Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
earthlab
New Contributor III

Can not update to FortiOS 7.2.7 on 60F.

Hi all,

 

I'm using FortiOS 7.2.6 on a FortiGate 60F. The current firmware is v7.2.6 build 1575. However, this version has a critical vulnerability [CWE-787]. You can find more details here: https://fortiguard.fortinet.com/psirt/FG-IR-24-015.

 

I attempted to upgrade to 7.2.7 through the FortiGate's fabric management page, but the page indicated that my firmware is up to date.

 

So I disabled SSL-VPN :(

 

Has anyone successfully upgraded to 7.2.7 on a FortiGate 60F through the fabric management page without having to manually upload the firmware?

 

Thank you.
Earthlab

24 REPLIES 24
mpeddalla
Staff
Staff

Hello  @earthlab ,

 

Thank you for contacting the Fortinet Forum portal.

-I would recommend upgrading manually for now as all the users are attempting on fabric Fortiguard might be slow.

article :

https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-manually-download-Firmware-of-Forti...

 

 

Best regards,

Manasa.

 

If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.

Manasa
earthlab
New Contributor III

Hello @mpeddalla 

Thank you for your advice.

I agree that FortiGuard might be slow.
For example, Download timeout or fail or Very slow.

 

But the system said 'The firmware is up to date.'

I think the correct message was "Getting firmware information failed.'
or "Firmware information is not up to date. please check later." .

 

A Junior stuff will thinks that "It's already up to date. So I don't have to sometiong.", Because Fortinet annouced that "We already distribution a fixed firmware."

#Of course, We have to compare the version. but...

 

Thank you,
Earthlab

funkylicious

Hi,

I noticed the exact same thing on several models running 7.2.6 saying its at the latest version.

The download from the portal, was horrible last night 20 CET, it took me 2 hours to download 60F and 200F v7.2.7 firmware.

---------------------------
geek
---------------------------
---------------------------geek---------------------------
John_Brazoria

I think I found why your system is saying it is up to date. Go to System>>Fortiguard and see if the Firmware & General Updates is Expired. If yes the message you are up to date will show up for version. If it is not expired then a message need to update will be thre.

JBlaster
New Contributor

hello earthlab
you can get the 7.2.7 upgrade file from support.fortinet.com downloads 7.0>7.2.7 > then find your model device then click HTTP link to download
Once you have file you can click link browse for file and update that way.

Just completed upgrade last night Upgrade path was 7.2.4> 7.2.6 > manual upgrade>7.2.7
Hope this helps
Jblaster

SecurityPlus
Contributor II

Also trying to update a 60F to 7.2.7. Under System/Fabric Management, I see "Upgrade to 7.2.7 shortly" under the Upgrade Status column to the right of the firewall. I don't see the System/Firmware page in the left nav as it shows via the link: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-manually-download-Firmware-of-Forti... 

 

Also, I don't see how to manually provide the firmware update via this new interface.

 

I read that FortiGate firewalls lower than 100 series have automatic upgrades enabled. Is there a way to temporarily disable the automatic update to resolve this security vulnerability? I tried the following but I'm not sure that this worked, and I don't see access to manually update the firmware via the GUI:

config system fortiguard
set auto-firmware-upgrade disable

 

funkylicious

That option changed since 7.0, you now have it under Fabric Management

https://docs.fortinet.com/document/fortigate/7.0.0/new-features/788240/fabric-management-page-7-0-2

 

The last tab after you right click and choose upgrade lets you upload the firmware ( File upload ) .

---------------------------
geek
---------------------------
---------------------------geek---------------------------
Toshi_Esumi

1. GUI: System->Fabric Management->(highlight FortiGate-60F)->(Click "Upgrade" button)
2. "FortiGate Upgrade" screen slides out.

3. Then, choose "File Upload" tab, and click "Browse" button to choose the image file

to disable auto upgrade,
config system fortiguard
  set auto-firmware-upgrade disable
end

https://docs.fortinet.com/document/fortigate/7.2.7/administration-guide/369092

Toshi

SecurityPlus
Contributor II

Also trying to update a 60F to 7.2.7. Under System/Fabric Management, I see "Upgrade to 7.2.7 shortly" under the Upgrade Status column to the right of the firewall. I don't see the System/Firmware page in the left nav as it shows via the link above titled: How-to-manually-download-Firmware-of-FortiGate

 

Also, I don't see how to manually provide the firmware update via this new interface.

 

I read that FortiGate firewalls lower than 100 series have automatic upgrades enabled. Is there a way to temporarily disable the automatic update to resolve this security vulnerability? I tried the following but I'm not sure that this worked, and I don't see access to manually update the firmware via the GUI:

config system fortiguard
set auto-firmware-upgrade disable

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors