I saw some conversation about stopping auto-upgrade on FGTs before after 7.2.8. And, we're doing it manually for those FGTs that are NOT managed by FMG. Then when we tried the same for those managed by FMG, the change was rejected because it's managed by FMG.
And solution is in this KB:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-disable-automatic-firmware-upgrades...
But it's not totally clear about the behavior for those command:
config system central-management
set allow-push-firmware disable
set allow-remote-firmware-upgrade disable
end
What we want to set up is:
1. Stop FMG pushing auto-firmware upgrade to managed FGTs
2. Also stop FGT upgrading firmware by itself
3. We still want to upgrade those managed FGT firmware via FMG manually
To accomplish this,
config system central-management
set allow-push-firmware disable
end
Would this good enough if either pushed this via a template or script (to database and/or device directly)?
And, do we still need to push below via a template/scrip to stop FGT doing autoupgrade by itself?
config system fortiguard
set auto-firmware-upgrade disable
set gui-prompt-auto-upgrade disable
end
Thanks,
Toshi
By the way those FGTs are 7.2.10 while FMG is 7.2.8.
User | Count |
---|---|
1922 | |
1144 | |
769 | |
447 | |
277 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2025 Fortinet, Inc. All Rights Reserved.