- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Re: Unable To Downgrade FGT Firmware
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unable To Downgrade FGT Firmware
Greetings,
Hello team. Currently I am in the midst of downgrading a FGT firmware from the default v5.2.2, Build 642 to v5.0.7, Build 271. Once the downgrading has been done, the FGT is refreshed and I was prompted to log in again.
However once I had logged in, I can see that the firmware was not downgraded to the preferred firmware. I had tried to downgrade again, but still firmware still shows v5.2.2, Build 642 instead of the preferred v5.0.7, Build 271.
Our engineer had suggested to try and downgrade via TFTP. But currently resources for the TFTP method is not available at the moment and might be delayed.
May I know is there any other way to perform the downgrade? Also, way was the downgrade not successful even though there were no error message prompted? Seek your immediate advice.
Thanks & regards,
Ellyas.
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ellyas wrote:I cannot help with the downgrade, however, would you mind sharing the reason for downgrade - is it functionality, reliability, or security related? [You see, we're in consideration to upgrade from 5.0.x to 5.2.y.]
... I am in the midst of downgrading a FGT firmware from the default v5.2.2, Build 642 to v5.0.7, Build 271...
... currently resources for the TFTP method is not available at the moment and might be delayed.
if your unit has a USB port, try "execute restore image usb ..."?
Also see How to restore previous version of firmware from flash disc via CLI.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings,
Hi Alex. We are downgrading to this particular firmware is due to standardization process. When a new FGT is installed, this was the instruction received.
I tried to re-downgrade again today and just noticed the error message as per image named "FGT_01.jpg". I had checked the firmware file and it is indeed for this model and was used successfully to downgrade other FGT with the same model.
Any idea on what are the possible reasons that this error message might appear?
Thanks & regards,
Ellyas.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Since this is a new device..., I'd use CLI to load the firmware as secondary image and see how that goes - "secondary-image usb ...".
PS. verified MD5 of the file?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings,
Hi Alex. Is there a way to load the preferred firmware from CLI besides the TFTP method? By the way, how can I load the firmware as secondary? Is the method applicable by GUI or strictly by CLI only?
How can I verify the MD5 checksum?
Thanks & regards,
Ellyas.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ellyas wrote:
Is there a way to load the preferred firmware from CLI besides the TFTP method?
Yes, USB!
how can I load the firmware as secondary? Is the method applicable by GUI or strictly by CLI only?
Your GUI method is failing, so, I suggest CLI - "execute restore usb ..." or "execute restore secondary-image usb ..."
How can I verify the MD5 checksum?
On Linux, built-in 'md5sum' command, on Windows md5summer.
Again, have a look at Knowledge Base article 'Loading FortiGate firmware image using TFTP'.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings,
Hi Alex. A had verified the MD5 checksum is okay. Which means that the firmware file is good to go. I also did download the exact same firmware file from Fortinet support page and re-downgrade it (via GUI) but still failed with the same error (firmware not supported for the device).
In order for me to proceed with either USB or TFTP, basically I need to have physical access to the box correct?
For TFTP method, I would need to wait for the site engineer to set it up. For USB method, I would need to further research on that method and share the info with my engineering team.
Is there any other method or idea to load the firmware besides USB and TFTP?
Thanks & regards,
Ellyas.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ellyas wrote:
Is there any other method or idea to load the firmware besides USB and TFTP?
Use ftp: 'image ftp filename server_ipv4[:port]|server_fqdn[:port] [username password]' ??
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi Ellyas,
You can try using FortiExplorer to downgrade or upgrade your firewall firmware version. You can try it if it works for you. Thanks
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings,
Hello team. Thank you for all your feedback, and my apologies for the delayed response as I was away during the weekend.
Below is what the result on what had been done so far:
1. Downgrade using GUI (several times).
--> Result: Error message prompted "The given image is not compatible with this hardware".
2. Downgrade using USB stick.
--> Result:
Reading boot image 1379656 bytes. Initializing firewall... System is starting... Get image from USB disk ... OK. Check image...Check image error. //Any idea about this error? Get config file from USB disk OK. File check OK.
The firmware file used to downgrade the box is "FGT_600C-v500-build3608-FORTINET.out"
Currently we are working to try and downgrade the box via TFTP server. Not sure whether it will work or not, but hoping for the best.
If you have any other info to share, it will be much appreciated.
Thanks & regards,
Ellyas.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Unable to activate Free FortiGate VM... 167 Views
- FortiAP offline/disconnected 391 Views
- Very low download performances on 30E 369 Views
- Difficulty Finding SSL VPN Configuration on... 368 Views
- Unable to load SD-WAN rules with... 501 Views
Labels
-
FortiGate
7,157 -
FortiClient
1,412 -
5.2
801 -
5.4
639 -
FortiManager
619 -
FortiAnalyzer
456 -
6.0
416 -
FortiAP
376 -
FortiSwitch
372 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
281 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
FortiNAC
128 -
6.4
128 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
103 -
FortiGateCloud
97 -
FortiSIEM
93 -
FortiCloud Products
89 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
65 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
48 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
39 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiSandbox
34 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
LDAP
18 -
Interface
18 -
FortiSwitch v6.2
17 -
Routing
17 -
VDOM
17 -
FortiMonitor
15 -
Authentication
15 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
FortiCASB
12 -
Application control
11 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
SSL SSH inspection
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
FortiAP profile
7 -
SNMP
7 -
4.0
7 -
Admin
7 -
Web application firewall profile
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
Automation
6 -
IPS signature
5 -
Packet capture
5 -
DNS Filter
5 -
FortiCache
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Fabric connector
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
Fortinet Engage Partner Program
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1 -
Service
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1062 | |
| 889 | |
| 527 | |
| 441 | |
| 152 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.