My suggestion would be to keep calm and have a look first which parts of the config are damaged - if any. Going from v5.4.x directly to v5.4.8 isn't nice as an upgrade may include transformations of parts of the config where e.g. the syntax has changed. These transform routines are included in the firmware image and run automatically.

This would really be detrimental if you skipped from one FortiOS main version to another. Currently, there is v5.2, v5.4, v5.6 and (soon, bleeding edge) v6.0 as the main OS versions. But in my experience skipping a patch release will only affect small parts of the config. It would be wise to first assess the damage before downgrading as this will 100% revert the FGT to factory defaults. If you don't have physical access to the FGT this will be really a showstopper.

Just download the current config (without password a.k.a. as cleartext) and compare that with a diff tool to your backup. Chances are high that only the version comment in the first line and all encrypted strings are different. The latter will still be valid.

If you upgraded from, say v5.2, to v5.4 there might be more places which differ. You could patch these manually, either in the config file, or via GUI/CLI of the live FGT.

What you could do if you have a latest backup at the time of the upgrade

1>  revert back to   the previous version ( the  image is on the 2nd partition that's now in active )

2> reload that  previous version

3> restore the cfg

4>  and now upgrade using the  FTNT-support  upgrade migration path

Make backups along the way

Ken

BTW here's the cmds  for step #1 above. I believe all versions of  FortiOS support this.

diag sys flash list

exe set-next-reboot secondary

Guys, I sincerely appreciate all this help so quickly. Last night I found out you can open the configs with a wordpad/notepad and here is what I found:

Before upgrade:

FWF60E-5.04-FW-build1111-161216

After upgrade:

FWF60E-5.04-FW-build1183-180118

Everything with the router so far seems fine except that Wifi is almost unuable. I tried loading the previous *.conf file by putting it onto a USB and doing a auto load on restart. (I tried both CLI and GUI methods, always comes back with the latest config)

Now that I have much better information for you wall with the versions posted, are you recommendations the same?

You have not mentioned whether you have physical access to the FGT or not.

If you do, downgrade to v5.4.3 (= build 1111) and restore the saved config. This is what your old state was.

Then, if you like, upgrade to v5.4.8 b 1183 after reading the Release Notes (!). Proceed in the sequence of patches given.

If you don't have direct access, compare both configs with a text diff tool (e.g. WinMerge) to spot the differences. Maybe this alone will give you a clue what has changed in the wireless section.

Otherwise, review the WiFi settings and the policies from/to WiFi. There is no fundamental functionality that has changed in the WiFi part between these patches.

I will have physical access tonight, the router is at my home. I have remote access here now but will obviously lose connection if I do a firmware downgrade that will have no config. I''m going to try what you folks have said. Thanks!

Actually, just so I'm clear on this - I'm restoring from the secondary partition and not downloading a fresh copy of v5.4.3 (= build 1111) then restoring my config to that...forgive my beginner comments.

I'm back on my v5.4.3,build5873 (GA).

Wifi performance is still terrible - I'll probably have to hit a wifi forum section for that...I think It might be interfering with another AP(s) in the house.