Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
johnlloyd13
New Contributor III

Created on ‎12-11-2025 05:01 AM

FortiGate Downgrade

hi,

i got a brand new FGT and it got a default OS 7.4.8M.

i need to downgrade to 7.2.10M to be consistent in our environment.

per checking the upgrade path tool, it is a direct path.

since this is a brand new chassis with no config yet, can i safely downgrade directly from 7.4.8M > 7.2.10M?

 

image.png

 

Labels:
131
0 Kudos
1 Solution
AEK
SuperUser
SuperUser

Created on ‎12-11-2025 10:37 AM

Hi John

Yes you can, but the config may be corrupted after that, so you need to run factory reset after the downgrade.

On the other hand it is better to downgrade to 7.2.12, since 7.2.10 has a couple of nasty vulnerabilities.

https://www.fortiguard.com/psirt?filter=1&product=FortiOS-6K7K%2CFortiOS&version=7.2.10&severity=5&s...

 

AEK

View solution in original post

AEK
114
0 Kudos
3 REPLIES 3
AEK
SuperUser
SuperUser

Created on ‎12-11-2025 10:37 AM

Hi John

Yes you can, but the config may be corrupted after that, so you need to run factory reset after the downgrade.

On the other hand it is better to downgrade to 7.2.12, since 7.2.10 has a couple of nasty vulnerabilities.

https://www.fortiguard.com/psirt?filter=1&product=FortiOS-6K7K%2CFortiOS&version=7.2.10&severity=5&s...

 

AEK
AEK
116
0 Kudos
johnlloyd13
New Contributor III

Created on ‎12-11-2025 04:23 PM Edited on ‎12-11-2025 04:26 PM

hi,

thanks for the tip and advise!

just curious, is there a fortinet link to tech tip saying you'll need to factory reset after a downgrade (for a new box)?

96
0 Kudos
AEK
SuperUser
SuperUser
In response to johnlloyd13

Created on ‎12-13-2025 06:23 AM Edited on ‎12-13-2025 06:25 AM

Hi John

I found the official info for other Fortinet equipment like FortiMail.

https://docs.fortinet.com/document/fortimail/6.0.12/ga-release-notes/857090/firmware-upgrade-and-dow...

But as per my knowledge it is also the same for FortiOS. This is because the upgrade path handles configuration transportation from a one version to a higher version (when following upgrade path), but this is not the case in downgrades.

It means when you downgrade you may have some config fragments that are not transported to the lower version and not known by this lower version, it means you may have some configuration errors.

 

Edit: As per my knowledge it is also the same for a new box, since even fresh config may have some config fragments that are specific to a version but unknown by a lower versions.

AEK
AEK
43
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.