Upgrade Firmware

FortiOS upgrades fix bugs, patch CVEs, and add features. Plan carefully — bad upgrades brick units. Always backup first; always check upgrade path; always test in a maintenance window.

Before You Start

• Read the release notes for the target version. Pay attention to known issues, supported upgrade paths, and breaking changes.
• Check the upgrade path. You usually can't jump from 7.0.x → 7.4.x directly; you may need an intermediate hop (7.0 → 7.2 → 7.4). Fortinet publishes upgrade-path docs per model.
• Take a backup (see Back Up and Restore Configuration).
• Have console cable ready in case the upgrade hangs or rolls back.
• Schedule a maintenance window. Upgrade typically takes 5-15 minutes; a botched upgrade may take much longer to recover.

Upgrade via GUI

1. System → Firmware.
2. Available Updates lists firmware FortiGuard sees as available.
3. Click the version you want.
4. Upload Firmware Image alternative: get the .out file from Fortinet Support manually, click Upload Firmware and pick.
5. Click Backup config and upgrade — recommended; FortiGate stores the config snapshot internally before upgrading.
6. Confirm.
7. The FortiGate reboots and applies the new firmware. ~5-10 minutes downtime.

📸 Screenshot needed

System → Firmware page showing the Available Updates list and the highlighted upgrade button.

Upgrade via CLI

# Download firmware to FortiGate first:
execute restore image tftp <filename>.out <tftp-server-ip>
# (or FTP/USB)

# Confirm and reboot:
y

After the Upgrade

1. Verify firmware version: get system status.
2. Check that licenses are still active: Dashboard → Status → Licenses.
3. Test critical functions:
   • Internet access from LAN.
   • Inbound VIPs.
   • VPN tunnels (diagnose vpn tunnel list).
   • Admin GUI loads.
4. Monitor logs for 24-48 hours: Log & Report → System Events.

Roll Back

If the new firmware misbehaves:

# Switch to the backup partition (which has the old firmware):
execute set-next-reboot primary    # or secondary, whichever holds your old version
execute reboot

Some models have two firmware slots — current and backup. The old version stays in the inactive slot until next upgrade overwrites it.

Or restore from the pre-upgrade config backup if needed.

Don't skip the backup

"I'll just roll back" assumes the upgrade succeeds enough to give you the GUI to roll back from. Bricked upgrades require console + TFTP firmware load to recover. Always backup config off-box first.

Common Issues

• Upgrade hangs. Console cable in. Wait at least 15 minutes (some upgrades are slow). If truly hung, power-cycle and watch console for boot messages.
• Licenses inactive after upgrade. Re-register or refresh: System → FortiGuard → Update licenses now.
• Config didn't migrate cleanly. Spot-check key policies/VPNs. Some features change format between major versions.
• Boot loops after upgrade. Use Roll Back a Firmware Upgrade procedure.

Related Pages

• Back Up and Restore Configuration
• Roll Back a Firmware Upgrade
• Check System Information