FortiManager
FortiManager supports network operations use cases for centralized management, best practices compliance, and workflow automation to provide better protection against breaches.
farhanahmed
Staff
Staff
Article Id 414293
Description This article describers how to upgrade FortiManager ADOMs in bulk using JSON API and Postman.
Scope FortiManager
Solution

Starting in FortiManager v7.4.1, the GUI can upgrade multiple ADOMs, but only when they share the same target version.

Upgrading an ADOM - FortiManager Admin Guide.

 

Using the JSON API with Postman, upgrade all FortiGate ADOMs sequentially, regardless of their current versions.

 

In example below, there are three FortiGate ADOMs (ignoring other types of ADOMs):

 

  • root - v7.4
  • Test0 - v7.2
  • Test1 - v7.4

68dc712c43ce0_checkADOMsinGUI.thumb.png.e92490b36141acc5c295c8fe5f5c774b.png

 

Step 1: List ADOMs (name, version, OS type)

 

  • Using the API query below, listing all the ADOMs along with their name, version and OS type:

 

{

    "method": "get",

    "params": [

        {

            "url": "/dvmdb/adom",

            "option": "name",

            "fields": [

                "name",

                "os_ver",

                "mr",

                "restricted_prds"

            ]

        }

    ],

    "session": "{{session}}",

    "verbose": 1,

    "id": 2

}

 

  • In Postman -> Scripts -> Post-Res, a JavaScript snippet can render a table in the Visualizer and exclude non-FortiGate types (e.g., FortiAnalyzer, FortiMail, etc.) using an ignoreList. The table shows ADOM Name, OS Version (major.mr), and OID.

 

list_adoms.gif.6e1ed12a93f1c4db35ce0cb6893d8ee4.gif

 

Step 2: Upgrade ADOMs (sequential):

 

  • Use the same request as Step 1, but replace the Post-Res script to perform multi-ADOM upgrades.
  • To control the upgrade order, the script uses an upgradeIgnore list that excludes rootp (Global Database) and all non-FortiGate ADOMs. This ensures local ADOMs upgrade first; upgrade the Global Database afterward.
  • Any ADOM under the upgradeIgnore list will NOT upgrade.
    Location: In the attached Postman collection -> request '3) Upgrade_ADOMS_Bulk' -> Scripts -> line 43.

 

image.png.37e48ecba463ebfd31d08fe501af55cb.png


The script performs the following actions:

 

  • Reads the /dvmdb/adom response, filters to FortiOS (fos) ADOMs, and skips any names in upgradeIgnore.
  • Upgrades ADOMs one at a time. When one completes, the next starts automatically. The upgrade call returns a task ID:

{

     "method": "exec",

     "params": [

         { "url": "/pm/config/adom/{{ADOM_OID_OR_NAME}}/_upgrade" }

     ],

     "session": "{{session}}",

     "id": 3

}

 

  • Capture the returned task ID, then poll /task/task/{TASK} until the ADOM upgrade task reaches 100%.

{

     "id": 1,

     "session": "{{session}}",

     "method": "get",

     "params": [

        { "url": "/task/task/{{TASK_ID}}" }

      ]

}

 

  • Marks each ADOM success/failed and records timestamps.
  • On success, re-reads the ADOM to show the new OS version (Old OS vs New OS).
  • While the script is executing, Postman shows a blinking gray dot labeled Running scripts. When execution finishes, the dot disappears and the Visualization tab renders the final report—Old version, new version, task ID, and start/end times.

adom_upgrade2.gif.bcaa0a9b1ee0a8f45117239dc5b19d76.gif

 

  • ADOM Upgrade processes can be viewed in: System Settings -> Task Monitor.
  • Checking ADOM in GUI root is upgraded to 7.6, Test0 to 7.4 and Test01 to 7.6: System Settings -> ADOMs:

aodm_upgrade_gui.png.170b23e7152ff1b5cb4868d4178693c6.png

 

  • The API collection can be imported into Postman (tested with v11.65) using the attached file.
  • Under the 'Variables' tab of the collection, the following variables are required:
    • host: IP address of FortiManager.
    • ADMIN: FortiManager Admin user.
    • PASSWORD: Admin user password.

 

Related documents: