Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
pjang
Staff
Staff

Created on ‎09-17-2024 09:35 PM

Article Id 341954

Technical Tip: GUI Firmware Upgrade tool not following Upgrade Path on the FortiGate (Known Issue)

Description

This article describes a known-issue with the GUI-based Upgrade Tool on the FortiGate: 

Users are advised not to use the FortiGuard-based Firmware Upgrade tool until the issue is resolved.

This article specifically refers to the FortiGate function that offers to 'follow upgrade path' automatically while downloading firmware via FortiGuard (as opposed to the manual File Upload method).
Scope FortiGate, Firmware Upgrades.
Solution

The FortiGate has multiple methods of performing Firmware Upgrades.

The traditional GUI-based method is to manually download firmware files from the Fortinet Support site and upload them to the FortiGate. This results in the FortiGate rebooting to apply the firmware, and the process can be repeated so that the FortiGate is upgraded while following the supported Firmware Upgrade Path (as defined by this tool: Upgrade Path Tool Table).

 

Since the manual method can be time-consuming for the administrator, an additional GUI-based option exists where the FortiGate can automatically handle firmware downloads while following the Upgrade Path.

The administrator selects the target firmware for the FortiGate, which results in an upgrade path being generated.

The FortiGate then downloads firmware from FortiGuard based on this upgrade path and applies it one after the other until the target firmware is reached (i.e. effectively automating the previously-mentioned manual method).

 

Sample image taken from: https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/596131/upgrading-individual-devicesSample image taken from: https://docs.fortinet.com/document/fortigate/7.4.4/administration-guide/596131/upgrading-individual-devices

 

However, there is a known-issue with this automated Firmware Upgrade tool where it does not follow the Upgrade Path correctly, specifically when multiple version jumps are required.

The tool does not respect the Upgrade Path and instead jumps straight to the final version of firmware, which can cause a wide variety of issues for the FortiGate (such as configuration loss and failure to boot successfully).

This issue is also reported in the Upgrade information section of the FortiOS Release Notes for v7.4.4 and earlier (example:  GUI firmware upgrade does not respect upgrade path in previous versions). 

 

The Fortinet development team has addressed the issue as ID #925567 and it is/will be resolved as of v7.0.16, v7.2.9, v7.4.4, and v7.6.0.

Once the FortiGate has been upgraded to one of these resolved versions it will be safe to use the Firmware Upgrade tool for future upgrades. Until then, admins should not use the GUI-based 'follow upgrade path' option and should instead perform firmware upgrades with other methods (i.e. manual file uploads, FortiManager, etc.)

 

Related documents:

Technical Tip: Formatting and loading FortiGate firmware image using TFTP

Recommended upgrade path from FortiOS 7.0.13 or earlier versions

 

Labels:
202
0 Kudos
Submit Article Idea
Contributors
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.