Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
earthlab
New Contributor III

Can not update to FortiOS 7.2.7 on 60F.

Hi all,

 

I'm using FortiOS 7.2.6 on a FortiGate 60F. The current firmware is v7.2.6 build 1575. However, this version has a critical vulnerability [CWE-787]. You can find more details here: https://fortiguard.fortinet.com/psirt/FG-IR-24-015.

 

I attempted to upgrade to 7.2.7 through the FortiGate's fabric management page, but the page indicated that my firmware is up to date.

 

So I disabled SSL-VPN :(

 

Has anyone successfully upgraded to 7.2.7 on a FortiGate 60F through the fabric management page without having to manually upload the firmware?

 

Thank you.
Earthlab

24 REPLIES 24
SecurityPlus
Contributor II

I don't find the interface to manually update the firmware on a 70F currently running 7.2.6. The System/Firmware page is not present. The interface to provide the manual update file is not visible. Suggestions?

 

Also, is it possible to instruct the automatic firmware updates to update NOW? If this is possible and is selected, does it run immediately or is it likely that there would be a delay?

SecurityPlus
Contributor II

I just noticed that I can click Cancel Fabric Upgrade from the System/Fabric Management page and then continue with the manual update.

fanus

Also had the same, the automatic update could not be approved or initiated, Cancelled and clicked on upgrade. Worked!

SecurityPlus
Contributor II

Yes, I just successfully completed a manual update to a 60F (not sure what the build was) and it said it needed the update from 7.2.6 to 7.2.7.

 

I'm logged into another 60F running 7.2.6 build 1575, but this one does not say that it needs to be updated to 7.2.7. Under the FortiGate Upgrade Select Firmware Latest tab, it says: The firmware is up to date. It only offers updates to 7.4.x. Is there a reason it does not think it needs the 7.2.7 update? Should I use the File Upload option?

funkylicious

Yes, for all devices that dont detect the latest version from 7.2.X train, do it manually.

geek
geek
SecurityPlus
Contributor II

Can anyone tell me what the M means in the following firmware image: 

FGR_60F-v7.2.7.M-build1577-FORTINET.out?

 

I tried to use this image to update a FortiGate 60F (FGT60F) build 1575 from 7.2.6 to 7.2.7. When I provide the image via FortiGate Upgrade/Select Firmware/File Upload, I get a message that says: Image file doesn't match platform. I did check the checksum against the falue provided and it matches.

SecurityPlus

Self-inflicted error. I should have been using the image that starts FGT_60F not FGR_60F. I presume that the R in FGR means rugged. When I used FGT_60F I encountered no errors.

Toshi_Esumi
Esteemed Contributor III

I think M=Maintenance. By the way FGR_ images are for the rugged models. FGT_ images are for the regular FGT models.

Toshi

earthlab
New Contributor III

Hi! All,

 

As you know Fortinet changed the 'auto-firmware-upgrade ' parameter of default. And then, FortiGuard server is not powerful(not enough).

 

Conclusion: Fortinet have to powerup the FortiGurd infrastracture.

 

I my 60F's 'auto-firmware-upgrade ' parameter was aggressive like following.
-----------------
config system fortiguard
set auto-firmware-upgrade-day sunday saturday
set auto-firmware-upgrade-delay 0
set auto-firmware-upgrade-start-hour 23
set auto-firmware-upgrade-end-hour 8
set webfilter-cache-ttl 21600
end
-----------------
Despite the 60F still using v7.2.6 now.

And fabric management page still said 'The firmware is up to date.'.

It's very big issue when the patche includes 'Security' and 'Critical' issue(s).

 

Thank you,
Earthlab

Labels
Top Kudoed Authors