How the FortiGate firmware license works
Maintaining an active support contract for your FortiGate allows you to access the latest firmware upgrades, including both major and minor versions, such as upgrading from FortiOS 6.0 to 7.0 or from FortiOS 7.0 to 7.2. However, even without an active support contract, FortiGate ensures your security is not compromised. You still have the ability to upgrade to a higher patch build, such as from FortiOS 7.4.0 to 7.4.1, ensuring you receive crucial security updates.
You can confirm the Firmware & General Updates (FMWR) contract expiry date in the System > FortiGuard page, by using the diagnose test update info contract | grep FMWR
command or by hovering your mouse over the Updates tile in the Licenses widget in Dashboard > Status.
Firmware upgrades are performed in the System > Firmware & Registration page or in the CLI. To demonstrate the functionality of this feature, the following examples use FortiGates that are running and upgrading to fictitious build numbers. For more information on performing an upgrade, see Upgrading individual device firmware. |
Upgrading firmware in the GUI
If the contract is expired, the following upgrade attempts will be blocked in the GUI System > Firmware & Registration page:
-
If a higher, major or minor version firmware is uploaded to the FortiGate, the upgrade cannot be processed and a warning will display.
In the following example, a firmware image file is uploaded in an attempt to upgrade the FortiGate from 7.4.1 to 7.6.0. However, since the license is expired, the upgrade is denied and a warning is displayed.
-
FortiGuard upgrades will be unavailable until the support contract is renewed.
When the support contract is expired, the following action is still available in the GUI System > Firmware & Registration page:
-
The FortiGate firmware can be upgraded to a higher patch build to allow for necessary security updates.
In the following example, a firmware image file is uploaded in an attempt to upgrade from 7.4.1 to 7.4.3. Since it is a patch release, the file is accepted and the upgrade can proceed.
Upgrading firmware in the CLI
The following example demonstrates what occurs when upgrading the firmware to a patch build and to a higher version with an expired license in the CLI. The patch upgrade successfully upgrades the firmware from FortiOS 7.4.0 to 7.4.3. The major upgrade attempts and fails to upgrade the firmware from FortiOS 7.4.0 to 7.6.3.
To upgrade the firmware to a higher patch build:
-
Confirm the current firmware version:
# get system status Version: FortiGate-301E v7.4.0,build2303,230307 (interim)
-
Upgrade the firmware:
# execute restore image tftp v743-B2400-GA-M_B230309_FGT_301E.out 172.16.200.55 This operation will replace the current firmware version! Do you want to continue? (y/n)y Please wait... Connect to tftp server 172.16.200.55 ... ...... Firmware upgrade in progress ... Done.
-
Confirm the new firmware version:
# get system status Version: FortiGate-301E v7.4.3,build2400,230309 (GA.M)
To upgrade the firmware to a higher major version:
-
Confirm the current firmware version:
# get system status Version: FortiGate-301E v7.4.0,build2303,230307 (interim)
-
Upgrade the firmware:
# execute restore image tftp v763-B1505-GA-F_B234847_FGT_301E.out 172.16.200.55 ...... Firmware update licence is expired! Please update to a valid licence. Command fail. Return code -180