-upgrade disable
    set interface-select-method auto

 

To edit the auto-upgrade-firmware setting, it is possible to disable the feature and view the change from the CLI with the following:

 

config sys fortiguard
    set auto-firmware-upgrade disable
end

config sys fortiguard
sh full | grep auto


The output should show in the CLI as follows: 

 

FortiGate # config sys fortiguard

FortiGate(fortiguard) # sh full | grep auto
    set auto-join-forticloud enable
    set auto-firmware-upgrade disable   <-----
    set gui-prompt-auto-upgrade disable
    set interface-select-method auto

 

Note that the auto-firmware-upgrade feature has started on firmware version 7.2.1 and higher. 

 

Related document:

Enabling automatic firmware updates | FortiGate / FortiOS 7.2.1 | Fortinet Document Library
7289
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.