Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
New Contributor

Check Available Firmware Updates From CLI/SSH

Hello, Like the title.


Is it possible to check Available or pending Firmware updates within the CLI via SSH?


If not how can I request such a feature?


FG-60E # get system status

Version: FortiGate-60E...

Security Level: 1
Firmware Signature: certified

Firmware Upgrade Available: Version 7.4.1


Kind regards,



Hello @bdv ,

If you require this feature, this has to be addresses through a NFR.

A  new Feature Requests need to be worked with the Systems Engineer (SE) that covers your territory.


Alternatively it can be done through Regional Sales Partner Channel


They can take in your request and submit it to development, but this does not guarantee that the new feature will be implemented, it will depend on the demand or need for the feature. 


If you have found a solution, please like and accept it to make it easily accessible for others.
New Contributor



There isn't a command that will give you a simple "update available: yes/no" output, but there is a command that will show you a list of images available for download via FortiGuard + individual valid update steps. It roughly matches what you will see offered to you when you use the GUI to download firmware upgrades/downgrades for you:


diag test app forticldd 14


The first part will show you the available images:


# diag test app forticldd 14
There are total 80 images, last update: 80748 secs ago
Image-07004000FIMG0012004001: version:7-4-1b2463-F, release_num=4, build_time=2309020144, type=upgrade
Image-07004000FIMG0012004000: version:7-4-0b2360-F, release_num=4, build_time=2305121006, type=upgrade
Image-07002000FIMG0012002005: version:7-2-5b1517-F, release_num=2, build_time=2306100555, type=upgrade
Image-07002000FIMG0012002003: version:7-2-3b1262-F, release_num=2, build_time=2211122004, type=downgrade
Image-07002000FIMG0012002002: version:7-2-2b1255-F, release_num=2, build_time=2210052007, type=downgrade

 There is possible edge-case where an update might be already available for manual download but not yet available though FortiGuard, but most of the time this output should match the real availability of recent new firmware versions.

[ corrections always welcome ]
New Contributor

Thank you! This is much closer to the solution I was looking for.


I'll consider putting forward a feature request.




Hi there,


I've tried running the command which works to receive the version numbers, however when I try to grep the command in order to produce a modified output, grep does not filter the output but still displays the entire command's output. Please see attachment.


Thanks!diag test grep output.png


Hi @lpg300 ,
I believe it is filtering the output as it is showing only the lines which contain word "downgrade". 

What do you expect to see ? 

If you have found a solution, please like and accept it to make it easily accessible for others.
New Contributor

Hi @dbu,


I screenshotted just the first few lines as it displays the entire output, I've changed the grep text. See attached.



diag test output grep.png


No need to grep. Kindly note that "diag test forticldd 14" (as posted by @pminarik) does list possible downgrades, but then list upgrades as "Upgrade matrix" .. Similarly to diagnose fdsm posted by @carlosaleman .


Sample from FortiOS 7.2.4:

... cut ...
2023-10-13 08:28:57 Image-05004000FIMG0019104009: version:5-4-9b1202-, release_num=0, build_time=1805152027, type=downgrade
2023-10-13 08:28:57 Image-05004000FIMG0019104008: version:5-4-8b1183-, release_num=0, build_time=1801190557, type=downgrade
2023-10-13 08:28:57 Image-05004000FIMG0019104007: version:5-4-7b1167-, release_num=0, build_time=1712120207, type=downgrade
2023-10-13 08:28:57
Upgrade matrix:
v7.4.0.b2360 -> v7.4.1.b2463    (id:07004000FIMG0019104001)
v7.2.6.b1575 -> v7.4.1.b2463    (id:07004000FIMG0019104001)
v7.2.5.b1517 -> v7.4.1.b2463    (id:07004000FIMG0019104001)
v7.2.5.b1517 -> v7.4.0.b2360    (id:07004000FIMG0019104000)
v7.2.5.b1517 -> v7.2.6.b1575    (id:07002000FIMG0019102006)
... cut ...


Tomas Stribrny - NASDAQ:FTNT - Fortinet stuff - TAC Staff Engineer


The answer is simple but not very satisfactory: Some commands just don't support filtering by grep.

[ corrections always welcome ]
Top Kudoed Authors