After upgrading to v7.4.8, FortiGate was automatically upgraded to v7.4.9 even though:

config system fortiguard

    set auto-firmware-upgrade disable

end

And the FMWR license was valid.

Devices showed:

config system federated-upgrade

    set source forced-upgrade

indicating the upgrade was triggered through the forced-upgrade: Automatic firmware upgrades for FortiGate appliances with invalid support contracts or that have rea...

Cause:

The automatic upgrade happened because the Auto-update schedule was disabled, so FortiGate could not validate the new FMWR license. FortiGate continued using the old expired license.

Once the old license expires, the FortiGate recognizes that no valid license is present—because it has not verified and applied the new license—and initiates a forced auto-upgrade. During the subsequent firmware upgrade, the device will attempt to check its license regardless of the system.autoupdate.schedule configuration.

Solution:

Keep auto-update schedule enabled:

config system autoupdate schedule

    set status enable

end

This ensures license verification, image info retrieval, and upgrade notifications work. The firmware will not auto-upgrade unless explicitly allowed.

Disable only firmware auto-upgrade if needed:

config system fortiguard

    set auto-firmware-upgrade disable

end

This does not block license verification.

Ensure FortiGate can reach FortiGuard servers:

update.fortiguard.net
service.fortiguard.net

Verify with:

execute update-now
diagnose debug application update -1

Check federated-upgrade status:

show system federated-upgrade

If a source forced-upgrade appears, it indicates a license-enforced upgrade.

Note:

Disabling system.autoupdate.schedule may cause unintended side effects (e.g., failed license verification, forced upgrades). Keep it enabled to avoid these issues.