Technical Tip: Keep the flash partition without it being overwritten (for rollback purposes)

btey · ‎12-27-2023

Description

This article describes how to roll back to a previous firmware version after following a multiple upgrade path.

A downgrade from the flash partition can load the previous configuration. (It does not include the configuration made after the firmware upgrade.)

This article demonstrates an example of a firmware upgrade from version 6.4.16 to 7.2.6 and follows the upgrade path below:

v6.4.16 B2093 -> v7.0.13 B0566 -> v7.2.6 B1575

After, the appliance is reverted to the previous firmware image, from 7.2.6 B1575 to 6.4.16 B2093.

The steps shown in this article show how to prevent the flash partition for 6.4.16 from being overwritten.

Scope

FortiGate.

Solution

After upgrading from 6.4.16 B2093 to 7.0.13 B0566, the flash partition will appear as below:

The active partition is v7.0.13, and the second partition is the previous version, v6.4.16.

Before proceeding to upgrade to v7.2.6 B1575, set the active partition to partition 2 (v6.4.16 B2093):

To keep the partition for v6.4.16.

Upgrade the firmware from v7.0.13 B0566 to v7.2.6 B1575:

upgrade_from7.0_7.2.PNG

The flash list after the firmware upgrade to v7.2.6 B1575:

To roll back to v6.4.16 B2093 (if required), set the active partition to the secondary partition and reboot the firewall:

After reboot, the appliance rolls back to v6.4.16 b2093.

Notes:

This command does not apply to VM models.
In HA environments, the rollback command needs to be applied to each unit in the cluster individually. This is not synchronized and will not automatically take effect on other units in the cluster.

Related article:

You are leaving our website