Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
ialhusari93
New Contributor II

Upgrading FortiGate 100E firmware from 6.0.8 to 6.4.8

 

Dears,

 

I want to know what is the proper way to upgrade FortiGate 100E firmware from 6.0.8 to 6.4.8

In HA cluster and how to do the downgrade as well ?

 

Thanks in advance

5 REPLIES 5
Rathan_FTNT
Staff
Staff

Hello,


From the given information, we understand that you would like to upgrade the 100E from 6.0.8 to 6.4.8

If you would like to upgrade to 6.4.8, then please follow the below upgrade path

Following is the recommended FortiOS migration path for your product

Version Build Number
6.0.8 0303
6.2.4 1112
6.2.6 1175
6.2.9 1234
6.4.8 1914

You can verify the upgrade path from the below link
https://docs.fortinet.com/upgrade-tool

General upgrade notes:

Before performing any upgrade, and particularly when upgrading between MR versions, it is *absolutely essential* to read all relevant Release Notes documents for all versions in the upgrade path to understand any impact in config upon upgrade. These are short, but important PDF documents, located in the same folder as firmware images.

Also, *before and after* any upgrade, *always backup your current config file*, so that you will keep a safe way back. If you have multiple upgrade steps, please backup after each firmware release is installed.

Please run the 'diagnose debug config-error-log read' on each firmware upgrade to verify anything is missing with up-gradation.

Please note, that some config settings might NOT be converted automatically between versions, and may require a manual configuration adjustment - please see Release Notes in detail

Please update your AV/IPS definitions after the final FortiOS version is installed (CLI command "exec update-now", may take a few minutes to finish).

It may be useful to check the MD5 checksum of all images that you download. You can get the correct checksums on this page: https://support.fortinet.com > Download > Firmware Image Checksum (customer login required). To calculate checksum of your file, you may use standard MD5 utility, or when using Windows, Nero MD5 Verifier can be used: http://www.nero.com/enu/tools-utilities.html . This way, you can ensure the images are not corrupted during the download.
It may be useful to check the MD5 checksum of all images that you download. You can get the correct checksums on this page: https://support.fortinet.com > Download > Firmware Image Checksum (customer login required). To calculate checksum of your file, you may use standard MD5 utility, or when using Windows, Nero MD5 Verifier can be used: http://www.nero.com/enu/tools-utilities.html . This way, you can ensure the images are not corrupted during the download.

And of course, it is always an advantage to have a skilled IT engineer available *on site*, who is able to recover the firmware in the unlikely case of any major problems. Therefore - please avoid remote upgrades.

The Fortinet Documentation website provides detailed instructions for installation and upgrade:
https://docs.fortinet.com/document/fortigate/6.0.0/handbook/969728/firmware-upgrade

Best practices of Firmware upgrades and downgrades
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Best-Practices-for-firmware-upgrades-and/t...

If you have HA configuration then please refer the below document
https://docs.fortinet.com/document/fortigate/6.0.0/cookbook/51458/optional-upgrading-the-firmware-fo...

For manual HA upgrade procedure.
https://community.fortinet.com/t5/FortiGate/Technical-Note-Manual-upgrade-procedure-of-a-FortiGate-H...

Roll back to previous version:
> Take the config backup, before upgrade to any version
> Download the current running firmware image, suppose if you are running with 6.0.8 on 100E, then download the 6.0.8 firmware from our support portal
> Make sure you have access to console of the device on which you are upgrading
> We recommend to do the upgrade activity from locally not remotely
> By following the below  article you can format the flash and load 6.0.8 image and restore the config backup which you have taken on 6.0.8
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Formatting-and-loading-FortiGate-firmware-...)

 

Regards,

Rathan

 

EMEA TAC Engineer
ialhusari93

 

What about downgrading FortiGate 100E from 6.4.8 to 6.0.8 in HA?

 

Thank you

Toshi_Esumi
Esteemed Contributor II

Not supported. You have to flush the boot partition and upload the 6.0.8 then upload the saved config with 6.0.8 once it came up.

 

<edit>

...on both primary and secondary, then let them sync up again.

</edit>

 

Toshi

ialhusari93

Can you share the commands to do that ?