- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNDR
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiScan
- FortiSandbox
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- Wireless Controller
- FortiWeb
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- Customer Service
- Community Groups
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
- Fortinet Community
- Knowledge Base
- FortiGate
- Technical Tip: How to rollback firmware on FortiGa...
Options
- Subscribe to RSS Feed
- Mark as New
- Mark as Read
- Bookmark
- Subscribe
- Printer Friendly Page
- Report Inappropriate Content
Description
FortiGate have two boot partitions on the flash memory to store the firmware images and configuration files.
After a firmware upgrade, the new FortiOS image is saved in the secondary partition which on reboot is made the active partition, and the previous firmware that is saved in the primary partition is made the non-active partition.
This article describes how to rollback firmware on FortiGate-6000 and 7000 series
Scope
For FortiGate-6000 and FortiGate-7000 series.
Solution
For FortiGate-6000 and 7000 Series, the process is not straightforward to select alternate partition to boot with.
The administrator will have to login to individual FPC (Fortinet Processor Card for 6000 Series) or individual FPM (Fortinet Processing Module for 7000 Series) and do it one-by-one.
The situation comes tricky when there are certain FPM/FPC module have a different active partition.
Take a look at output below:-
Therefore user will have to input the command '# execute-set-next-reboot primary' on all the blades (including MBD) while input the command '# execute-set-next-reboot secondary' on Slot #4, which is a hassle and confusing, especially when dealing with 6500F series with 10 blades.
There is one quick method to do this:-
Follow by a reboot and the chassis are now rollback to the previous firmware and configuration.
FortiGate have two boot partitions on the flash memory to store the firmware images and configuration files.
After a firmware upgrade, the new FortiOS image is saved in the secondary partition which on reboot is made the active partition, and the previous firmware that is saved in the primary partition is made the non-active partition.
This article describes how to rollback firmware on FortiGate-6000 and 7000 series
Scope
For FortiGate-6000 and FortiGate-7000 series.
Solution
For FortiGate-6000 and 7000 Series, the process is not straightforward to select alternate partition to boot with.
The administrator will have to login to individual FPC (Fortinet Processor Card for 6000 Series) or individual FPM (Fortinet Processing Module for 7000 Series) and do it one-by-one.
The situation comes tricky when there are certain FPM/FPC module have a different active partition.
Take a look at output below:-
F6KF31TXXXXXXXXX (global)# diagnose sys flash listThe majority of the active partition are secondary partition, except Slot #4.
==========================================================================
Slot: 1 Module SN: FPC6KFTXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0372-201013 253871 121098 48% No
2 FG-6KF-6.00-FW-build0335-200331 253871 121438 48% Yes
3 EXDB-1.00000 14866900 1068832 7% No
Image build at Mar 31 2020 19:11:43 for b0335
==========================================================================
Slot: 2 Module SN: FPC6KFTXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0372-201013 253871 121094 48% No
2 FG-6KF-6.00-FW-build0335-200331 253871 121434 48% Yes
3 EXDB-1.00000 14866900 1068832 7% No
Image build at Mar 31 2020 19:11:43 for b0335
==========================================================================
Slot: 3 Module SN: FPC6KFTXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0372-201013 253871 121150 48% No
2 FG-6KF-6.00-FW-build0335-200331 253871 121490 48% Yes
3 EXDB-1.00000 14866900 985156 7% No
Image build at Mar 31 2020 19:11:43 for b0335
==========================================================================
Slot: 4 Module SN: FPC6KFTXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0335-200331 253871 121438 48% Yes
2 FG-6KF-6.00-FW-build0372-201013 253871 121098 48% No
3 EXDB-1.00000 14866900 1068832 7% No
Image build at Mar 31 2020 19:11:43 for b0335
==========================================================================
Slot: 5 Module SN: FPC6KFTXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0372-201013 253871 121096 48% No
2 FG-6KF-6.00-FW-build0335-200331 253871 121436 48% Yes
3 EXDB-1.00000 14866900 1068828 7% No
Image build at Mar 31 2020 19:11:43 for b0335
==========================================================================
Slot: 6 Module SN: FPC6KFTXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0372-201013 253871 121098 48% No
2 FG-6KF-6.00-FW-build0335-200331 253871 121438 48% Yes
3 EXDB-1.00000 14866900 1068832 7% No
Image build at Mar 31 2020 19:11:43 for b0335
==========================================================================
MBD SN: F6KF31TXXXXXXXXX
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FG-6KF-6.00-FW-build0372-201013 253871 112666 44% No
2 FG-6KF-6.00-FW-build0335-200331 253871 113022 45% Yes
3 EXDB-1.00000 14866900 1154260 8% No
Image build at Mar 31 2020 19:11:43 for b0335
Therefore user will have to input the command '# execute-set-next-reboot primary' on all the blades (including MBD) while input the command '# execute-set-next-reboot secondary' on Slot #4, which is a hassle and confusing, especially when dealing with 6500F series with 10 blades.
There is one quick method to do this:-
F6KF31TXXXXXXXXX (global)# execute set-next-reboot rollbackThe command will automatically set the default image to the current non-active partition, saving the effort of administrator to do it manually on all the blades and also eliminating human error to boot the wrong partition.
==========================================================================
Slot: 1 Module SN: FPC6KFTXXXXXXXXX
Default image is changed to image# 1.
==========================================================================
Slot: 2 Module SN: FPC6KFTXXXXXXXXX
Default image is changed to image# 1.
==========================================================================
Slot: 3 Module SN: FPC6KFTXXXXXXXXX
Default image is changed to image# 1.
==========================================================================
Slot: 4 Module SN: FPC6KFTXXXXXXXXX
Default image is changed to image# 2.
==========================================================================
Slot: 5 Module SN: FPC6KFTXXXXXXXXX
Default image is changed to image# 1.
==========================================================================
Slot: 6 Module SN: FPC6KFTXXXXXXXXX
Default image is changed to image# 1.
==========================================================================
MBD SN: F6KF31TXXXXXXXXX
Default image is changed to image# 1.
F6KF31T018-----6 (global) # execute reboot
Follow by a reboot and the chassis are now rollback to the previous firmware and configuration.
Labels:
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2023 Fortinet, Inc. All Rights Reserved.