Unlock Exclusive Benefits
Join Our Community Today!
Join our community and post in the forum to earn your exclusive Spring Badge! Become a member today!
LOGIN/REGISTER
CONTINUE AS A GUEST
- Support Forum
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiADC
- FortiAIOps
- FortiAnalyzer
- FortiAP
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDLP
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEdgeCloud
- FortiEDR
- FortiEndpoint
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiGuest
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNDR (on-premise)
- FortiNAC-F
- FortiNDRCloud
- FortiPAM
- FortiPhish
- FortiPortal
- FortiPresence
- FortiRecon
- FortiProxy
- FortiSRA
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiTester
- FortiSwitch
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiAppSec Cloud
- Lacework
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Support Forum
- Re: Security Update Support After Firmware License...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Security Update Support After Firmware License Expiration on Fortigate
Dear Team,
In the article "Prevent firmware upgrade depending on the current firmware license's expiration date" (7.4.2), it states that "In FortiOS 7.4.2 and above, enforcement of an active FortiGate firmware license to allow firmware upgrades has been improved. Enforcement is based on the expiry date of the current firmware license compared to the release date of the first GA release of a major version. For example, for FortiOS 7.4.x firmware upgrades, enforcement is based on the expiry date of the current support contract compared to the release date of FortiOS 7.4.0 GA."
This means the FortiOS license expiration date must be later than the "first GA release" of a major version (e.g., 7.2.0, 7.4.0, 7.6.0, etc.). For instance, if the current FortiOS license expires on February 1, 2025, and the version is 7.2.x, it can be upgraded to 7.4.x because the 7.4.0 GA release date was May 11, 2023. It can also be upgraded to 7.6.x because the 7.4.0 GA release date was July 25, 2024.
Further assuming the 7.8.0 GA release date is May 25, 2025, a system with an expiration date of February 1, 2025, would not be able to upgrade to 7.8.0.
Is my understanding correct?------>First Question
Furthermore, the document "Prevent FortiGates with an expired support contract from upgrading to a major or minor firmware release" (7.4.0) states that "If the FortiGate support contract has expired, you will be unable to upgrade the firmware to a higher major version, such as from FortiOS 7.0 to 8.0, or to a higher minor version, such as from FortiOS 7.4 to 7.6. However, you can upgrade the firmware of a FortiGate with an expired support contract to a higher patch build, such as from FortiOS 7.4.0 to 7.4.1, to allow for security updates."
This means that once I can upgrade to a specific GA release, I can still receive support for minor versions and patch releases even if the firmware license expires later.
Is this understanding correct?---->Second Question
Finally, based on the above assumptions,I can only upgrade to 7.6.x, and the firmware license has expired.
Does this mean that security patches will be available for 7.6.x until the End of Support (EOS) date (2029-01-25)? Or is security patching only supported until the End of Extended Support (EOES) date? --->Third Quesion
Please aid me to clarify the above Question , Thank you.
Regards,
Bruce Liu
Bruce Liu
Bruce Liu
Labels:
- Labels:
-
FortiGate
5 REPLIES 5
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello,
Thank you for using the Community Forum. I will seek to get you an answer or help. We will reply to this thread with an update as soon as possible.
Thanks,
Stephen - Fortinet Community Team
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Stephen,
Thank you for your reply, and I kindly ask for your assistance in clarifying this issue.
Of course, if there are any official reference documents, please also provide them for my reference.
Regards,
Bruce Liu
Bruce Liu
Bruce Liu
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Dear Sir,
are there any further update?
Bruce
Bruce Liu
Bruce Liu
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hm from out of my own experience (we however don't run 7.4 yet but 7.2):
if the firmware upgrade license has expired you cannot upgrade your fimware "ota" (i.e. have your FGT download it from Fortinet and install it) or via FortiManager Firmware template anymore.
You can however still download the firmware manually (as long as there still is images for your model) from support portal if you still have at least one registered device with valid forticare license.
And you can still upgrade it manually via the webinterface then.
Regently also there was a fix for the ssl engine that came ota via fortiguard and did not require a firmware upgrade. However I guess it does require a valid fortiguard utm services license.
--
"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
--
"It is a mistake to think you can solve any major problems just with
potatoes." - Douglas Adams
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Based on the context below, this is the part that confuses me:
"If the FortiGate support contract has expired, you will be unable to upgrade the firmware to a higher major version, such as from FortiOS 7.0 to 8.0, or to a higher minor version, such as from FortiOS 7.4 to 7.6. However, you can upgrade the firmware of a FortiGate with an expired support contract to a higher patch build, such as from FortiOS 7.4.0 to 7.4.1, to allow for security updates."
Does this mean that if the firmware license has expired, OTA updates are not allowed? That seems a bit unreasonable.
Of course, if this is indeed the case, we would need to further consider whether it's possible to download updates through FortiCare (FortiCloud).
However, what I’m curious about is if my firmware license has expired, would I still have the ability to download firmware/hotfixes via FortiCloud? Or would I need to pay an additional fee to enable FortiCloud downloads for updates?
Bruce Liu
Bruce Liu
Labels
-
FortiGate
9,724 -
FortiClient
1,985 -
FortiManager
827 -
5.2
801 -
5.4
639 -
FortiAnalyzer
637 -
FortiSwitch
536 -
FortiAP
523 -
FortiClient EMS
498 -
6.0
416 -
5.6
362 -
FortiMail
354 -
SSL-VPN
324 -
IPsec
305 -
6.2
251 -
FortiNAC
239 -
FortiAuthenticator v5.5
234 -
Fortiweb
233 -
5.0
196 -
SD-WAN
157 -
FortiGuard
153 -
FortiAuthenticator
141 -
6.4
128 -
Firewall policy
118 -
FortiSIEM
110 -
FortiGateCloud
109 -
FortiCloud Products
105 -
FortiToken
98 -
Wireless Controller
90 -
Customer Service
83 -
FortiProxy
72 -
High Availability
72 -
FortiGate-VM
71 -
ZTNA
66 -
4.0MR3
64 -
FortiEDR
64 -
Fortivoice
63 -
Routing
61 -
FortiADC
60 -
VLAN
60 -
DNS
58 -
SAML
57 -
BGP
55 -
Authentication
54 -
RADIUS
51 -
LDAP
50 -
FortiSandbox
49 -
NAT
49 -
Certificate
48 -
FortiExtender
47 -
SSO
46 -
FortiDNS
43 -
FortiLink
42 -
FortiGate v5.4
37 -
Application control
37 -
VDOM
36 -
Logging
36 -
FortiSwitch v6.4
35 -
Interface
35 -
FortiConnect
32 -
FortiWAN
31 -
Virtual IP
31 -
Web profile
30 -
FortiPAM
29 -
FortiGate v5.2
27 -
FortiConverter
27 -
SSL SSH inspection
25 -
Traffic shaping
24 -
FortiPortal
23 -
Fortigate Cloud
22 -
Automation
22 -
Static route
22 -
FortiSwitch v6.2
20 -
SNMP
20 -
SSID
20 -
FortiMonitor
19 -
WAN optimization
19 -
System settings
17 -
OSPF
16 -
API
16 -
FortiDDoS
15 -
Admin
15 -
Security profile
15 -
Web application firewall profile
15 -
IP address management - IPAM
15 -
FortiGate v5.0
14 -
FortiSoar
14 -
FortiCASB
14 -
IPS signature
14 -
FortiAP profile
14 -
Proxy policy
13 -
Intrusion prevention
13 -
Traffic shaping policy
12 -
Web rating
12 -
FortiManager v5.0
11 -
FortiManager v4.0
11 -
FortiRecorder
11 -
Explicit proxy
11 -
FortiWeb v5.0
10 -
FortiBridge
10 -
Users
10 -
Traffic shaping profile
10 -
Fabric connector
10 -
Port policy
10 -
4.0MR2
9 -
FortiGate v4.0 MR3
9 -
FortiAnalyzer v5.0
9 -
DNS filter
9 -
trunk
9 -
Fortinet Engage Partner Program
9 -
FortiDeceptor
8 -
FortiCache
8 -
RMA Information and Announcements
8 -
Antivirus profile
8 -
4.0
7 -
Authentication rule and scheme
7 -
FortiToken Cloud
6 -
Packet capture
6 -
NAC policy
6 -
Application signature
6 -
VoIP profile
6 -
FortiCarrier
5 -
FortiScan
5 -
FortiTester
5 -
DLP profile
5 -
DoS policy
5 -
Email filter profile
5 -
Protocol option
5 -
Cloud Management Security
5 -
3.6
4 -
FortiDirector
4 -
Internet service database
4 -
DLP sensor
4 -
Netflow
4 -
TACACS
4 -
Replacement messages
4 -
SDN connector
4 -
Service
4 -
Multicast routing
4 -
Vulnerability Management
4 -
FortiDB
3 -
FortiHypervisor
3 -
Kerberos
3 -
FortiNDR
3 -
DLP Dictionary
3 -
Multicast policy
3 -
FortiInsight
2 -
FortiAI
2 -
Video Filter
2 -
File filter
2 -
Schedule
2 -
Zone
2 -
FortiEdge Cloud
2 -
FortiGuest
2 -
4.0MR1
1 -
FortiManager-VM
1 -
FortiCWP
1 -
Subscription Renewal Policy
1 -
ICAP profile
1 -
Virtual wire pair
1 -
FortiEdge
1
Top Kudoed Authors
| User | Count |
|---|---|
| 2276 | |
| 1236 | |
| 772 | |
| 452 | |
| 398 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2025 Fortinet, Inc. All Rights Reserved.