Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
npaiva
Staff & Editor
Staff & Editor

Created on ‎03-25-2025 05:31 AM Edited on ‎10-10-2025 06:07 AM By Moderator

Article Id 384454

Technical Tip: Change Security Level on FortiGate G series models

Description This article describes how to change the BIOS Security Level on FortiGate G series models.
Scope FortiGate 50G, 70G, 90G (Gen2), 120G, and 200G series and their variants.
Solution

On most FortiGate Appliances, including the 30G models, to change the BIOS security level and allow to installation of unsigned Firmware Images, it is necessary to follow the steps on the following documentation page:

 

BIOS-level signature and file integrity checking during downgrade - FortiOS 7.2.9 release notes.

 

For the 50G, 70G, 90G (Gen2), and 200G series of appliances, option '[U]' inside the System Information menu does not exist.

To change the security level, this appliance series has a special switch panel.

 

For the 50G series, the signed firmware cover is on the back of the appliance. The screw needs to be removed from the panel.

 

50g-panel.png

 

After the screw is removed, it will reveal a switch that can be set to Low [L] or High security mode [H]:

 

50g-switch-edit.png

 

For the 70G, the signed firmware panel is also on the back.  The screw needs to be removed to reveal the switch to set Low [L] or High security mode [H].

 

70G back.jpg

 

On the front of the 70G series, there is an LED to indicate whether the security mode is set to [L] or [H].

 

70G front.jpg

 

Note: FortiGate 90G (Gen2) is Part Numbers: Pxxxxx-11-01 and above (see the FortiGate 90G quick reference guide). 

On the front of the 90G (Gen2) series, there is an LED to indicate whether the security mode is set to [L] or [H].

 

2025-06-05_10-25-49.png

 

For the 90G (Gen2), the signed firmware panel is also on the back.  The screw needs to be removed to reveal the switch to set Low [L] or High security mode [H].

 

2025-06-05_10-24-23.png

 

For the 120GG series, both the panel and the LED indicators are on the front of the unit. The screw needs to be removed to access the switch to set the security mode to [L] or [H]. The LED indicates the current mode.

 

FGT120G.jpg

 

 

 

For the 200G series, similar to the 120G, both the panel and the LED indicators are on the front of the unit. The screw needs to be removed to access the switch to set the security mode to [L] or [H]. The LED indicates the current mode.

 

200G front.jpg

 

For more information about setting up FortiGate appliances, see the Hardware Guides.

For more information regarding the different BIOS security levels, refer to this documentation: BIOS security Low and High level classification 

 

Note:

When this switch is moved from high (default) to low, this will generate a log with the ID:

 

22906 - LOG_ID_SECURITY_LEVEL_CHANGE

 

Note:

When the value of the switch is adjusted, the BIOS security value will not update until the FortiGate is rebooted. The command get system status can be used to check the current BIOS security level and the current physical switch security level setting.
Labels:
2627
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.