A user may be confused during the process of informing the template makes FortiGate fail to upgrade. By default, FortiManager upgrades FortiGate and runs the disk scan of FortiGate.

If there is no issue with the FortiGate disk, the FortiManager will proceed to push the image towards FortiGate. If there was an issue, the FortiManager gives a notification to FortiGate to run FSCK and reboot.

For example: Below are tasks that FortiManager was able to push images with without having any issues.

Below is a task that FortiManager was not able to push the image as FortiGate encountered a disk issue and subsequent timeout.

There are 3 options to ensure that FortiManager can upgrade the FortiGate without having any issues.

1. Run a command on FortiManager to see which devices show a disk status other than 'OK' and then run a disk scan (directly on the managed device) before performing the upgrade task:

For a device disk check:

diagnose fwmanager show-dev-disk-check-status <devname>

For a device group disk check:

diagnose fwmanager show-grp-disk-check-status <group-id | group-name> 

2. Disable disk scan during firmware upgrade:

config fmupdate fwm-setting
    set auto-scan-fgt-disk disable
    set check-fgt-disk disable
end

3. Increase the timeout for checking the status after the tunnel is up:

config fmupdate fwm-setting
    config upgrade-timeout
        set check-status-timeout -default XXX
end

To troubleshoot a failed upgrade attempt, view the firmware manager log with the following CLI command:

diagnose fwmanager fwm-log

Related articles:

Technical Tip: How to upgrade FortiGate using FortiManager 

Technical Tip: How to check the FortiGate upgrade path on FortiManager 

Technical Tip: How to download and import firmware images into FortiManager 

Technical Tip: How to perform scheduled upgrade for FortiGates using FortiManager