Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Fortinet white logo
Fortinet docs logo DOCUMENT LIBRARY
Products Best Practices Hardware Guides Products A-Z
Summary
By Solution
By 4D Pillars
By Cloud
Secure Networking
Unified SASE
Security Operations
Secure SD-WAN
Secure Access Service Edge (SASE)
ZTNA
LAN Edge
Identity and Access Management
Next Generation Firewall
Public Cloud
Private Cloud
FortiCloud
Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
    • More >>
    Unified SASE
  • Single Vendor SASE
  • Cloud Network Security
  • Secure Endpoint Connectivity
  • Web Application / API Protection
    • More >>
    Security Operations
  • Security Operations Automation
  • Identity
  • Early Detection & Prevention
    • More >>
    Secure Networking
  • Hybrid Mesh Firewall
  • NOC Management
  • LAN
  • WAN
  • Communication & Surveillance
    • Unified SASE
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Cloud Network Security
  • Cloud-Native Security
  • Web Application / API Protection
    • Security Operations
  • Security Operations Automation
  • Endpoint
  • Data Protection
  • Identity
  • Email
  • Early Detection & Prevention
  • Expert Services
  • Edge Firewall
  • Orchestration & management
  • SD Branch
  • Application Delivery
  • Single Vendor SASE
  • Secure Endpoint Connectivity
  • Secure Private Access
  • Thin Edge
  • Identity
  • Application Gateway
  • Enterprise Asset Management
  • Endpoint Agent
  • Agentless Security Posture
  • Identity
  • Wireless
  • Switching
  • Identity
  • Privilege Acccess Management
  • Next Generation Firewall
  • Orchestration & management
  • Expert Services
  • All
  • All
  • Account Management
  • SAAS Management
  • SAAS Application Security
  • Managed Services
  • Platform as a service (PAAS)
  • Other SAAS Services
    • 4D Resources
    Solution Hubs
  • 4D Pillars
  • Cloud
  • Popular Solutions

    • Administration Guide

    Home FortiGate / FortiOS 7.6.0 Administration Guide
    7.6.0
    7.6.0
    7.4.5
    7.4.4
    7.4.3
    7.4.2
    7.4.1
    7.4.0
    7.2.10
    7.2.9
    7.2.8
    7.2.7
    7.2.6
    7.2.5
    7.2.4
    7.2.3
    7.2.2
    7.2.1
    7.2.0
    7.0.16
    7.0.15
    7.0.14
    7.0.13
    7.0.12
    7.0.11
    7.0.10
    7.0.9
    7.0.8
    7.0.7
    7.0.6
    7.0.5
    7.0.4
    7.0.3
    7.0.2
    7.0.1
    7.0.0
    6.4.15
    6.4.14
    6.4.13
    6.4.12
    6.4.11
    6.4.10
    6.4.9
    6.4.8
    6.4.7
    6.4.6
    6.4.5
    6.4.4
    6.4.3
    6.4.2
    6.4.1
    6.4.0

    Downgrading individual device firmware

    Downgrading individual device firmware

    note icon

    Downgrading the firmware is not recommended.

    Downgrading FortiGates in an HA cluster causes all cluster members to be downgraded simultaneously. This process, also known as an interrupted downgrade, leads to a temporary interruption in the cluster’s communication.

    This procedure downgrades the FortiGate to a previous firmware version. After downgrading, you may be unable to restore the backup configuration.

    To downgrade to a previous firmware version in the GUI:

    1. Log into the FortiGate GUI as the admin administrative user.

    2. Go to System > Firmware & Registration. The Firmware Version column displays the version and either (Feature) or (Mature).

    3. Select the FortiGate, and click Upgrade. The FortiGate Upgrade pane opens.

    4. Select FortiGate only, and click Next to proceed to the Select Firmware step.

    5. For the Select Firmware step:

      1. On the All Downgrades tab, select a firmware version, and click Select.

        Note

        You can also click the File Upload tab to upload a firmware file that you previously downloaded from the Fortinet Customer Service & Support website.

        See Downloading a firmware image.

      2. Click Next. A Downgrade confirmation message is displayed

      3. Click Yes to proceed to the Choose Schedule step.

    6. For the Choose Schedule step:

      1. Choose a schedule:

        Immediate

        Select to start the upgrade immediately after completing the FortiGate Upgrade wizard.

        Specify

        Select to schedule a date and time to start the upgrade after completing the FortiGate Upgrade wizard.

      2. Click Next to proceed to the Review step.

    7. For the Review step, review the downgrade plan, and click Confirm and Backup Config to proceed. The Confirm dialog box is displayed.

    8. Click Yes to continue with the downgrade.

      The FortiGate unit backs up the current configuration to the management computer, uploads the firmware image file, downgrades to the firmware version, and restarts. This process takes a few minutes.

    To downgrade to a previous firmware version in the CLI:

    1. Make sure that the TFTP server is running.

    2. Copy the new firmware image file to the root directory of the TFTP server.

    3. Log into the CLI.

    4. Ping the TFTP server to ensure that the FortiGate can connect to it: 

      execute ping <tftp_ipv4>

    5. Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit:

      execute restore image tftp <filename> <tftp_ipv4>

      The FortiGate unit responds with the message: 

      This operation will replace the current firmware version!
Do you want to continue? (y/n)

    6. Type y. The FortiGate unit uploads the firmware image file, then a message similar to the following is shown:

      Get image from tftp server OK.
Check image OK. 
This operation will downgrade the current firmware version!
Do you want to continue? (y/n)

    7. Type y. The FortiGate unit downgrades to the old firmware version and restarts. This process takes a few minutes.

    8. Reconnect to the CLI.

    9. Update the antivirus and attack definitions:

      execute update-now
    Previous
    Next

    Downgrading individual device firmware

    Downgrading individual device firmware

    note icon

    Downgrading the firmware is not recommended.

    Downgrading FortiGates in an HA cluster causes all cluster members to be downgraded simultaneously. This process, also known as an interrupted downgrade, leads to a temporary interruption in the cluster’s communication.

    This procedure downgrades the FortiGate to a previous firmware version. After downgrading, you may be unable to restore the backup configuration.

    To downgrade to a previous firmware version in the GUI:

    1. Log into the FortiGate GUI as the admin administrative user.

    2. Go to System > Firmware & Registration. The Firmware Version column displays the version and either (Feature) or (Mature).

    3. Select the FortiGate, and click Upgrade. The FortiGate Upgrade pane opens.

    4. Select FortiGate only, and click Next to proceed to the Select Firmware step.

    5. For the Select Firmware step:

      1. On the All Downgrades tab, select a firmware version, and click Select.

        Note

        You can also click the File Upload tab to upload a firmware file that you previously downloaded from the Fortinet Customer Service & Support website.

        See Downloading a firmware image.

      2. Click Next. A Downgrade confirmation message is displayed

      3. Click Yes to proceed to the Choose Schedule step.

    6. For the Choose Schedule step:

      1. Choose a schedule:

        Immediate

        Select to start the upgrade immediately after completing the FortiGate Upgrade wizard.

        Specify

        Select to schedule a date and time to start the upgrade after completing the FortiGate Upgrade wizard.

      2. Click Next to proceed to the Review step.

    7. For the Review step, review the downgrade plan, and click Confirm and Backup Config to proceed. The Confirm dialog box is displayed.

    8. Click Yes to continue with the downgrade.

      The FortiGate unit backs up the current configuration to the management computer, uploads the firmware image file, downgrades to the firmware version, and restarts. This process takes a few minutes.

    To downgrade to a previous firmware version in the CLI:

    1. Make sure that the TFTP server is running.

    2. Copy the new firmware image file to the root directory of the TFTP server.

    3. Log into the CLI.

    4. Ping the TFTP server to ensure that the FortiGate can connect to it: 

      execute ping <tftp_ipv4>

    5. Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit:

      execute restore image tftp <filename> <tftp_ipv4>

      The FortiGate unit responds with the message: 

      This operation will replace the current firmware version!
Do you want to continue? (y/n)

    6. Type y. The FortiGate unit uploads the firmware image file, then a message similar to the following is shown:

      Get image from tftp server OK.
Check image OK. 
This operation will downgrade the current firmware version!
Do you want to continue? (y/n)

    7. Type y. The FortiGate unit downgrades to the old firmware version and restarts. This process takes a few minutes.

    8. Reconnect to the CLI.

    9. Update the antivirus and attack definitions:

      execute update-now
    Previous
    Next