Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPresence
- FortiPortal
- FortiProxy
- FortiRecon
- FortiSRA
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: How to rollback firmware on FortiGa...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
ESCHAN_FTNT
Staff
Created on
11-30-2020
12:22 AM
Edited on
10-11-2023
09:03 AM
By
Stephen_G
Article Id
191753
Description
This article describes how to rollback firmware on the FortiGate-6000 and 7000 series.
FortiGate has two boot partitions on the flash memory to store the firmware images and configuration files.
During a firmware upgrade, the new FortiOS image is uploaded and saved in the secondary boot partition which on reboot is set as active partition. The previous firmware, saved in the primary boot partition is set as non-active partition.
Scope
For FortiGate-6000 and FortiGate-7000 series.
Solution
For the FortiGate-6000 and 7000 Series, the process is not straightforward to select alternate partitions to boot with.
The administrator will have to login to each individual FPC (Fortinet Processor Card) and MBD (Management Board) for 6000 Series or individual FPM (Fortinet Processing Module) and FIM (Fortinet Interface Modules) for 7000 Series and do it manually.
The situation becomes tricky when there are certain FPM/FPC modules that have a different active partition.
See the output below:
diagnose sys flash list
==========================================================================
Slot: 1 Module SN: FPC6KFTXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0372-201013 253871 121098 48% No
2 FG-6KF-6.00-FW-build0335-200331 253871 121438 48% Yes
3 EXDB-1.00000 14866900 1068832 7% No
Image build at Mar 31 2020 19:11:43 for b0335
==========================================================================
Slot: 2 Module SN: FPC6KFTXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0372-201013 253871 121094 48% No
2 FG-6KF-6.00-FW-build0335-200331 253871 121434 48% Yes
3 EXDB-1.00000 14866900 1068832 7% No
Image build at Mar 31 2020 19:11:43 for b0335
==========================================================================
Slot: 3 Module SN: FPC6KFTXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0372-201013 253871 121150 48% No
2 FG-6KF-6.00-FW-build0335-200331 253871 121490 48% Yes
3 EXDB-1.00000 14866900 985156 7% No
Image build at Mar 31 2020 19:11:43 for b0335
==========================================================================
Slot: 4 Module SN: FPC6KFTXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0335-200331 253871 121438 48% Yes
2 FG-6KF-6.00-FW-build0372-201013 253871 121098 48% No
3 EXDB-1.00000 14866900 1068832 7% No
Image build at Mar 31 2020 19:11:43 for b0335
==========================================================================
Slot: 5 Module SN: FPC6KFTXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0372-201013 253871 121096 48% No
2 FG-6KF-6.00-FW-build0335-200331 253871 121436 48% Yes
3 EXDB-1.00000 14866900 1068828 7% No
Image build at Mar 31 2020 19:11:43 for b0335
==========================================================================
Slot: 6 Module SN: FPC6KFTXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0372-201013 253871 121098 48% No
2 FG-6KF-6.00-FW-build0335-200331 253871 121438 48% Yes
3 EXDB-1.00000 14866900 1068832 7% No
Image build at Mar 31 2020 19:11:43 for b0335
==========================================================================
MBD SN: F6KF31TXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0372-201013 253871 112666 44% No
2 FG-6KF-6.00-FW-build0335-200331 253871 113022 45% Yes
3 EXDB-1.00000 14866900 1154260 8% No
Image build at Mar 31 2020 19:11:43 for b0335
The majority of the active partitions are secondary partitions, except Slot #4.
As a result, the user will have to input the command 'execute-set-next-reboot primary' on all the blades (including MBD) while inputting the command 'execute-set-next-reboot secondary' on Slot #4, which can be confusing for some users, especially when dealing with 6500F series FortiGates that have 10 FPCs and one MBD.
There is one quick method to do this:
execute set-next-reboot rollback
==========================================================================
Slot: 1 Module SN: FPC6KFTXXXXXXXXX
Default image is changed to image# 1.
==========================================================================
Slot: 2 Module SN: FPC6KFTXXXXXXXXX
Default image is changed to image# 1.
==========================================================================
Slot: 3 Module SN: FPC6KFTXXXXXXXXX
Default image is changed to image# 1.
==========================================================================
Slot: 4 Module SN: FPC6KFTXXXXXXXXX
Default image is changed to image# 2.
==========================================================================
Slot: 5 Module SN: FPC6KFTXXXXXXXXX
Default image is changed to image# 1.
==========================================================================
Slot: 6 Module SN: FPC6KFTXXXXXXXXX
Default image is changed to image# 1.
==========================================================================
MBD SN: F6KF31TXXXXXXXXX
Default image is changed to image# 1.
The command will automatically set the default image to the current non-active partition, saving the effort to the administrator to do it manually on all the blades and also eliminating human error to boot the wrong partition.
Followed by a reboot, all slots in the chassis are now rollback to the previous firmware and configuration.
Labels:
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.