Fortinet Community

Article

FortiGate administrators whose access profiles contain system configuration read and write privileges and the FortiGate admin user can change the FortiGate firmware.

Download the most recent firmware build from the Fortinet Technical Support web site at http://support.fortinet.com/.

Before Upgrade:

It is important to read the release notes which are as well available from the Fortinet Customer Service & Support site (https://support.fortinet.com/) at the same location from where you downloaded the firmware image. Once downloaded, please review the special notices, upgrade information, product integration and support, resolved issue, known issues and limitations

To upgrade the firmware using the web-based manager

Note: Always upgrade the firmware from a local copy. Never perform firmware upgrade over the Internet.

5.2.x & 5.4.x versions

To upgrade the firmware

1) Log into the web-based manager as the admin administrative user.

2) Go to System > Dashboard > Status and locate the System Information widget.

3) Beside Firmware Version, select Update.

4) In the next screen, click on "Browse" or "Upload Firmware" button.

5) Locate the file on your local computer and select the firmware image file.

6) Click on "Backup config and upgrade" button to backup the configuration and start firmware  upgrade.

The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the FortiGate login. This process takes a few minutes.


5.6.x, 6.0.x & 6.2.x Versions.

 
1) Log into the web-based manager as the admin administrative user.

2) Go to System > Firmware > Click on the "Browse" button to locate the firmware image file.

3) Locate the file on your local computer and select the firmware image file.

4) Click on "Backup config and upgrade" button to back up the configuration and start firmware upgrade.
    
5) The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, restarts, and displays the FortiGate login. This process takes a few minutes.
 
To upgrade the firmware - CLI:

Before you begin, ensure you have a TFTP server running and accessible to the FortiGate unit.

Make sure the TFTP server is running.

Copy the new firmware image file to the root directory of the TFTP server.

Log into the CLI.

Make sure the FortiGate unit can connect to the TFTP server.

You can use the following command to ping the computer running the TFTP server. For example, if the IP address of the TFTP server is 192.168.1.168: execute ping 192.168.1.168

Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit: execute restore image tftp <filename> <tftp_ipv4>

    The FortiGate unit responds with the message:

    This operation will replace the current firmware version!

    Do you want to continue? (y/n)

    Type y. The FortiGate unit uploads the firmware image file, upgrades to the new firmware version, and restarts. This process takes a few minutes.

    Reconnect to the CLI.

Updating the firmware on your fortigate.

1.       Browse to support.fortinet.com and log in

2.       Go to Downloads > Firmware Images > Fortigate > Vr _ > MR_ > Patch _ and view the list for the image file matching your device model.

3.       Backup your Fortigate Config by going to the menu tabs on the left of the interface window.

-          Got to System > Dashboard > Status > System Information > System Config > Backup

-          Click Backup and allow the browser to save the file to a secure location.

4.       Load the firmware and reboot by going to the menu tabs on the left of the interface window.

-          Go to System > Dashboard > Status > System Information > Firmware Version > Update.

-          In the “Upgrade From” field choose Local Hard Disk.

-          Browse to the location of the saved firmware, downloaded in step 2, by pressing the “Browse button”

-          Take note of the “Upgrade Partition” (this cannot be altered here)

-          To boot to the firmware ensure that the “Boot the New Firmware” box is selected. This option is not available on earlier firmwares.

-          Press OK

5.       The Fortigate will reboot.

Upgrading From the Details window

1.       Load the firmware and reboot by going to the menu tabs on the left of the interface window.

-          Go to System > Dashboard > Status > System Information > Firmware Version > Details.

-          Select the partition you want to upload the firmware to. (It is best practice to select the non-active partition for fallback reasons).

-          Select Upload at the top

-          In the “Upgrade From” field choose Local Hard Disk.

-          Browse to the location of the saved firmware, downloaded in step 2 above, by pressing the “Browse button”

-          Take note of the “Upgrade Partition” (this cannot be altered here)

-          To boot to the firmware ensure that the “Boot the New Firmware” box is selected. This option is not available on earlier firmwares.

-          If you do not wish to boot immediately to the new firmware, deselect the “Boot the New Firmware” box.

-          Press OK

2.       The Fortigate will reboot.

Upload and Boot to Firmware at a later  time or Boot to Previous Firmware.

1.       In the cli use the following commands:

-          diag sys flash list    (list partitions and see if they are active)

-          execute set-next-reboot <primary|secondary> (indicate what partition to boot from next time the device reboots, Partition#1 = primary, Partition 2 = Secondary)

-          execute reboot (will cause the fortigate to reboot)