FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
yangw
Staff
Staff
Article Id 313292
Description This article describes a boot failure that occurs after upgrading to an affected firmware version without following a recommended upgrade path.
Scope Direct upgrade to v7.0.15, v7.2.9, v7.4.4, or v7.6.0 from firmware v7.0.11, v7.2.4, or any earlier version.
Solution

The filesystem integrity check is enforced on boot in v7.0.15, v7.2.9, v7.4.4, and v7.6.0.

 

If an administrator directly upgrades to one of these firmware versions from v6.4.12, v7.0.11, v7.2.4, or any earlier version, the filesystem integrity check will fail and the device will not boot.

 

The failure to boot after upgrade owing to this check is fixed in v7.0.16, v7.2.10, v7.4.5, or v7.6.1 as Resolved Issue 1069554, see v7.0.16 Release Notes - Resolved Issues.

 

Upgrading from earlier versions to these versions does not fail the filesystem check, but may fail for other reasons or have other issues. It is strongly recommended to follow a recommended FortiGate/FortiOS Upgrade Path rather than directly upgrade.


There is a known GUI issue that can cause unintended direct upgrades, see the article GUI Firmware Upgrade tool not following Upgrade Path on the FortiGate.

Example failure to boot and resolution on v7.0.15:

 

error.PNG

 

  • The error message 'failed verification on /data/datafs.tar.gz' is expected when directly upgrading from v7.0.11 and earlier to v7.0.15 or above.
  • It is strongly recommended to follow a recommended upgrade path. For example, v7.0.10 -> v7.0.14 -> v7.0.15 -> v7.2.9
  • If an upgrade to v7.0.15 causes failure to boot, local access is required to recover. See the article Technical Tip: Boot the backup firmware and config via console. After booting from the backup image, upgrade following a recommended path.

 

Selecting an alternate firmware for the next reboot:
Loading Alternate Firmware

Upgrade path tool:

Upgrade Path Tool Table

 

Related documents:
Technical Tip: Boot the backup firmware and config via console

Technical Tip: Formatting and loading FortiGate firmware image using TFTP
Technical Tip: Selecting an alternate firmware for the next reboot

v7.0.15 Release Notes: Upgrading from 7.0.11 or earlier versions

v7.0.12 New Features: Enhance BIOS-level signature and file integrity checking
v7.0.15 New Features: Enhance file integrity check to perform verification during system bootup