Help
FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
lingky88
Staff
Staff

Created on ‎12-30-2022 04:02 AM Edited on ‎05-06-2025 04:03 AM By Moderator

Article Id 241458

Technical Tip: How to upgrade FortiGate using FortiManager

Description This article explains how to upgrade FortiGate through FortiManager.
Scope Any supported FortiGate, FortiManager version.
Solution

Prerequisite:

The FortiGate needs a valid upgrade license (FMWR license).

To check the FortiGate license on FortiManager, use the following FortiManager CLI command:

 

diagnose fmupdate fds-dump subs

 

Upgrade a FortiGate:

 

  1. Under Device Manager -> Managed FortiGate, double-click on the FortiGate to upgrade. Under the Firmware Version section, select Upgrade Firmware.

 

lingky88_0-1672367178273.png

 


  1. Select the appropriate version/image and select Upgrade.

 

lingky88_1-1672366134823.png

 

Note: The new layout as of version 7.4 is shown below:

 

2025-05-06_12-26-51.png

 

  1. A prompt will be shown before the Upgrade. Select OK to proceed.

 

lingky88_1-1672388381966.pnglingky88_2-1672388391465.png

 

  1. Track the progress of the upgrade. Wait for it to complete successfully.

     

lingky88_3-1672388495953.png

 

Alternatively, upgrade using a Firmware Template:

 

  1. Assign a firmware template under Device Manager -> Firmware Templates -> Create New.
  2. Create a new firmware template and select the platform and the firmware version under the Upgrade Details section.

 

lingky88_0-1672388078136.png
lingky88_2-1672366266092.png

 

  1. It is recommended to upgrade based on the recommended upgrade path under the Upgrade Path option.

 

lingky88_1-1672367291216.png

 

  1. After the firmware template has been created, assign the device to this template by right-clicking the template and selecting the Assign to Device/Group options. Next, move the FortiGate(s) into the Selected Entries section and select OK.

 

lingky88_4-1672390408701.png

 

  1. The selected devices assigned to the Firmware Templates will be shown.

 

lingky88_5-1672390485645.png

 

  1. Check under the Device Manager page that the firmware template has been assigned under the managed devices.

 

lingky88_6-1672390533662.png

 

  1. To upgrade, go back to the firmware templates, right-click on the correct template and select Upgrade Now to which will prompt an upgrade of the FortiGate(s).

 

lingky88_9-1672390662447.png
lingky88_8-1672390629329.png

 

  1. Select OK to upgrade the devices assigned to the template and wait for the upgrade to complete successfully.

 

lingky88_10-1672390820154.png

 

Solution for FortiGates in HA cluster, which are being managed by the FortiManager:

 

The FortiGate HA is upgraded the same way as the FortiManager as a standalone FortiGate. The Firmware template might seem a little confusing as the 'Assign Device' section only shows the primary FortiGate and not the secondary cluster member. However, that is by design as the FortiGate is a HA cluster and FortiManager always communicates with the primary member. The secondary member should get upgraded automatically if the HA is in good shape.

 

When performing an upgrade of FortiGate via FortiManager, it is important to run debug from the FortiManager and FortiGate sides.

 

Debug from FortiManager:

 

diagnose fwmanager fwm-log <----- Live debug when upgrading FortiGate.

 

Debug from FortiGate: (Possibly run through the console):

 

Lotus-kvm05 # diagnose debug cli 8

Lotus-kvm05 # diagnose debug en

 

The task Job will be displayed from the Task Monitor at FortiManager.

 

Complete task from FortiManager:

 

Nur_1-1742772847428.png

 

Troubleshooting:

 

The following CLI commands are used for troubleshooting firmware issues from FortiManager:

 

diagnose fwmanager fwm-log 
diagnose fwmanager service-restart

 

Related articles:

Troubleshooting Tip: FortiGate failed to upgrade using the Firmware Template 

Technical Tip: How to check the FortiGate upgrade path on FortiManager 

Technical Tip: How to download and import firmware images into FortiManager 

Technical Tip: How to perform scheduled upgrade for FortiGates using FortiManager 
35432
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.