Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor III

Accidental Upgrades

If upgrade paths are so important (and I believe they are), why does the upgrade screen default to the latest version and not the next step in the path?  Or if they can't do that, just add an "Are you sure?" prompt?

Valued Contributor III

I can only guess that they believe (read 'hope') that you are always on the latest stable version so the option would be correct.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at:

Bob - self proclaimed posting junkie!See my Fortigate related scripts at:

Also- the need to step through various firmware levels is a relatively new thing. In general, on older versions of FortiOS you could simply go straight to the latest patch from anywhere on the same release. It seems to have started somewhere during the 5.2 or 5.4 releases.

It's probably one of those things that are still left over from older builds that no one decided to update like some of the screens with an old style UI.




Force yourself to read release notes.  They always specify what the most recent version to version path that is supported.  Will save you a lot of trouble.  Always good to look at "Known Issues" also.  There have been many times in the past that I held back on an update because a known issue would cause more problems than the update resolved.

New Contributor III

Seadave--you're missing the point.  It's very easy for my customers to hit "Backup and Upgrade" and go from 5.2.4 to 5.2.13 without a chance to cancel.

Esteemed Contributor III

I'd say, their fault. If you handle/manage one of the central network security devices you should be familiar with the process. I wouldn't let my customers fiddle around with the FGT if I was responsible. If I'm not, and they don't follow the path, I will fix it and charge for it.


"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
Esteemed Contributor III

Agreed, I also believed in the upgrade process,  you have to select it and push okay for the  upgrade process to kick off if you do the "new style automated".


Also b4 the upgrade runs, it provides a selection with  yet another confirm or ok/start button.



When upgrading a  security appliance, "accidental" should not be a word ;)


just my 2cts






PCNSE NSE StrongSwan
New Contributor III

That not true--I tested in the shop--if you press Backup and Upgrade it's off to the races.


FYI--most off my clients are lower-level IT--I can't stop them from handling there own equipment--I just think it's a design flaw.  Pressing "Backup and Upgrade" sounded like a safer path than Upgrade.  Not saying the customer shouldn't have been more careful, but I could understand their reasoning.  In this case no harm done--it could have been far worse.



In recent versions of FortiOS, this has been improved in two ways.


1) The upgrade path is now enforced from within the OS, starting with 5.4.5, 5.6.1 and 6.0. If you attempt to upgrade to a version of firmware that does not follow the upgrade path, the OS will guide you to the correct firmware, and help you upgrade in multiple steps. It can be overridden, but this will generate an event log and force a configuration backup.


Note that although this feature is in 5.4.5 and 5.6.1, the path enforcement won't be as noticeable until upgrades are done to 5.4.8 (more than 2 patches), 5.6.4 (same), etc.


2) The same path guidelines are also found on the support site ( under Download -> Firmware Images -> Upgrade Path.

Top Kudoed Authors