Description
FortiGate has two boot partitions on its flash drive to store firmware images and configuration files.
When Fortigate firmware is upgraded, the new firmware image is stored on one partition (which becomes primary) while the previous firmware image will still be stored on another partition as a backup image (secondary).
In some cases, firmware upgrades cause unexpected issues and reverting to the previous image is a fast fix worth considering.
This article describes how to revert FortiGate to the previous firmware image when having an HA cluster.
Some precautions are required in a High Availability setup.
Solution
The following CLI commands can be used to perform a quick roll-back of the FortiGate firmware:
FGT# diag sys flash list
FGT# execute set-next-reboot secondary
FGT# exec reboot
When it comes to HA operation, there are few things to mention:
- These commands are not synchronized and must be used on each and every FortiGate unit member of the cluster.
The units will boot with the newly selected firmware image and the HA master will be selected according to FortiOS HA master election process.
Note the override flag/priority/monitored interfaces.
- Direct console access, or cable access to a port, or dedicated management interface is strongly recommended for each of the units in the cluster.
If the units are not rebooted at the same time, then after reboot the cluster may no longer form, and create a split-brain scenario.
Second unit may not be reachable through '# exec ha manage'.
- Since all of the configuration changes performed since the upgrade will be lost, it is necessary to reconfigure access to the FortiGate (only if changes performed after upgrade)
