Created on
05-13-2005
12:00 AM
Edited on
03-26-2025
11:00 PM
By
Jean-Philippe_P
Description
This article describes how to upgrade FortiGate firmware. FortiGate administrators whose access profiles contain system configuration read and write privileges and the FortiGate admin user can change the FortiGate firmware.
Download the most recent firmware build from the Fortinet Technical Support website at http://support.fortinet.com/.
Scope
FortiGate.
Solution
Usage Awareness and preparation checklist before the upgrade:
v5.2.x and v5.4.x:
To upgrade the firmware:
The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the FortiGate login. This process takes a few minutes.
v5.6.x, v6.0.x and v6.2.x:
v7.0.x:
v7.2.x, and v7.4.x:
v7.6.x:
4. In the example, 'FortiGate only' has been selected, and then select 'Next'.
5. At the Next window Recommended, All Upgrades, All Downgrades, and File Upload.
6. In the example 'All Upgrades' option has been selected.
7. Select the 'Select' option and proceed to the next Section.
8. At this section, select 'Immediate', or a scheduled update can be selected as well using the 'Specify' option.
9. Choose 'Specify' if the upgrade needs to be performed automatically at a later time.
10. Proceed to the 'Review' section, 'Confirm and Backup Config', and the Firewall will be upgraded to the target Version.
Upgrading the firmware through the CLI.
Before starting, ensure a TFTP server is running and accessible to the FortiGate unit.
Step 1: Copy the new firmware image file to the root directory of the TFTP server.
Step 2: Log into the CLI.
Step 3: Make sure the FortiGate can connect to the TFTP server. Use the following command to ping the computer running the TFTP server. For example, if the IP address of the TFTP server is 192.168.1.168:
execute ping 192.168.1.168
Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit:
execute restore image tftp <filename> <tftp_ipv4>
The FortiGate unit responds with the message:
This operation will replace the current firmware version!
Do you want to continue? (y/n)
Type y. The FortiGate unit will upload the firmware image file, upgrade to the new firmware version, and restart. This process takes a few minutes and reconnects to the CLI.
Updating the firmware on FortiGate.
Browse to support.fortinet.com and log in.
Upgrading from the Details window:
Load the firmware and reboot by going to the menu tabs on the left of the interface window. Go to System -> Dashboard -> Status -> System Information -> Firmware Version -> Details.
The FortiGate will reboot.
Upload and Boot to Firmware at a later time or Boot to Previous Firmware.
Loading the other partition can be useful to downgrade quickly to the previous working firmware.
However, there are a few considerations to be aware of:
In the CLI, use the following commands.
To list partitions and check if they are active:
diag sys flash list
To indicate what partition to boot from the next time the device reboots (Partition 1 is the primary and Partition 2 is the secondary):
execute set-next-reboot <primary|secondary>
To reboot the FortiGate:
execute reboot
If the FortiGuard License for Firmware and General Updates is renewed and is not reflected on FortiGate, then execute following command to synchronize license information with the portal:
execute update-now
If the device is in an HA cluster, both the devices should have a valid license to fetch firmware upgrades from FortiGuard.
Once the command is executed, if firmware updates are available, it can be seen on the device or the top-right notification count will be highlighted.
Note:
From v.6.2 with models 40F, 60F, 70F, 80F, and 100F (variants) supports sharing a single license for both clusters: Single FortiGuard license for FortiGate A-P HA cluster.
More information on loading the secondary partition can be found in the following documents:
Technical Tip: Selecting an alternate firmware for the next reboot
Technical Tip: How to revert HA cluster unit to the previous firmware image
Compatibility Note:
It needs to do a possible upgrade to compatible versions of other Fortinet products while considering a FortiGate upgrade.
Compatibility Tool Fortimanager
FortiAP and FortiOS 7.x Compatibility Matrix
FortiLink Compatibility
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.