Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • New Features

    7.4.0
    7.6.0
    7.4.0
    7.2.0
    7.0.0
    6.4.0
    6.2.0

    Support automatic federated firmware updates of managed FortiAPs and FortiSwitches 7.4.1

    Support automatic federated firmware updates of managed FortiAPs and FortiSwitches 7.4.1

    When the automatic firmware updates setting is enabled, in addition to an automatic federated upgrade being performed on the FortiGate, automatic federated upgrades are now performed on any managed FortiAPs and FortiSwitches. The federated upgrades of these LAN edge devices adhere to the FortiOS-FortiAP and FortiOS-FortiSwitch compatibility matrix information maintained on the FortiGuard Distribution Network (FDN).

    Example 1: FortiAP

    In this example, automatic firmware updates are enabled on a FortiGate that is running 7.4.0. The FortiGate and two FortiAPs with older firmware are upgraded after the federated update.

    To configure automatic federated firmware updates:
    config system fortiguard
    set auto-firmware-upgrade enable
    set auto-firmware-upgrade-day sunday monday tuesday wednesday thursday friday saturday
    set auto-firmware-upgrade-delay 0
    set auto-firmware-upgrade-start-hour 17
    set auto-firmware-upgrade-end-hour 19
end

    The auto-upgrade time is scheduled daily, between 5:00 p.m. and 7:00 p.m.

    To verify that the federated update occurs:

    1. Verify that the update is scheduled:

      FortiGate-401F (global) # diagnose test application forticldd 13
Scheduled push image upgrade: no
Scheduled Config Restore: no
Scheduled Script Restore: no
Automatic image upgrade: Enabled.
    Next upgrade check scheduled at (local time) Tue Sep 12 17:25:03 2023

    2. Verify the current firmware versions of the devices.

      1. For the FortiGate:

        FortiGate-401F # get system status | grep Version
Version: FortiGate-401F v7.4.0,build2360,230509 (GA.F)

      2. For the FortiAPs:

        FortiGate-401F (root) # get wireless wtp-status connection-state
Managed-devices in current vdom root:
    wtp-id                    : FP223E5519001619
    software-version : FP223E-v7.2-build0317
    connection-state : Connected
    wtp-id                    : FP231FTF23046483
    software-version : FP231F-v7.2-build0318
    connection-state : Connected

    3. Verify the compatibility matrix:

      FortiGate-401F (global) # diagnose test application forticldd 15
Last update: 1573 secs ago

FP223E:    7.4.0 b529 07004000FIMG0504204000 (FGT Version 7.4.1 b0)
FP231F:    7.4.0 b540 07004000FIMG0505804000 (FGT Version 7.4.1 b0)

    4. Verify the installation schedule after the patch update is detected:

      FortiGate-401F (global) # diagnose test application forticldd 13
Scheduled push image upgrade: no
Scheduled Config Restore: no
Scheduled Script Restore: no
Automatic image upgrade: Enabled.
    Next upgrade check scheduled at (local time) Wed Sep 13 17:11:50 2023
    New image 7.4.1b2463(07004000FIMG0030404001) installation is scheduled to
        start at Wed Sep 13 17:04:47 2023
        end by Wed Sep 13 19:00:00 2023

    5. Verify which devices will be included in the federated update:

      FortiGate-401F (global) # show system federated-upgrade
config system federated-upgrade
    set status initialized
    set upgrade-id 1
    config node-list
        edit "FG4H1FT922901903"
            set timing immediate
            set maximum-minutes 115
            set setup-time 00:04 2023/09/14 UTC
            set upgrade-path 7-4-1
        next
        edit "FP223E5519001619"
            set timing immediate
            set maximum-minutes 115
            set setup-time 00:04 2023/09/14 UTC
            set upgrade-path 7-4-1
            set device-type fortiap
            set coordinating-fortigate "FG4H1FT922901903"
        next
        edit "FP231FTF23046483"
            set timing immediate
            set maximum-minutes 115
            set setup-time 00:04 2023/09/14 UTC
            set upgrade-path 7-4-1
            set device-type fortiap
            set coordinating-fortigate "FG4H1FT922901903" 
        next
    end
end

    6. Wait for the FortiGate to perform the federated update.

    7. After the federated update is complete, verify that the devices were upgraded to the latest version.

      1. For the FortiGate:

        FortiGate-401F # get system status | grep Version
Version: FortiGate-401F v7.4.1,build2463,230830 (GA.F)

      2. For the FortiAPs:

        FortiGate-401F (root) # get wireless wtp-status connection-state
    wtp-id                    : FP223E5519001619
    software-version : FP223E-v7.4-build0529
    connection-state : Connected
    wtp-id                    : FP231FTF23046483
    software-version : FP231F-v7.4-build0540
    connection-state : Connected

    Example 2: FortiSwitch

    In this example, automatic firmware updates are enabled on a FortiGate that is running 7.4.1. Two FortiSwitches with older firmware are upgraded after the federated update.

    To configure automatic federated firmware updates:
    config system fortiguard
    set auto-firmware-upgrade enable
    set auto-firmware-upgrade-day tuesday 
    set auto-firmware-upgrade-delay 0
    set auto-firmware-upgrade-start-hour 11
    set auto-firmware-upgrade-end-hour 12
end

    The auto-upgrade time is scheduled on Tuesday, between 11:00 a.m. and 12:00 p.m.

    To verify that the federated update occurs:

    1. Verify that the update is scheduled:

      FGT_A (global) # diagnose test application forticldd 13
Scheduled push image upgrade: no
Scheduled Config Restore: no
Scheduled Script Restore: no
Automatic image upgrade: Enabled.
        Next upgrade check scheduled at (local time) Tue Sep  5 11:06:58 2023

    2. Verify if there are managed FortiSwitches that can be upgraded:

      FGT_A (vdom1) # execute switch-controller get-conn-status 
Managed-devices in current vdom vdom1:

FortiLink interface : flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            SERIAL          
FS1D243Z17000032  v7.2.5 (453)      Authorized/Up   2   169.254.1.4     Tue Sep  5 10:16:26 2023    FS1D243Z17000032
S548DF4K16000730  v7.0.7 (096)      Authorized/Up   2   169.254.1.5     Tue Sep  5 10:16:51 2023    S548DF4K16000730

         Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 3=L3, V=VXLAN
         Managed-Switches: 2 (UP: 2 DOWN: 0 MAX: 72)

    3. Verify the compatibility matrix:

      FGT_A (global) # diagnose test application forticldd 16
Last update: 3 secs ago

FS1D24: 7.4.0 b767 07004000FIMG0900304000 (FGT Version 7.4.1 b0)

    4. Wait for the FortiGate to perform the federated update.

    5. After the federated update is complete, verify that the managed FortiSwitches were upgraded to the latest version:

      FGT_A (vdom1) # execute switch-controller  get-conn-status 
Managed-devices in current vdom vdom1:

FortiLink interface : flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            SERIAL          
FS1D243Z17000032  v7.4.0 (767)      Authorized/Up   2   169.254.1.2     Tue Sep  5 11:22:44 2023    FS1D243Z17000032
S548DF4K16000730  v7.4.0 (767)      Authorized/Up   2   169.254.1.5     Tue Sep  5 11:23:37 2023    S548DF4K16000730

         Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 3=L3, V=VXLAN
         Managed-Switches: 2 (UP: 2 DOWN: 0 MAX: 72)
    Previous
    Next

    Support automatic federated firmware updates of managed FortiAPs and FortiSwitches 7.4.1

    Support automatic federated firmware updates of managed FortiAPs and FortiSwitches 7.4.1

    When the automatic firmware updates setting is enabled, in addition to an automatic federated upgrade being performed on the FortiGate, automatic federated upgrades are now performed on any managed FortiAPs and FortiSwitches. The federated upgrades of these LAN edge devices adhere to the FortiOS-FortiAP and FortiOS-FortiSwitch compatibility matrix information maintained on the FortiGuard Distribution Network (FDN).

    Example 1: FortiAP

    In this example, automatic firmware updates are enabled on a FortiGate that is running 7.4.0. The FortiGate and two FortiAPs with older firmware are upgraded after the federated update.

    To configure automatic federated firmware updates:
    config system fortiguard
    set auto-firmware-upgrade enable
    set auto-firmware-upgrade-day sunday monday tuesday wednesday thursday friday saturday
    set auto-firmware-upgrade-delay 0
    set auto-firmware-upgrade-start-hour 17
    set auto-firmware-upgrade-end-hour 19
end

    The auto-upgrade time is scheduled daily, between 5:00 p.m. and 7:00 p.m.

    To verify that the federated update occurs:

    1. Verify that the update is scheduled:

      FortiGate-401F (global) # diagnose test application forticldd 13
Scheduled push image upgrade: no
Scheduled Config Restore: no
Scheduled Script Restore: no
Automatic image upgrade: Enabled.
    Next upgrade check scheduled at (local time) Tue Sep 12 17:25:03 2023

    2. Verify the current firmware versions of the devices.

      1. For the FortiGate:

        FortiGate-401F # get system status | grep Version
Version: FortiGate-401F v7.4.0,build2360,230509 (GA.F)

      2. For the FortiAPs:

        FortiGate-401F (root) # get wireless wtp-status connection-state
Managed-devices in current vdom root:
    wtp-id                    : FP223E5519001619
    software-version : FP223E-v7.2-build0317
    connection-state : Connected
    wtp-id                    : FP231FTF23046483
    software-version : FP231F-v7.2-build0318
    connection-state : Connected

    3. Verify the compatibility matrix:

      FortiGate-401F (global) # diagnose test application forticldd 15
Last update: 1573 secs ago

FP223E:    7.4.0 b529 07004000FIMG0504204000 (FGT Version 7.4.1 b0)
FP231F:    7.4.0 b540 07004000FIMG0505804000 (FGT Version 7.4.1 b0)

    4. Verify the installation schedule after the patch update is detected:

      FortiGate-401F (global) # diagnose test application forticldd 13
Scheduled push image upgrade: no
Scheduled Config Restore: no
Scheduled Script Restore: no
Automatic image upgrade: Enabled.
    Next upgrade check scheduled at (local time) Wed Sep 13 17:11:50 2023
    New image 7.4.1b2463(07004000FIMG0030404001) installation is scheduled to
        start at Wed Sep 13 17:04:47 2023
        end by Wed Sep 13 19:00:00 2023

    5. Verify which devices will be included in the federated update:

      FortiGate-401F (global) # show system federated-upgrade
config system federated-upgrade
    set status initialized
    set upgrade-id 1
    config node-list
        edit "FG4H1FT922901903"
            set timing immediate
            set maximum-minutes 115
            set setup-time 00:04 2023/09/14 UTC
            set upgrade-path 7-4-1
        next
        edit "FP223E5519001619"
            set timing immediate
            set maximum-minutes 115
            set setup-time 00:04 2023/09/14 UTC
            set upgrade-path 7-4-1
            set device-type fortiap
            set coordinating-fortigate "FG4H1FT922901903"
        next
        edit "FP231FTF23046483"
            set timing immediate
            set maximum-minutes 115
            set setup-time 00:04 2023/09/14 UTC
            set upgrade-path 7-4-1
            set device-type fortiap
            set coordinating-fortigate "FG4H1FT922901903" 
        next
    end
end

    6. Wait for the FortiGate to perform the federated update.

    7. After the federated update is complete, verify that the devices were upgraded to the latest version.

      1. For the FortiGate:

        FortiGate-401F # get system status | grep Version
Version: FortiGate-401F v7.4.1,build2463,230830 (GA.F)

      2. For the FortiAPs:

        FortiGate-401F (root) # get wireless wtp-status connection-state
    wtp-id                    : FP223E5519001619
    software-version : FP223E-v7.4-build0529
    connection-state : Connected
    wtp-id                    : FP231FTF23046483
    software-version : FP231F-v7.4-build0540
    connection-state : Connected

    Example 2: FortiSwitch

    In this example, automatic firmware updates are enabled on a FortiGate that is running 7.4.1. Two FortiSwitches with older firmware are upgraded after the federated update.

    To configure automatic federated firmware updates:
    config system fortiguard
    set auto-firmware-upgrade enable
    set auto-firmware-upgrade-day tuesday 
    set auto-firmware-upgrade-delay 0
    set auto-firmware-upgrade-start-hour 11
    set auto-firmware-upgrade-end-hour 12
end

    The auto-upgrade time is scheduled on Tuesday, between 11:00 a.m. and 12:00 p.m.

    To verify that the federated update occurs:

    1. Verify that the update is scheduled:

      FGT_A (global) # diagnose test application forticldd 13
Scheduled push image upgrade: no
Scheduled Config Restore: no
Scheduled Script Restore: no
Automatic image upgrade: Enabled.
        Next upgrade check scheduled at (local time) Tue Sep  5 11:06:58 2023

    2. Verify if there are managed FortiSwitches that can be upgraded:

      FGT_A (vdom1) # execute switch-controller get-conn-status 
Managed-devices in current vdom vdom1:

FortiLink interface : flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            SERIAL          
FS1D243Z17000032  v7.2.5 (453)      Authorized/Up   2   169.254.1.4     Tue Sep  5 10:16:26 2023    FS1D243Z17000032
S548DF4K16000730  v7.0.7 (096)      Authorized/Up   2   169.254.1.5     Tue Sep  5 10:16:51 2023    S548DF4K16000730

         Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 3=L3, V=VXLAN
         Managed-Switches: 2 (UP: 2 DOWN: 0 MAX: 72)

    3. Verify the compatibility matrix:

      FGT_A (global) # diagnose test application forticldd 16
Last update: 3 secs ago

FS1D24: 7.4.0 b767 07004000FIMG0900304000 (FGT Version 7.4.1 b0)

    4. Wait for the FortiGate to perform the federated update.

    5. After the federated update is complete, verify that the managed FortiSwitches were upgraded to the latest version:

      FGT_A (vdom1) # execute switch-controller  get-conn-status 
Managed-devices in current vdom vdom1:

FortiLink interface : flink
SWITCH-ID         VERSION           STATUS         FLAG   ADDRESS              JOIN-TIME            SERIAL          
FS1D243Z17000032  v7.4.0 (767)      Authorized/Up   2   169.254.1.2     Tue Sep  5 11:22:44 2023    FS1D243Z17000032
S548DF4K16000730  v7.4.0 (767)      Authorized/Up   2   169.254.1.5     Tue Sep  5 11:23:37 2023    S548DF4K16000730

         Flags: C=config sync, U=upgrading, S=staged, D=delayed reboot pending, E=config sync error, 3=L3, V=VXLAN
         Managed-Switches: 2 (UP: 2 DOWN: 0 MAX: 72)
    Previous
    Next