This article describes how to handle the error 'Image upgrade failed' that occurs while upgrading the FortiGate from GUI.

FortiGate.

Try one of the subsequent options:

1. Clear the browser cache and cookies.
2. Try another browser.
3. Use incognito mode.
4. Verify if FortiGuard is connected so the firmware can be downloaded.

If it fails, either fix the FortiGuard connectivity or try to download the image from support.fortinet.com:

Support -> Firmware download -> Download.

Then upload the Firmware image to FortiGate by following this KB article: Technical Tip: How to manually download Firmware of FortiGate and how to upload it on FortiGate

5. An error may also occur when upgrading to an interim or special build. In such cases, the BIOS security level must be adjusted.

Related document:

Change the BIOS security level

To check the current security level, use the following command:

get system status

Note:
The default Security Level will be 2, and change to Security Level 1 for the Firmware Upgrade issue, once the upgrade is done without any issue, and revert to security level 2:

get system status 

Version: FortiGate-VM64-KVM v7.2.7,build1577,240131 (GA.M)
Security Level: 1
Firmware Signature: certified
Virus-DB: 1.00000(2018-04-09 18:07)

Try upgrading the firmware using a different browser, such as Chrome, Firefox, or Edge, or use Incognito/Private Browsing mode. In some cases, browser-specific issues such as cached content, stale cookies, or incomplete script execution may interfere with the firmware upload process via the FortiGate GUI. Using an alternate browser or private session helps avoid these issues and ensures a clean firmware upgrade.

Refer to the following articles for instructions on changing the security level:

Troubleshooting Tip: Unable to boot the firewall or load firmware image

BIOS-level signature and file integrity checking