Description
This article describes the common error or warning messages that appear on the web GUI while upgrading the FortiGate firmware and how to check or resolve them.
Scope
FortiGate.
Solution
- The image file does not match the platform.
Different firmware builds are available on the Fortinet support portal for some FortiGate hardware models.
If the incorrect build is chosen for upgrading the firmware on FortiGate, the 'Image file doesn't match platform' error message appears on the web GUI as below:
The correct image should be downloaded from the Fortinet support portal to fix the issue.
Note:
- FFW is for FortiFirewall.
- FWF is for FortiWifi.
- FGR is for FortiGate Rugged.
- FGT is for FortiGate.
B. No firmware available from FortiGuard.
Sometimes this warning appeared on the Firmware Management page while upgrading the FortiGate Firmware.
This warning message indicates that FortiGate cannot get the list of available firmware images which is compatible with this particular unit from FortiGuard Distribution Network servers.
To resolve the issue, make sure FortiGate can retrieve the compatible firmware images from the FortiGuard Distribution Network:
By running the below CLI interface commands, the information can be verified:
The commands mentioned below work under the 'config system global' in the multi-VDOM environment.
diagnose fdsm fds-update
diagnose fdsm image-upgrade-matrix
diagnose fdsm image-list
The following is an example of the output of the above command in non-working and working scenarios:
Note: If the result of 'diagnose fdsm fds-update' is Result = Busy, it means that the server the FortiGate is currently connected to is not available. Try to enable/disable the FortiGuard Anycast to connect to the next available server.
Note:
In case of a new device, such as the G series, and there is no available upgrade/downgrade path, the result will show an error for those commands.
C. Image upgrade failed.
It could be possible to get this error message even though the list of available firmware versions shows on the Firmware Management page while upgrading the FortiGate Firmware.
This error message indicates that remote upgrading is not allowed on the FortiGate unit or there is a connectivity issue with FortiGuard Distribution Network servers.
To fix this issue, make sure the remote firmware upgrade is allowed on FortiGate in the central management setting, and that FortiGuard servers are reachable.
The information can be checked by using the following CLI interface commands:
show full-configuration system central-management | grep allow-remote-firmware-upgrade
execute ping guard.fortinet.net
execute ping service.fortiguard.net
execute ping update.fortiguard.net
The following is an example of the above command output when everything works as expected:
Note:
The provided FQDNs might not respond to the ping command; however, the most important part is that FQDNs are resolved properly.
