1. If the FortiManager is operating in a closed network and is unable to download FortiGuard Images, it is possible to download the firmware image from the support portal and upload it manually into FortiManager under FortiGuard -> Local Images ->Import  -> Upload the firmware.

2. Create a new firmware template by navigating to Device Manager -> Firmware Templates and selecting 'Create New'.

3. Under 'Upgrade Details', select 'Create New' in the firmware template and then select the appropriate product, platform, and version to be upgraded to.

4. Under 'Install Window', select the schedule type and select the start time and end time for the upgrade activity.

   The start time specifies the time to start the upgrade, whereas the end time specifies the time to end the upgrade.

   It is also a best practice to select the 'Follow The Recommended Upgrade Path' option under Upgrade Options.

Note:

If the upgrade is not completed by the end time, the upgrade stops.

5. Assign the firmware template to the device to be upgraded.

6. When the firmware template is running at the scheduled time, a notification will appear on the FortiManager showing the progress of the managed device upgrade that is taking place.

7. After the upgrade has been completed, the notification disappears, and it is possible to verify the firmware version both on FortiManager and FortiGate.

Troubleshooting:

On FortiManager:

exe tac report
diagnose fwmanager fwm-log

On the FortiGate:

exe tac report

While performing the upgrade, on FortiManager side:

diagnose debug application fgfmsd 255