Sample error:

Unable to upgrade firmware even when the checksum of the firmware that has been downloaded from the Customer Service and Support web portal is verified.

When checked, the security level of the firewall is set to High.

To check the security level:

get system status

The method of upgrading the firewall is by File Upload. Even with the use of other browsers, error messages are still the same. When this happens, try to use a different method of upgrading the firmware that is discussed in this article: Technical Tip How to upgrade FortiGate firmware before proceeding with lowering the BIOS security on a FortiGate via console port.

To change the BIOS security level:

Technical Tip: How to change BIOS security level on FortiGate G series 

BIOS-level signature and file integrity checking 

Lowering the BIOS security level on a FortiGate device is necessary when downgrading or upgrading to a FortiOS version that does not support BIOS-level signature and file integrity checks. This is because newer BIOS versions (5000100, 6000100, or greater) include enhanced security features that prevent the installation of firmware versions lacking these checks.

By temporarily lowering the security level, users can bypass these restrictions to perform the downgrade or upgrade. However, this action reduces the device's security posture, so it is crucial to restore the security level after completing the firmware change to maintain optimal security.

The signature verification error is expected when a user tries to upgrade FortiGate from 7.2.11-b6542 to 7.2.12-b6666 in FortiGate/FortiWifi 30G and 31G devices when the BIOS security level is set to high (FortiOS Release Notes > 30G Series Upgrade from 7.2.11 to 7.2.12).

Related article:

Troubleshooting Tip: Unable to boot the firewall or load firmware image