Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.6.0 Administration Guide
    7.6.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Enabling automatic firmware upgrades

    Enabling automatic firmware upgrades

    Automatic firmware upgrades can be configured from the FortiGate Setup wizard, the System > Firmware & Registration pane, or the CLI with the auto-firmware-upgrade option. When enabled, FortiGates use the FortiGuard upgrade path to check FortiGuard for firmware updates within the same major release. Checks are performed daily within a specified time period. When a new patch release is available, a firmware upgrade is scheduled.

    After the patch release is successfully installed, an email is sent to the FortiCloud account that the FortiGate is registered to.

    Note

    • By default, entry-level FortiGates (lower than 100 series) have automatic firmware upgrades enabled.

    • Automatic firmware upgrade cannot be enabled for FortiGates belonging to a Security Fabric or FortiGates under management by a FortiManager.

    • When automatic firmware upgrades are enabled, FortiSwitch and FortiAP firmware will also be updated as part of the federated update. 

    config system fortiguard
    set auto-firmware-upgrade {enable | disable}
    set auto-firmware-upgrade-day {sunday monday tuesday wednesday thursday friday saturday}
    set auto-firmware-upgrade-delay <integer>
    set auto-firmware-upgrade-start-hour <integer>
    set auto-firmware-upgrade-end-hour <integer>
end

    auto-firmware-upgrade {enable | disable}

    Enable/disable automatic patch-level firmware upgrade from FortiGuard.

    auto-firmware-upgrade-day {sunday monday tuesday wednesday thursday friday saturday}

    Enter the allowed day or days of the week to start the automatic patch-level firmware upgrade from FortiGuard.

    auto-firmware-upgrade-delay <integer>

    Enter the number of days to wait before automatically installing the automatic patch-level firmware upgrade from FortiGuard (default = 3).

    auto-firmware-upgrade-start-hour <integer>

    Set the start time of the designated time window for the automatic patch-level firmware upgrade from FortiGuard (in hours, 0 - 23, default = 2). The actual upgrade time is randomly selected in the time window.

    auto-firmware-upgrade-end-hour <integer>

    Set the end time of the designated time window for the automatic patch-level firmware upgrade from FortiGuard (in hours, 0 - 23, default = 4). When this value it is smaller than the start time, it will be treated as the same time in the next day. The actual upgrade time is randomly selected in the time window.
    Note

    The auto-firmware-upgrade-delay command overrides the auto-firmware-upgrade-day command. Disable auto-firmware-upgrade-delay by setting it to zero if you would rather use the auto-firmware-upgrade-day command to select a day of the week for automatic installation, regardless of when the patch release is detected.

    Example

    The following example demonstrates setting automatic firmware upgrades after a delay of three days.

    To configure automatic firmware upgrades in the GUI:

    1. Log in to the FortiGate GUI and click Begin.

    2. Select Enable automatic patch upgrades for v7.4 (default setting).

    3. Edit the upgrade and installation settings as needed (Upgrade schedule, Delay by number of days, Install during specified time), then click Save and continue.

      Note

      If Disable automatic patch upgrades is selected, this can be changed later from the System > Firmware & Registration page by clicking the Disable automatic patch upgrades notification.

    4. The Enable Automatic Patch Upgrades dialog opens. Select I acknowledge and click OK to proceed.

      The FortiGate will be updated based on the configured schedule when a new patch is available.

    5. An email is sent to alert the administrator that the firmware upgrade schedule has changed.

      Sample email after configuring automatic firmware upgrades:

      From: DoNotReply@fortinet-notifications.com <DoNotReply@fortinet-notifications.com>
Sent: Tuesday, July 25, 2023 11:08 AM
To: ********** <*****@fortinet.com>
Subject: Automatic firmware upgrade schedule changed

date=2023-07-25 time=11:07:34 devid="FG81EPTK19000000" devname="FortiGate-81E-POE" eventtime=1690308454221334719 tz="-0700" logid="0100032263" type="event" subtype="system" level="notice" vd="root" logdesc="Automatic firmware upgrade schedule changed" user="system" msg="System patch-level auto-upgrade regular check enabled."

    6. Once a patch is detected, an email is sent to alert the administrator that a new image installation is scheduled.

      Sample email after a new image installation is scheduled:

      From: DoNotReply@fortinet-notifications.com <DoNotReply@fortinet-notifications.com>
Sent: Friday, July 21, 2023 1:17 PM
To: ********** <*****@fortinet.com>
Subject: Automatic firmware upgrade schedule changed

date=2023-07-21 time=13:16:50 devid="FG81EPTK19000000" devname="FortiGate-81E-POE" eventtime=1689970609076391174 tz="-0700" logid="0100032263" type="event" subtype="system" level="notice" vd="root" logdesc="Automatic firmware upgrade schedule changed" user="system" msg="System patch-level auto-upgrade new image installation scheduled between local time Sat Jul 22 13:03:56 2023 and local time Sat Jul 22 14:00:00 2023."

    7. After the image installation is completed, an email is sent to alert the administrator that the federated upgrade is complete.

      Sample email after the federated upgrade is complete:

      From: DoNotReply@fortinet-notifications.com <DoNotReply@fortinet-notifications.com>
Sent: Friday, July 22, 2023 2:00 PM
To: ********** <*****@fortinet.com>
Subject: A federated upgrade was completed by the root FortiGate

date=2023-07-22 time=14:00:09 devid="FG81EPTK19000000" devname="FortiGate-81E-POE" eventtime=1689973183346851869 tz="-0700" logid="0100022094" type="event" subtype="system" level="information" vd="root" logdesc="A federated upgrade was completed by the root FortiGate" msg="Federated upgrade complete" version="7.4.2"
    To configure automatic firmware upgrades in the CLI:
    config system fortiguard
    set auto-firmware-upgrade enable
    set auto-firmware-upgrade-delay 3
    set auto-firmware-upgrade-start-hour 2
    set auto-firmware-upgrade-end-hour 4
end

    The FortiGate will perform a check between the start and end hours set for the firmware upgrade to review if there is an upgrade available.

    To review the available firmware upgrade check schedule:
    # diagnose test application forticldd 13
Scheduled push image upgrade: no
Scheduled Config Restore: no
Scheduled Script Restore: no
Automatic image upgrade: Enabled.
        Next upgrade check scheduled at (local time) Thu Mar 29 03:10:56 2023

    When an available patch upgrade is detected, the automatic firmware update will be scheduled based on the set upgrade delay.

    Sample event log after a new patch upgrade is detected:
    date=2023-03-29 time=03:10:56 eventtime=1679336380720695924 tz="-0700" 
logid="0100032263" type="event" subtype="system" level="notice" vd="vdom1" 
logdesc="Automatic firmware upgrade schedule changed" user="system" 
msg="System patch-level auto-upgrade new image installation scheduled 
     between local time Sat Apr 01 03:10:56 2023 and local time Sat Apr 01 04:00:00 2023."
    To review the installation window of new patch releases in the CLI:
    # diagnose test application forticldd 13
Scheduled push image upgrade: no
Scheduled Config Restore: no
Scheduled Script Restore: no
Automatic image upgrade: Enabled.
        Next upgrade check scheduled at (local time) Mon Mar 30 03:10:56 2023
        New image 7.4.1b2305(07004000FIMG0021204001) installation is scheduled to
                start at Sat Apr 01 03:10:56:21 2023
                end by Sat Apr 01 04:00:00 2023

    Once the firmware patch is successfully installed, an event log is created to track the change and an email is sent to the FortiCloud account under which the FortiGate is registered.

    Note

    If the FortiGate is part of a Fabric or managed by FortiManager, the Automatic image upgrade option is set to disabled.

    # diagnose test application forticldd 13
...
Automatic image upgrade: disabled.
    Sample event log after successfully updating firmware:
    date=2023-04-01 time=03:13:04 devid="FG3H1E5819904039" devname="D" eventtime=1679590383750408029 tz="-0700" 
logid="0100022094" type="event" subtype="system" level="information" vd="vdom1" 
logdesc="A federated upgrade was completed by the root FortiGate" 
msg="Federated upgrade complete" version="7.4.1"
    Previous
    Next

    Enabling automatic firmware upgrades

    Enabling automatic firmware upgrades

    Automatic firmware upgrades can be configured from the FortiGate Setup wizard, the System > Firmware & Registration pane, or the CLI with the auto-firmware-upgrade option. When enabled, FortiGates use the FortiGuard upgrade path to check FortiGuard for firmware updates within the same major release. Checks are performed daily within a specified time period. When a new patch release is available, a firmware upgrade is scheduled.

    After the patch release is successfully installed, an email is sent to the FortiCloud account that the FortiGate is registered to.

    Note

    • By default, entry-level FortiGates (lower than 100 series) have automatic firmware upgrades enabled.

    • Automatic firmware upgrade cannot be enabled for FortiGates belonging to a Security Fabric or FortiGates under management by a FortiManager.

    • When automatic firmware upgrades are enabled, FortiSwitch and FortiAP firmware will also be updated as part of the federated update. 

    config system fortiguard
    set auto-firmware-upgrade {enable | disable}
    set auto-firmware-upgrade-day {sunday monday tuesday wednesday thursday friday saturday}
    set auto-firmware-upgrade-delay <integer>
    set auto-firmware-upgrade-start-hour <integer>
    set auto-firmware-upgrade-end-hour <integer>
end

    auto-firmware-upgrade {enable | disable}

    Enable/disable automatic patch-level firmware upgrade from FortiGuard.

    auto-firmware-upgrade-day {sunday monday tuesday wednesday thursday friday saturday}

    Enter the allowed day or days of the week to start the automatic patch-level firmware upgrade from FortiGuard.

    auto-firmware-upgrade-delay <integer>

    Enter the number of days to wait before automatically installing the automatic patch-level firmware upgrade from FortiGuard (default = 3).

    auto-firmware-upgrade-start-hour <integer>

    Set the start time of the designated time window for the automatic patch-level firmware upgrade from FortiGuard (in hours, 0 - 23, default = 2). The actual upgrade time is randomly selected in the time window.

    auto-firmware-upgrade-end-hour <integer>

    Set the end time of the designated time window for the automatic patch-level firmware upgrade from FortiGuard (in hours, 0 - 23, default = 4). When this value it is smaller than the start time, it will be treated as the same time in the next day. The actual upgrade time is randomly selected in the time window.
    Note

    The auto-firmware-upgrade-delay command overrides the auto-firmware-upgrade-day command. Disable auto-firmware-upgrade-delay by setting it to zero if you would rather use the auto-firmware-upgrade-day command to select a day of the week for automatic installation, regardless of when the patch release is detected.

    Example

    The following example demonstrates setting automatic firmware upgrades after a delay of three days.

    To configure automatic firmware upgrades in the GUI:

    1. Log in to the FortiGate GUI and click Begin.

    2. Select Enable automatic patch upgrades for v7.4 (default setting).

    3. Edit the upgrade and installation settings as needed (Upgrade schedule, Delay by number of days, Install during specified time), then click Save and continue.

      Note

      If Disable automatic patch upgrades is selected, this can be changed later from the System > Firmware & Registration page by clicking the Disable automatic patch upgrades notification.

    4. The Enable Automatic Patch Upgrades dialog opens. Select I acknowledge and click OK to proceed.

      The FortiGate will be updated based on the configured schedule when a new patch is available.

    5. An email is sent to alert the administrator that the firmware upgrade schedule has changed.

      Sample email after configuring automatic firmware upgrades:

      From: DoNotReply@fortinet-notifications.com <DoNotReply@fortinet-notifications.com>
Sent: Tuesday, July 25, 2023 11:08 AM
To: ********** <*****@fortinet.com>
Subject: Automatic firmware upgrade schedule changed

date=2023-07-25 time=11:07:34 devid="FG81EPTK19000000" devname="FortiGate-81E-POE" eventtime=1690308454221334719 tz="-0700" logid="0100032263" type="event" subtype="system" level="notice" vd="root" logdesc="Automatic firmware upgrade schedule changed" user="system" msg="System patch-level auto-upgrade regular check enabled."

    6. Once a patch is detected, an email is sent to alert the administrator that a new image installation is scheduled.

      Sample email after a new image installation is scheduled:

      From: DoNotReply@fortinet-notifications.com <DoNotReply@fortinet-notifications.com>
Sent: Friday, July 21, 2023 1:17 PM
To: ********** <*****@fortinet.com>
Subject: Automatic firmware upgrade schedule changed

date=2023-07-21 time=13:16:50 devid="FG81EPTK19000000" devname="FortiGate-81E-POE" eventtime=1689970609076391174 tz="-0700" logid="0100032263" type="event" subtype="system" level="notice" vd="root" logdesc="Automatic firmware upgrade schedule changed" user="system" msg="System patch-level auto-upgrade new image installation scheduled between local time Sat Jul 22 13:03:56 2023 and local time Sat Jul 22 14:00:00 2023."

    7. After the image installation is completed, an email is sent to alert the administrator that the federated upgrade is complete.

      Sample email after the federated upgrade is complete:

      From: DoNotReply@fortinet-notifications.com <DoNotReply@fortinet-notifications.com>
Sent: Friday, July 22, 2023 2:00 PM
To: ********** <*****@fortinet.com>
Subject: A federated upgrade was completed by the root FortiGate

date=2023-07-22 time=14:00:09 devid="FG81EPTK19000000" devname="FortiGate-81E-POE" eventtime=1689973183346851869 tz="-0700" logid="0100022094" type="event" subtype="system" level="information" vd="root" logdesc="A federated upgrade was completed by the root FortiGate" msg="Federated upgrade complete" version="7.4.2"
    To configure automatic firmware upgrades in the CLI:
    config system fortiguard
    set auto-firmware-upgrade enable
    set auto-firmware-upgrade-delay 3
    set auto-firmware-upgrade-start-hour 2
    set auto-firmware-upgrade-end-hour 4
end

    The FortiGate will perform a check between the start and end hours set for the firmware upgrade to review if there is an upgrade available.

    To review the available firmware upgrade check schedule:
    # diagnose test application forticldd 13
Scheduled push image upgrade: no
Scheduled Config Restore: no
Scheduled Script Restore: no
Automatic image upgrade: Enabled.
        Next upgrade check scheduled at (local time) Thu Mar 29 03:10:56 2023

    When an available patch upgrade is detected, the automatic firmware update will be scheduled based on the set upgrade delay.

    Sample event log after a new patch upgrade is detected:
    date=2023-03-29 time=03:10:56 eventtime=1679336380720695924 tz="-0700" 
logid="0100032263" type="event" subtype="system" level="notice" vd="vdom1" 
logdesc="Automatic firmware upgrade schedule changed" user="system" 
msg="System patch-level auto-upgrade new image installation scheduled 
     between local time Sat Apr 01 03:10:56 2023 and local time Sat Apr 01 04:00:00 2023."
    To review the installation window of new patch releases in the CLI:
    # diagnose test application forticldd 13
Scheduled push image upgrade: no
Scheduled Config Restore: no
Scheduled Script Restore: no
Automatic image upgrade: Enabled.
        Next upgrade check scheduled at (local time) Mon Mar 30 03:10:56 2023
        New image 7.4.1b2305(07004000FIMG0021204001) installation is scheduled to
                start at Sat Apr 01 03:10:56:21 2023
                end by Sat Apr 01 04:00:00 2023

    Once the firmware patch is successfully installed, an event log is created to track the change and an email is sent to the FortiCloud account under which the FortiGate is registered.

    Note

    If the FortiGate is part of a Fabric or managed by FortiManager, the Automatic image upgrade option is set to disabled.

    # diagnose test application forticldd 13
...
Automatic image upgrade: disabled.
    Sample event log after successfully updating firmware:
    date=2023-04-01 time=03:13:04 devid="FG3H1E5819904039" devname="D" eventtime=1679590383750408029 tz="-0700" 
logid="0100022094" type="event" subtype="system" level="information" vd="vdom1" 
logdesc="A federated upgrade was completed by the root FortiGate" 
msg="Federated upgrade complete" version="7.4.1"
    Previous
    Next