Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
kgeorge
Staff
Staff

Created on ‎02-28-2023 05:08 AM Edited on ‎12-15-2025 07:46 AM By Staff

Article Id 247513

Technical Tip: Firmware Upgrade/Downgrade via Built-in FortiGate Management Station

Description This article describes how to make use of the built-in FortiGate Management Station for Firmware Upgrade/Downgrade directly via CLI Console.
Scope FortiGate.
Solution

Execute the command:

 

execute restore image management-station ?

 

It will bring up a list similar to below:

 

07002000FIMG0013702004 v7.02 MR2-GA-F P4 b1396 (upgrade)
07002000FIMG0013702002 v7.02 MR2-GA-F P2 b1255 (downgrade)
07000000FIMG0013700009 v7.00 GA-M P9 b0444 (downgrade)
07000000FIMG0013700008 v7.00 GA-F P8 b0418 (downgrade)
07000000FIMG0013700007 v7.00 GA-F P7 b0367 (downgrade)
06004000FIMG0013704012 v6.04 MR4-GA-M P12 b2060 (downgrade)
06004000FIMG0013704011 v6.04 MR4-GA-M P11 b2030 (downgrade)
06004000FIMG0013704010 v6.04 MR4-GA-M P10 b2000 (downgrade)

 

The above is captured from the machine running on firmware v7.2.3 (v7.02 MR2-GA-F P3 b1262):

 

  • v7.02  -> Version 7.2.
  • MR2-GA-F -> F for Feature Build and M for Mature Build.
  • P4 -> Patch 4 (7.2.4).b1396 -> Build number.

 

For upgrading to v7.2.4, complete the command with its corresponding value as shown below:

 

execute restore image management-station 07002000FIMG0013702004

 

Then, it will show the output:

 

Getting image 07002000FIMG0013702004 from Management station...
#################################################################
This operation will replace the current firmware version!
Do you want to continue? (y/n)

 

Continue with prompts to complete the Upgrade or Downgrade process accordingly.

If the FortiGate is in an HA cluster, the secondary unit will upgrade first, followed by the primary. The following will be the output when upgrading a FortiGate in an HA cluster.

 

Getting image 07004000FIMG0026804009 from Management station...
####################################################################################################
This operation will replace the current firmware version!
Do you want to continue? (y/n)y

Verifying the signature of the firmware image.
Warning: Installing image v7.4.9 from v7.4.8 may result in loss of configuration. Do you want to proceed?
Do you want to continue? (y/n)y

Warning: Upgrading to an image with Mature maturity notation.

Please wait for system to restart.
Wait for HA to be primary of all clusters...
Send image to HA secondary.
Wait for secondary to restart..........

 

Important:

  • Do not forget to take a backup of the Configuration File before performing the Upgrade/Downgrade, as, unlike the GUI, this process will not give the option to take a backup.
  • There should be proper connectivity to the FortiGuard Server to accomplish this process.

 

Disclaimer:

Fortinet TAC does not provide standby support for firmware upgrades/downgrades. Call the Fortinet Support Hotline only when an issue is encountered during the upgrade/downgrade process.

Furthermore, if an issue occurs as a result of a downgrade, be prepared to perform a TFTP format and reinstall operation to restore service: Technical Tip: Formatting and loading FortiGate firmware image using TFTP.
2865
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.