Description

This article describes how to downgrade to the last firmware image after upgrading.

Solution

When FortiGate is upgraded, the previous firmware image that was running before the upgrade will still be stored as a backup firmware image on the flash drive.
This backup image can be rolled back in two ways:

• Roll back to the previous version by interrupting the Booting process as below:

1. Run the command 'diag sys flash list' on CLI to double-check the firmware images available.
   
   
2. Connect to the console port using a null modem, RJ-45 to DB9, or RJ-45 to USB console cable.
   
   
3. Open a CLI session via a serial connection using PuTTY or any similar software.
   Check which COM port should be used for the connection from the Windows device manager (assuming the Windows system is used to perform this activity).
   
   
4. Login to the console CLI and restart it using the command 'execute reboot'.
   
   
5. When the console displays 'Press any key to display configuration menu...' press the space bar or any other key.
   
   
6. A list of choices will come up that looks like the following:
   
   [G]:  Get firmware image from TFTP server.
   [F]:  Format boot device.
   [I]:  Configuration and information.
   [B]:  Boot with backup firmware and set as default.
   [Q]:  Quit menu and continue to boot.
   [H]:  Display this list of options.
   
   
7. Press 'B' on the keyboard to boot with the backup firmware image.
   

The unit will boot after that with the backup firmware image and the configuration that was in place when it was running.

Or:

• Roll back to the previous version by Selecting an alternate firmware for the next reboot.

More information on how to select alternative firmware, follow the below article:

Technical Tip: Selecting an alternate firmware for the next reboot

Note: Perform the task during a maintenance window and keep a valid configuration backup.