Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
earthlab
New Contributor III

Can not update to FortiOS 7.2.7 on 60F.

Hi all,

 

I'm using FortiOS 7.2.6 on a FortiGate 60F. The current firmware is v7.2.6 build 1575. However, this version has a critical vulnerability [CWE-787]. You can find more details here: https://fortiguard.fortinet.com/psirt/FG-IR-24-015.

 

I attempted to upgrade to 7.2.7 through the FortiGate's fabric management page, but the page indicated that my firmware is up to date.

 

So I disabled SSL-VPN :(

 

Has anyone successfully upgraded to 7.2.7 on a FortiGate 60F through the fabric management page without having to manually upload the firmware?

 

Thank you.
Earthlab

24 REPLIES 24
John_Brazoria

 

Fortinet TAC is telling people to disable auto-upgrade under system global, however, this does not exist.

 

Instead use

config system fortiguard

set auto-firmware-upgrade disable

end

This will not stop existing upgrade in process so run:

execute federated-upgrade cancel

 

 

koorn
New Contributor

Hi,

It is unbelievable how slow the upgrade progress goes ... As a small customer I really feel completely worthless. It takes more than 3 days to upgrade the 60F. And even now I'm waiting ... 'Upgrade to 7.2.7 shortly' ... come on !  no way to know what is going on ... is the firewall downloading the firmware ? is it done ? does a reboot help ? 

What a mess. In the meanwhile VPN is still switched off... 

 

Update: with a manual install of the v2.7.2 firmware the firewall is now up to date.

We cancelled the 'fabric' update to do so.

Never a Fortinet product again ...

 

 

John_Brazoria
New Contributor II

I was able to successfully upgrade a 61F and 201F.

The 201F did not show that "Upgrade to 7.2.7 shortly" shortly so was no problem to click the FG and select Upgrade.

The 61F though did have that "Upgrade to 7.2.7 shortly", which was never on 7.2.6 and below. Select the FG, then select Cancel Fabric Upgrade, then select upgrade and follow the steps either manually or direct online.

 

Fortinet TAC is telling people to disable auto-upgrade under system global, however, this does not exist.

 

Instead use

config system fortiguard

set auto-firmware-upgrade disable

end

This will not stop existing upgrade in process so run:

execute federated-upgrade cancel

 

 

earthlab
New Contributor III

Hello ,

 

Finally my 60F got the v7.2.7 after change config of fortiguard server (lowest latency -> us).

 

Thank you.
Earthlab

Toshi_Esumi

You can always upgrade any FGTs by uploading the image from your GUI access machine (or from TFTP server in CLI) once you download it from the support site. That's how I do every time.

Toshi

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors