Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
onalswina
New Contributor

Created on ‎01-16-2023 01:58 AM

How bad can a Fortigate FW upgrade go?

In the past few months, there were quite a few urgent updates to be applied, I never delegated them and only did them when I can afford to spend several hours in case something goes bad, but I don't know why I never had an FW update go wrong, I am thinking now its time to delegate to the L2 helpdesk.

 

What's your take on this? what was your worst experience with Fortigate Firmware upgrades?

https://omegle.onl/ vshare
https://omegle.onl/ vshare
Labels:
3610
0 Kudos
7 REPLIES 7
abarushka
Staff
Staff

Created on ‎01-16-2023 02:26 AM

Hello,

 

It is recommended to check the release notes for known issues before scheduling upgrade during maintenance window.

FortiGate
3599
0 Kudos
srajeswaran
Staff
Staff

Created on ‎01-16-2023 03:37 AM

Generally the upgrades are smooth and don't take long.  As abarushka mentioned, please check the release notes especially the known issues section to make sure you are not hitting any critical issues.

If you have a Cluster setup, you may break the cluster and upgrade nodes individually. Upgrade one node, move traffic to the upgraded node, monitor for sometime, if everything works fine upgrade the other node and join back in cluster.

If things are not stable after upgrade, move the traffic back to non-upgraded node and then downgrade the upgraded node.

Detailed process can be found in https://community.fortinet.com/t5/FortiGate/Technical-Note-Manual-upgrade-procedure-of-a-FortiGate-H...

 

Regards,
Suraj
- Have you found a solution? Then give your helper a "Kudos" and mark the solution.
3588
0 Kudos
Richie_C
Staff
Staff

Created on ‎01-16-2023 11:09 AM

Preparation is key. A few more things to consider:

  • Make sure you follow the recommended upgrade path
  • Backup the configuration
  • Have console access to the device
  • Have pre checks to create a baseline 
  • Have post checks for after the upgrade
Take a backup before making any changes
3574
mhe
Contributor II
In response to Richie_C

Created on ‎01-16-2023 11:43 PM

... and make sure that you have downloaded both the current and the new firmware before upgrading. The current one in case you need to go back (flash via TFTP)

3546
abarushka
Staff
Staff
In response to mhe

Created on ‎01-17-2023 12:22 AM

Hello,

 

In certain scenario it is possible to boot from secondary partition:

 

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Selecting-an-alternate-firmware-for-the-ne...

FortiGate
3541
Markus_M
Staff
Staff
In response to Richie_C

Created on ‎01-17-2023 12:12 AM

Adding to this - prechecks:

see that HA and general data and functionality is good. Especially if there are HA problems - don't upgrade the potentially broken database.

 

And one other nice thing that is often ignored:

https://community.fortinet.com/t5/FortiGate/Technical-Tip-Selecting-an-alternate-firmware-for-the-ne...

FortiGate can boot from an alternate sector that contains the last firmware version right before this upgrade was done. Upgrade path is of course only the last step. If you have no upgrade paths to walk since you're always up-to-date on the branch, this is a like-snapshot way of restoring functionality.

3544
Immu
New Contributor III

Created on ‎12-14-2023 01:08 AM

My bad experiences with firmware upgrades:

https://community.fortinet.com/t5/Support-Forum/Configuration-loss-after-firmware-upgrade/m-p/257389...

2780
0 Kudos
Announcements
Check out our Community Chatter Blog! Click here to get involved
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.