Hi all,
I'm using FortiOS 7.2.6 on a FortiGate 60F. The current firmware is v7.2.6 build 1575. However, this version has a critical vulnerability [CWE-787]. You can find more details here: https://fortiguard.fortinet.com/psirt/FG-IR-24-015.
I attempted to upgrade to 7.2.7 through the FortiGate's fabric management page, but the page indicated that my firmware is up to date.
So I disabled SSL-VPN :(
Has anyone successfully upgraded to 7.2.7 on a FortiGate 60F through the fabric management page without having to manually upload the firmware?
Thank you.
Earthlab
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Created on 02-14-2024 06:59 AM Edited on 02-14-2024 07:17 AM
Fortinet TAC is telling people to disable auto-upgrade under system global, however, this does not exist.
Instead use
config system fortiguard
set auto-firmware-upgrade disable
end
This will not stop existing upgrade in process so run:
execute federated-upgrade cancel
Hi,
It is unbelievable how slow the upgrade progress goes ... As a small customer I really feel completely worthless. It takes more than 3 days to upgrade the 60F. And even now I'm waiting ... 'Upgrade to 7.2.7 shortly' ... come on ! no way to know what is going on ... is the firewall downloading the firmware ? is it done ? does a reboot help ?
What a mess. In the meanwhile VPN is still switched off...
Update: with a manual install of the v2.7.2 firmware the firewall is now up to date.
We cancelled the 'fabric' update to do so.
Never a Fortinet product again ...
I was able to successfully upgrade a 61F and 201F.
The 201F did not show that "Upgrade to 7.2.7 shortly" shortly so was no problem to click the FG and select Upgrade.
The 61F though did have that "Upgrade to 7.2.7 shortly", which was never on 7.2.6 and below. Select the FG, then select Cancel Fabric Upgrade, then select upgrade and follow the steps either manually or direct online.
Fortinet TAC is telling people to disable auto-upgrade under system global, however, this does not exist.
Instead use
config system fortiguard
set auto-firmware-upgrade disable
end
This will not stop existing upgrade in process so run:
execute federated-upgrade cancel
Hello ,
Finally my 60F got the v7.2.7 after change config of fortiguard server (lowest latency -> us).
Thank you.
Earthlab
You can always upgrade any FGTs by uploading the image from your GUI access machine (or from TFTP server in CLI) once you download it from the support site. That's how I do every time.
Toshi
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1522 | |
1020 | |
749 | |
443 | |
209 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.