Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
BlueP
New Contributor II

firmware upgrade

Our firewall (FortiGate-500E v7.0.14, build0601) is currently experiencing issues with upgrading to newer firmware versions. There are two options available: versions 7.2.7 and 7.2.8. However, the release notes for version 7.2.7 indicate a bug affecting IPsec tunnels, while version 7.2.8 has a known issue with routing and SD-WAN

 

How should I determine the most suitable version for the upgrade?

known issues: 7.2.7 -->> https://docs.fortinet.com/document/fortigate/7.2.7/fortios-release-notes/236526/known-issues

 

 

known issues: 7.2.8 --> https://docs.fortinet.com/document/fortigate/7.2.8/fortios-release-notes/236526/known-issues

 

 

 

 

2 Solutions
Umer221

@BlueP 

Yes, you are good to follow the upgrade path tool, please refer to the follow article for details:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Manual-firmware-upgrade-by-referring-to-an...

 

In order to view if a firmware version is Mature or a Feature, you can use the above article to login to Fortinet support site, follow the instructions where it walks you through to the download page.

 

You can see "FFW_2600F-v7.2.9.M-build1688-FORTINET.out" for 7.2.9 version where M refers to mature version and "FFW_2600F-v7.4.4.F-build2662-FORTINET.out" for 7.4.4 version where "v7.4.4.F" F refers to Feature.

 

Please see the attached screenshots for a reference.

 

View solution in original post

Toshi_Esumi

I think @Umer221 meant to show "FGT_500E-..."
But I strongly recommend you go up to 7.2.9 or 7.2.10 due to some vulnerabilities in those 7.2.7 and 7.2.8. See the release notes of 7.2.9, at the bottom of "Resolved Issues" section.

Toshi

View solution in original post

10 REPLIES 10
zoludwo2
New Contributor

Agreed. IPMI/iDrac/iLo present with vulnerabilities like any software. For those concerned about firmware updates breaking servers, or otherwise causing undesirable behavior, I suggest you ensure you have a test machine in the lab https://100001.onl/  .

Umer221
Staff
Staff

@BlueP 

 

When upgrading from version 7.0.14 to later versions, be sure not to skip version 7.0.15. Although the upgrade path tool may not indicate 7.0.15 as a required step, you should consult this article for further guidance: Technical Tip - Boot failure after upgrading to v7.0.15.

 

Therefore, please ensure you upgrade to 7.0.15 before proceeding to subsequent versions.

 

Additionally, it’s recommended to test upgrades in your lab environment first, as this issue may not occur on all devices. It can vary depending on the specific topology and device type in use.

 

 

Toshi_Esumi

@Umer221If my interpretation of the KB is correct, the version you shouldn't skip is not 7.0.15 but it's 7.0.14. Am I reading it wrong?

  • The error message 'failed verification on /data/datafs.tar.gz' can occur when upgrading from any version lower than v7.0.14 once skipped the upgrade path and upgraded directly to v7.0.15 or above.
  • Before upgrading, the system must be on the base of v7.0.14.


Toshi

 

Umer221

@Toshi_Esumi 

Thank you for catching this. Correct it is 7.0.14 version not suppose to be skipped, so it does not apply in this case.

Toshi_Esumi

We've learned this in a hard way and had to reload 7.0.14 from TFTP server for multiple devices. I wished we knew this much earlier. Thank you for the link, @Umer221 

Toshi

BlueP
New Contributor II

so that means am good to follow the upgrade path tool,

and may i know if there's a firmware version that tagged as mature from fortinet i mean if version 7.2.9 is mature or not

 

for example https://www.reddit.com/media?url=https%3A%2F%2Fpreview.redd.it%2F7-2-7-is-mature-v0-erj2xj1yschc1.pn...

 

Umer221

@BlueP 

Yes, you are good to follow the upgrade path tool, please refer to the follow article for details:
https://community.fortinet.com/t5/FortiGate/Technical-Tip-Manual-firmware-upgrade-by-referring-to-an...

 

In order to view if a firmware version is Mature or a Feature, you can use the above article to login to Fortinet support site, follow the instructions where it walks you through to the download page.

 

You can see "FFW_2600F-v7.2.9.M-build1688-FORTINET.out" for 7.2.9 version where M refers to mature version and "FFW_2600F-v7.4.4.F-build2662-FORTINET.out" for 7.4.4 version where "v7.4.4.F" F refers to Feature.

 

Please see the attached screenshots for a reference.

 

Toshi_Esumi

I think @Umer221 meant to show "FGT_500E-..."
But I strongly recommend you go up to 7.2.9 or 7.2.10 due to some vulnerabilities in those 7.2.7 and 7.2.8. See the release notes of 7.2.9, at the bottom of "Resolved Issues" section.

Toshi

BlueP
New Contributor II

Thank you very much bro

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors