Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Baboda
New Contributor

Fortigate boot options

Hello,

need to upgrade from 5.0.11 to 5.2.6 fortigate 800C active/passive. If something goes wrong I know it is possible to boot from the partition where I still have 5.0.11. Is that correct and how to eventually achieve it ?

1 Solution
jhouvenaghel_FTNT

On a FGT where you have two partitions, you can use the following command to see what is your active partition :  diagnose sys flash list

You will get a result like below :

Partition  Image                                             TotalSize(KB)  Used(KB)  Use%  Active 1           FG-5KD-5.02-FW-build670-160422           253871     45550    18%    Yes 2           FG-5KD-5.02-FW-build670-150715           253871     45917    18%    No 3           EXDB-1.00000                                      14866900    39164      0%   No

In this example, the active partition is the primary. To reboot from the second partition, the command to use is : execute set-next-reboot secondary

and then reboot the unit (if the active partition is 2 and you want to reboot from partition 1, replace secondary with primary)

 

If you have a cluster, then you need to look what is the active partition on each cluster unit, use the "exec set-next-reboot"  on each cluster unit and reboot each cluster unit.

 

If your upgrade is from 5.0.11 to 5.2.6 , it seems (see http://cookbook.fortinet.com/sysadmins-notebook/supported-upgrade-paths-fortios/4/) that you can go directly from 5.0.11 to 5.2.6. So as your upgrade can be done in one step, you can go back to 5.0.11 and config used with 5.0.11 using the reboot from the other partition.

 

If you have an intermediate upgrade step between 5.0.11 and 5.2.6 you would not be able to go back to 5.0.11 this way, only to the previous version used before the last upgrade

 

View solution in original post

5 REPLIES 5
kallbrandt
Contributor II

EDIT: I was wrong...

No, not correct. Rollback is not possible that way.

Take a backup of your running config (downgrade of config is NOT supported).

Upgrade via the supported upgrade path. Do a backup of the config at every firmware upgrade step.

Make sure you have the old firmware at home before you begin.

 

If you need to rollback, install the old firmware, and reload your old config that matches the firmware.

 

Edit: When you upgrade, the cluster will patch the slave Fortigate first. If it pass all checks after boot, the cluster will fail-over to the slave and patch the master.

Richie

NSE7

Richie NSE7
jhouvenaghel_FTNT

On a FGT where you have two partitions, you can use the following command to see what is your active partition :  diagnose sys flash list

You will get a result like below :

Partition  Image                                             TotalSize(KB)  Used(KB)  Use%  Active 1           FG-5KD-5.02-FW-build670-160422           253871     45550    18%    Yes 2           FG-5KD-5.02-FW-build670-150715           253871     45917    18%    No 3           EXDB-1.00000                                      14866900    39164      0%   No

In this example, the active partition is the primary. To reboot from the second partition, the command to use is : execute set-next-reboot secondary

and then reboot the unit (if the active partition is 2 and you want to reboot from partition 1, replace secondary with primary)

 

If you have a cluster, then you need to look what is the active partition on each cluster unit, use the "exec set-next-reboot"  on each cluster unit and reboot each cluster unit.

 

If your upgrade is from 5.0.11 to 5.2.6 , it seems (see http://cookbook.fortinet.com/sysadmins-notebook/supported-upgrade-paths-fortios/4/) that you can go directly from 5.0.11 to 5.2.6. So as your upgrade can be done in one step, you can go back to 5.0.11 and config used with 5.0.11 using the reboot from the other partition.

 

If you have an intermediate upgrade step between 5.0.11 and 5.2.6 you would not be able to go back to 5.0.11 this way, only to the previous version used before the last upgrade

 

Baboda

That was what I needed. Thanks a lot Jocelyn!

kallbrandt

Cool, I didn't have a clue about this. Thanks for setting things straight Jocelyn!

Richie

NSE7

Richie NSE7
MikePruett
Valued Contributor

Very good info to have. Thanks Jocelyn

Mike Pruett Fortinet GURU | Fortinet Training Videos
Top Kudoed Authors