- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- FortiWebCloud
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Unable To Downgrade FGT Firmware
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Unable To Downgrade FGT Firmware
Greetings,
Hello team. Currently I am in the midst of downgrading a FGT firmware from the default v5.2.2, Build 642 to v5.0.7, Build 271. Once the downgrading has been done, the FGT is refreshed and I was prompted to log in again.
However once I had logged in, I can see that the firmware was not downgraded to the preferred firmware. I had tried to downgrade again, but still firmware still shows v5.2.2, Build 642 instead of the preferred v5.0.7, Build 271.
Our engineer had suggested to try and downgrade via TFTP. But currently resources for the TFTP method is not available at the moment and might be delayed.
May I know is there any other way to perform the downgrade? Also, way was the downgrade not successful even though there were no error message prompted? Seek your immediate advice.
Thanks & regards,
Ellyas.
- « Previous
-
- 1
- 2
- Next »
15 REPLIES 15
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings,
Hi team. Yes the firmware is correct since it was the same firmware used to downgrade other same newly installed FGT 600C. Currently I am liaising with the engineer to try and load the image from TFTP server.
I will share any other findings here.
Thanks & regards,
Ellyas.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings,
Hello team. I was able to downgrade the FGT to the preferred firmware (finally). This was done by TFTP method. Our security engineering team also had highlighted to Fortinet Support team and they mentioned that it is the best option for downgrading/upgrading in case normal GUI method does not work.
Thank you for all your feedback and input on this case, appreciate it.
Thanks & regards,
Ellyas.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Ellyas wrote:Seems like it was the only option. Doesn't sound right. Did Fortigate log it as a bug?
Fortinet Support team .. mentioned that it (TFTP) is the best option for downgrading/upgrading in case normal GUI method does not work.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Greetings,
Hi Alex. Not sure if Fortinet support has log it as a bug or not though. Recently I just received the advice from our security engineer saying that Fortinet support mentioned "TFTP is the best option".
And yeah, in my case here it seems that TFTP is the only option, lol... =)
Nevertheless, since the TFTP method seems to work and I was able to load the required firmware to the box, it's all good here.
Most importantly now I know what to do if similar cases like this happen again in the future.
Thank you team for your input and support. =)
Thanks & regards,
Ellyas.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
this doesn't need to be complicated.
First, please post your hardware model, and the exact filename of the image you are planning to use.
You can downgrade to any version using a USB stick:
1. load the right image file onto the stick. Make a copy with the name "image.out".
2. Copy a matching config file onto the stick. Make a copy with the name "fgt_system.conf".
3. In the GUI, in System > Config > Advanced, check both checkboxes to auto-load the firmware and config files on boot.
4. reboot the FGT
After the reboot check for config errors:
in the CLI, type "diag deb conf read"
and post it here if any.
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Are you 100% sure you have the right image for your model-type? It's common to incorrectly try to place a non-Wireless image on a wiFi model or even a PoE model
Also have you looked and doing a tftp-upload after a disk reformat?
Also have you tried to look at what's on your disk partions?
(start with )
diag hardware deviceinfo disk
and then
execute disk list
and then a scan
execute disk scan
I bet your problem is one of the following;
1: wrong image for the model of unit
2: wrong calculated checksum
3: bad partition that needs a reformat
4: or it's a bug that requires you reformat in order to download
I known with earlier pre5.0 code the filesystem format is extended type2 vrs now it's extended type3. If your doing a downgrade and are local to the unit, I would just do a interrupted boot , followed by a re-fromat, and then tftp upload.
I would also look at the release notes for the proper download path if any. I wouldn't be surprised if this is a issue from 5.2.x to 5.0.7 but who knows.
let us know what you find?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
- « Previous
-
- 1
- 2
- Next »
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Unable to activate Free FortiGate VM... 179 Views
- FortiAP offline/disconnected 399 Views
- Very low download performances on 30E 370 Views
- Difficulty Finding SSL VPN Configuration on... 377 Views
- Unable to load SD-WAN rules with... 514 Views
Labels
-
FortiGate
7,164 -
FortiClient
1,415 -
5.2
801 -
5.4
639 -
FortiManager
620 -
FortiAnalyzer
456 -
6.0
416 -
FortiAP
376 -
FortiSwitch
374 -
5.6
362 -
FortiClient EMS
291 -
FortiMail
281 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
FortiNAC
128 -
6.4
128 -
FortiGuard
115 -
IPsec
108 -
SSL-VPN
105 -
FortiGateCloud
97 -
FortiSIEM
93 -
FortiCloud Products
89 -
FortiToken
77 -
Customer Service
71 -
Wireless Controller
65 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
49 -
FortiADC
45 -
FortiEDR
44 -
Fortivoice
44 -
FortiDNS
39 -
FortiExtender
35 -
FortiGate v5.4
35 -
FortiAuthenticator
35 -
FortiSandbox
34 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
LDAP
19 -
FortiPortal
18 -
Interface
18 -
FortiSwitch v6.2
17 -
Routing
17 -
VDOM
17 -
FortiMonitor
15 -
Authentication
15 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
FortiDDoS
14 -
Logging
14 -
NAT
13 -
RADIUS
12 -
FortiCASB
12 -
Application control
11 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
SSL SSH inspection
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
SNMP
8 -
FortiGate v4.0 MR3
8 -
OSPF
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
FortiAP profile
7 -
4.0
7 -
Admin
7 -
Web application firewall profile
7 -
Static route
6 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
Automation
6 -
IPS signature
5 -
Packet capture
5 -
DNS Filter
5 -
FortiCache
5 -
FortiManager v4.0
5 -
trunk
5 -
FortiDeceptor
4 -
FortiDirector
4 -
Web rating
4 -
Intrusion prevention
4 -
Port policy
4 -
Antivirus profile
4 -
FortiPAM
4 -
FortiCarrier
4 -
FortiTester
4 -
3.6
4 -
DLP sensor
4 -
FortiScan
4 -
Fabric connector
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
Fortinet Engage Partner Program
3 -
DLP Dictionary
3 -
DLP profile
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
FortiInsight
2 -
Netflow
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
VoIP profile
2 -
Internet Service Database
2 -
Explicit proxy
2 -
4.0MR1
1 -
Multicast policy
1 -
Zone
1 -
FortiCWP
1 -
Kerberos
1 -
Subscription Renewal Policy
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
FortiManager-VM
1 -
Authentication rule and scheme
1 -
Service
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1063 | |
| 889 | |
| 527 | |
| 441 | |
| 152 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.