Description
This article describes how to revert to the previous firmware image, and how to roll back FortiOS after an upgrade.
This procedure only works on physical appliances. Virtual Machines FOS do not have the dual boot option.
The alternative for VMs to create a snapshot on the hypervisor level before upgrades. It is recommended to stop the VM before taking a snapshot.
Scope
FortiGate.
Solution
The following CLI command lists the FortiOS image files installed in both partitions:
FGT # diag sys flash list
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FGT61E-6.04-FW-build1778-201021 253920 87604 35% Yes
2 FGT61E-6.04-FW-build1803-201209 253920 88660 35% No
3 ETDB-84.00660 3021708 200120 7% No
Image build at Dec 9 2020 22:27:52 for b1803
As per the above output, partition 1 can be seen to be active and holds the current firmware (6.4.3, while the secondary is on 6.4.4). Use the build number to identify the firmware version which can be referenced at support.fortinet.com>Download or the first line of the backup config.
Backup the configuration first before reverting to the previous firmware by using the GUI. The following CLI commands select which firmware should be used at the next reboot:
FGT # execute set-next-reboot {primary | secondary} <-----In this example it will be secondary.
FGT # execute set-next-reboot secondary
Default image is changed to image# 2.
Primary and Secondary simply refer to partition number 1 or partition number 2 respectively. Partition number 3 can be ignored.
Once the secondary partition that is to be used to boot the device has been selected, reboot the FortiGate.
This can be done using the command:
FGT # execute reboot
The CLI get system status command can then be used to verify the current firmware. Alternatively, use the following commands to verify the active partition:
FGT # diag sys flash list
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FGT61E-6.04-FW-build1778-201021 253920 87604 35% No
2 FGT61E-6.04-FW-build1803-201209 253920 88660 35% Yes
3 ETDB-84.00660 3021708 200120 7% No
Image build at Dec 9 2020 22:27:52 for b1803
VDOM administrators do not have permission to run this command. It must be executed by a super administrator.
After an upgrade, this will automatically change (here from 6.4.4 to 6.4.5):
FGT # diag sys flash list
Partition Image TotalSize(KB) Used(KB) Use% Active
1 FGT61E-6.04-FW-build1828-210217 253920 87396 34% Yes
2 FGT61E-6.04-FW-build1803-201209 253920 88660 35% No
3 ETDB-84.00660 3021708 157240 7% No
Image build at Feb 17 2021 20:43:28 for b1828
Note:
- Rebooting the FortiGate from the other partition will cause the loss of any configuration changes that were made since the upgrade. It is preferable to use Notepad++ with Compare plugins to quickly highlight the difference between the backup configuration before reloading and the backup of the currently running configuration.
- In HA environments, the command needs to be applied to each unit in the cluster individually. This is not synchronized and will not automatically take effect on other units in the cluster. To toggle the passive device's CLI prompt, run the following:
execute ha manage 1 <username> <- Use 0 if 1 is not the valid index.
- In the FortiGate 6000F, 7000E and 7000F series, the partition has to be changed on each MBD/FPC or FIM/FPM. Alternatively, use the rollback command.
- FortiToken licenses, once added to any of the units, are kept and shared between the units of the cluster. Therefore, a reboot (or shutdown) of a unit in HA should not impact the operation or usage of FortiTokens through the remaining unit. When a downgrade is performed as above, the unit will load the previous configuration (with FortiTokens in the same state and assigned as they were before the last upgrade). This may be useful when the token licenses are not validated correctly following an upgrade.
Related documents:
