Update FortiGate firmware
Updating or upgrading a firewall is similar to upgrading the operating system so you should make the same preparations. Make sure everything is backed up and you have a plan in case something doesn’t work. Make a checklist to confirm that the update is successful. Finally, ensure you have enough time to do the update.
This is a summary of the steps for updating FortiGate firmware:
- Backup and store the old configuration on another server.
Do a full configuration backup using the CLI. This should already be part of your disaster recovery plan. If the upgrade fails, be sure you have a plan to get the firewall back up and running.
- Have copy of old firmware available.
This should also be part of your disaster recovery plan. If the upgrade fails, you might be able to switch the active partition. But be prepared for the worst case scenario where you need your old firmware.
- Have a disaster recovery option on standby, especially for a remote site.
This should be part of your plan in a critical failure. In this scenario, this is your plan if your firewall doesn’t come back up after the upgrade. In this case, you need access to the console port to find out why, such as if the DHCP or the IP has changed, or the OS is corrupt. You must have access to the console to find out. If there is no simple fix, be prepared for a format and TFTP reload.
- Read the release notes, including the upgrade path and bug information.
Be sure to read the release notes, preferably more than once. The release notes contain lots of important information, known bugs, fixed bugs, upgrade issues such as lost configuration settings.
- Double check everything.
For example, double check that your TFTP server is working, your console connection functions properly, you have read the release notes and understand everything that affects the upgrade for your FortiGate models, you have backed up your configuration, you have covered everything you might need for the upgrade.
- Perform the upgrade.
The upgrade itself usually doesn’t take very long, usually just a few minutes. But make sure you schedule enough time for the entire process and possible contingencies. If the upgrade is successful, you need time to check and confirm that all important functions are working, such as VPNs etc. If the upgrade fails, you need time to sort things out.
Sample upgrade
This is an example of upgrading the FortiGate from FortiOS 6.0.4 to 6.2.0.
To view the FortiOS firmware:
- Go to Dashboard.
The System Information widget shows the current firmware version.
To check if a new FortiOS firmware version is available:
- Go to System > Firmware.
If a new firmware version is available, a notice appears in the Current version section.
When a new FortiOS version is released, it may not be listed on your FortiGate right away. You can download the firmware from Fortinet Support, then use Upload Firmware to upgrade your FortiGate.
To upgrade to the latest version from FortiGuard:
- Go to System > Firmware.
- In the FortiGuard Firmware section, click Latest.
If you see a message saying there is no valid upgrade path for this firmware version, click All available and select a suitable firmware version for your FortiGate.
- Click Release Notes and read the release notes for that version.
Release Notes are also available from the Fortinet Documentation Library.
- Click Backup config and upgrade and follow the prompts.
- Save the backup of your configuration in case you need to restore it after the upgrade.
To upgrade to the latest version from local PC:
- Ensure you have downloaded the firmware from Fortinet Support.
- Go to System > Firmware.
- In the Upload Firmware section, click Browse and select the firware.
- Click Backup config and upgrade and follow the prompts.
- Save the backup of your configuration in case you need to restore it after the upgrade.
FortiGate uploads and installs the firmware, and then restarts and displays the login screen.
See the procedure above to view the FortiOS firmware to ensure you are running the new firmware version.