Hi all,
I'm using FortiOS 7.2.6 on a FortiGate 60F. The current firmware is v7.2.6 build 1575. However, this version has a critical vulnerability [CWE-787]. You can find more details here: https://fortiguard.fortinet.com/psirt/FG-IR-24-015.
I attempted to upgrade to 7.2.7 through the FortiGate's fabric management page, but the page indicated that my firmware is up to date.
So I disabled SSL-VPN :(
Has anyone successfully upgraded to 7.2.7 on a FortiGate 60F through the fabric management page without having to manually upload the firmware?
Thank you.
Earthlab
Nominating a forum post submits a request to create a new Knowledge Article based on the forum post topic. Please ensure your nomination includes a solution within the reply.
Hello @earthlab ,
Thank you for contacting the Fortinet Forum portal.
-I would recommend upgrading manually for now as all the users are attempting on fabric Fortiguard might be slow.
article :
Best regards,
Manasa.
If you feel the above steps helped to resolve the issue mark the reply as solved so that other customers can get it easily while searching on similar scenarios.
Hello @mpeddalla
Thank you for your advice.
I agree that FortiGuard might be slow.
For example, Download timeout or fail or Very slow.
But the system said 'The firmware is up to date.'
I think the correct message was "Getting firmware information failed.'
or "Firmware information is not up to date. please check later." .
A Junior stuff will thinks that "It's already up to date. So I don't have to sometiong.", Because Fortinet annouced that "We already distribution a fixed firmware."
#Of course, We have to compare the version. but...
Thank you,
Earthlab
Hi,
I noticed the exact same thing on several models running 7.2.6 saying its at the latest version.
The download from the portal, was horrible last night 20 CET, it took me 2 hours to download 60F and 200F v7.2.7 firmware.
I think I found why your system is saying it is up to date. Go to System>>Fortiguard and see if the Firmware & General Updates is Expired. If yes the message you are up to date will show up for version. If it is not expired then a message need to update will be thre.
hello earthlab
you can get the 7.2.7 upgrade file from support.fortinet.com downloads 7.0>7.2.7 > then find your model device then click HTTP link to download
Once you have file you can click link browse for file and update that way.
Just completed upgrade last night Upgrade path was 7.2.4> 7.2.6 > manual upgrade>7.2.7
Hope this helps
Jblaster
Also trying to update a 60F to 7.2.7. Under System/Fabric Management, I see "Upgrade to 7.2.7 shortly" under the Upgrade Status column to the right of the firewall. I don't see the System/Firmware page in the left nav as it shows via the link: https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-manually-download-Firmware-of-Forti...
Also, I don't see how to manually provide the firmware update via this new interface.
I read that FortiGate firewalls lower than 100 series have automatic upgrades enabled. Is there a way to temporarily disable the automatic update to resolve this security vulnerability? I tried the following but I'm not sure that this worked, and I don't see access to manually update the firmware via the GUI:
config system fortiguard
set auto-firmware-upgrade disable
Created on 02-10-2024 10:41 AM Edited on 02-10-2024 10:42 AM
That option changed since 7.0, you now have it under Fabric Management
https://docs.fortinet.com/document/fortigate/7.0.0/new-features/788240/fabric-management-page-7-0-2
The last tab after you right click and choose upgrade lets you upload the firmware ( File upload ) .
1. GUI: System->Fabric Management->(highlight FortiGate-60F)->(Click "Upgrade" button)
2. "FortiGate Upgrade" screen slides out.
3. Then, choose "File Upload" tab, and click "Browse" button to choose the image file
to disable auto upgrade,
config system fortiguard
set auto-firmware-upgrade disable
end
https://docs.fortinet.com/document/fortigate/7.2.7/administration-guide/369092
Toshi
Also trying to update a 60F to 7.2.7. Under System/Fabric Management, I see "Upgrade to 7.2.7 shortly" under the Upgrade Status column to the right of the firewall. I don't see the System/Firmware page in the left nav as it shows via the link above titled: How-to-manually-download-Firmware-of-FortiGate
Also, I don't see how to manually provide the firmware update via this new interface.
I read that FortiGate firewalls lower than 100 series have automatic upgrades enabled. Is there a way to temporarily disable the automatic update to resolve this security vulnerability? I tried the following but I'm not sure that this worked, and I don't see access to manually update the firmware via the GUI:
config system fortiguard
set auto-firmware-upgrade disable
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1720 | |
1093 | |
752 | |
447 | |
234 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.