Description
This article describes what are the parameters to check when no new firmware shows available in the FortiGate GUI.
Scope
FortiGate.
Solution
- Check if the internet is working fine.
- Check that DNS is working fine from FortiGate.
- Check the FortiGuard connectivity is up:
diagnose debug rating
If the FortiGuard is down, it is possible to take the debug:
diagnose debug application update -1
diagnose debug enable
execute update-now
Note:
In case of a new device, such as the G series, and there is no available upgrade/downgrade path, the result will show an error for those commands.
Check whether allow-remote-firmware-upgrade is enabled under central management:
config system central-management
set allow-remote-firmware-upgrade enable
end
Use this to get the list of images:
diagnose fdsm image-list
Do the following changes:
config system fortiguard
set update-server-location any
set sdns-server-ip "208.91.112.220" "194.69.172"
set source-ip X.X.X.X <----- IP assigned to the external interface going to the internet.
end
Try to restart the forticldd process:
fnsysctl killall forticldd
Alternatively, it is possible to manually download the firmware from the Support portal:
- Log in to the support portal (support.fortinet.com).
- Go to Download -> Firmware Images.
- Choose FortiGate -> Download and choose the file for FortiGate with the .out file format.
Related articles:
Troubleshooting Tip: No firmware available from FortiGuard under firmware management
Technical Tip: How to control/change the FortiGate source IP for self-generated traffic
