Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ManpreetSingh
Staff
Staff

Created on ‎07-21-2024 05:12 AM Edited on ‎02-24-2025 09:43 PM By Community Manager

Article Id 326998

Technical Tip: How to disable automatic firmware upgrades on FortiGates

 

Description This article provides instructions to disable automatic firmware upgrades on FortiGate devices through FortiManager and FortiGuard.
Scope FortiGate, FortiManager.
Solution

Disabling Firmware Upgrades through FortiManager.

To disable automatic firmware upgrades on FortiGate devices managed by FortiManager, perform the following steps:

 

config system central-management
    set allow-push-firmware disable
    set allow-remote-firmware-upgrade disable
end

 

  • set allow-push-firmware disable: Disables the ability to push firmware updates from the central management system (FortiManager) to the FortiGate devices. This prevents firmware updates from being pushed to the devices.
  • set allow-remote-firmware-upgrade disableDisables the ability to perform remote firmware upgrades on the FortiGate devices from the central management system (FortiManager). This prevents remote firmware upgrades from being initiated.                                                              

Disabling Auto-Firmware Upgrade through FortiGuard.

To disable the auto-firmware upgrade feature through FortiGuard, perform the following steps:

 

config system fortiguard
    set auto-firmware-upgrade disable  <----- Disable automatic patch-level firmware upgrade from FortiGuard.
    set gui-prompt-auto-upgrade disable
end

 

This auto-firmware-upgrade feature is only available for FortiGate v7.2.1 and later. 

 

  • Automatic firmware upgrade cannot be enabled for FortiGates belonging to a Security Fabric, FortiGates under management by a FortiManager, or a secondary HA FortiGate. However, HA groups will still have automatic firmware upgrades based on the primary FortiGate.

  • When automatic firmware upgrades are enabled, FortiSwitch and FortiAP firmware will also be updated as part of the federated update.

  • Automatic upgrades will only upgrade to a newer patch within that major version. For example, a FortiOS version v7.2.x image will only auto-upgrade to another v7.2.x image. It will not upgrade to a v7.4.x image.

 

From the GUI it can be done from the option System -> Firmware Registration -> Automatic patch upgrade enabled -> Disable automatic patch upgrades.

atoup-1.jpg

 

atoup-2.jpg

 

config system federated-upgrade
    set status disabled
end

 

Cancel Any Scheduled Upgrades.

Run the following command to cancel any immediate or scheduled upgrades:

 

execute federated-upgrade cancel

 

This command will prompt the user to confirm the cancellation: Type Y and enter.                     
 
Note:
To completely deactivate automatic patch upgrades for a FortiGate connected to FortiGate Cloud, ensure to disable the patch upgrade settings within FortiGate Cloud as well.
 
Note:
If from GUI, under Firmware Registration, there is no Disable automatic patch upgrade, the following path can be checked under System -> FortiGuard.
 
For step-by-step guidance, review the following articles:
How to control Automatic Upgrades/Firmware Profiles on FortiGate Cloud
Understanding Automatic Patch Upgrade: FortiGate Cloud Premium vs Local Setting
19764
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.