Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
bdv
New Contributor

Created on ‎09-04-2023 10:19 PM

Check Available Firmware Updates From CLI/SSH

Hello, Like the title.

 

Is it possible to check Available or pending Firmware updates within the CLI via SSH?

 

If not how can I request such a feature?

eg:

FG-60E # get system status

Version: FortiGate-60E...

Security Level: 1
Firmware Signature: certified

Firmware Upgrade Available: Version 7.4.1

 

Kind regards,

B

Labels:
3811
0 Kudos
13 REPLIES 13
dbu
Staff
Staff

Created on ‎09-04-2023 10:36 PM

Hello @bdv ,

If you require this feature, this has to be addresses through a NFR.

A  new Feature Requests need to be worked with the Systems Engineer (SE) that covers your territory.

http://www.fortinet.com/aboutus/locations.html

 

Alternatively it can be done through Regional Sales Partner Channel

http://www.fortinet.com/partners/reseller_locator/locator.html

 

They can take in your request and submit it to development, but this does not guarantee that the new feature will be implemented, it will depend on the demand or need for the feature. 

 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
3221
0 Kudos
ucsspace
New Contributor
In response to dbu

Created on ‎09-29-2023 06:39 PM Edited on ‎09-29-2023 06:39 PM

thanks

2998
0 Kudos
pminarik
Staff
Staff

Created on ‎09-05-2023 12:08 AM Edited on ‎09-05-2023 12:11 AM

There isn't a command that will give you a simple "update available: yes/no" output, but there is a command that will show you a list of images available for download via FortiGuard + individual valid update steps. It roughly matches what you will see offered to you when you use the GUI to download firmware upgrades/downgrades for you:

 

diag test app forticldd 14

 

The first part will show you the available images:

 

# diag test app forticldd 14
There are total 80 images, last update: 80748 secs ago
Image-07004000FIMG0012004001: version:7-4-1b2463-F, release_num=4, build_time=2309020144, type=upgrade
Image-07004000FIMG0012004000: version:7-4-0b2360-F, release_num=4, build_time=2305121006, type=upgrade
Image-07002000FIMG0012002005: version:7-2-5b1517-F, release_num=2, build_time=2306100555, type=upgrade
Image-07002000FIMG0012002003: version:7-2-3b1262-F, release_num=2, build_time=2211122004, type=downgrade
Image-07002000FIMG0012002002: version:7-2-2b1255-F, release_num=2, build_time=2210052007, type=downgrade

 There is possible edge-case where an update might be already available for manual download but not yet available though FortiGuard, but most of the time this output should match the real availability of recent new firmware versions.

[ corrections always welcome ]
3196
bdv
New Contributor
In response to pminarik

Created on ‎09-05-2023 12:36 AM

Thank you! This is much closer to the solution I was looking for.

 

I'll consider putting forward a feature request.

 

B

3190
0 Kudos
lpg300
New Contributor
In response to pminarik

Created on ‎09-28-2023 11:35 PM

Hi there,

 

I've tried running the command which works to receive the version numbers, however when I try to grep the command in order to produce a modified output, grep does not filter the output but still displays the entire command's output. Please see attachment.

 

Thanks!diag test grep output.png

3035
0 Kudos
dbu
Staff
Staff
In response to lpg300

Created on ‎09-29-2023 03:36 AM

Hi @lpg300 ,
I believe it is filtering the output as it is showing only the lines which contain word "downgrade". 

What do you expect to see ? 

Regards!
If you have found a solution, please like and accept it to make it easily accessible for others.
3019
lpg300
New Contributor
In response to dbu

Created on ‎09-29-2023 04:02 PM

Hi @dbu,

 

I screenshotted just the first few lines as it displays the entire output, I've changed the grep text. See attached.

 

Thanks!

diag test output grep.png

3003
0 Kudos
xsilver_FTNT
Staff
Staff
In response to lpg300

Created on ‎10-13-2023 12:03 AM

No need to grep. Kindly note that "diag test forticldd 14" (as posted by @pminarik) does list possible downgrades, but then list upgrades as "Upgrade matrix" .. Similarly to diagnose fdsm posted by @carlosaleman .

 

Sample from FortiOS 7.2.4:

... cut ...
2023-10-13 08:28:57 Image-05004000FIMG0019104009: version:5-4-9b1202-, release_num=0, build_time=1805152027, type=downgrade
2023-10-13 08:28:57 Image-05004000FIMG0019104008: version:5-4-8b1183-, release_num=0, build_time=1801190557, type=downgrade
2023-10-13 08:28:57 Image-05004000FIMG0019104007: version:5-4-7b1167-, release_num=0, build_time=1712120207, type=downgrade
2023-10-13 08:28:57
Upgrade matrix:
v7.4.0.b2360 -> v7.4.1.b2463    (id:07004000FIMG0019104001)
v7.2.6.b1575 -> v7.4.1.b2463    (id:07004000FIMG0019104001)
v7.2.5.b1517 -> v7.4.1.b2463    (id:07004000FIMG0019104001)
v7.2.5.b1517 -> v7.4.0.b2360    (id:07004000FIMG0019104000)
v7.2.5.b1517 -> v7.2.6.b1575    (id:07002000FIMG0019102006)
... cut ...

 

Tomas Stribrny - NASDAQ:FTNT - Fortinet Inc. - TAC Staff Engineer
AAA, MFA, VoIP and other Fortinet stuff

2791
0 Kudos
pminarik
Staff
Staff
In response to lpg300

Created on ‎10-02-2023 01:39 AM

The answer is simple but not very satisfactory: Some commands just don't support filtering by grep.

[ corrections always welcome ]
2934
Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.