Upgrading Fortigate Firmware
Preface
One of the key responsibilities in system management is ensuring the system is always running on the most stable version. This is particularly crucial for cybersecurity systems like firewalls, as updates often address and fix vulnerabilities.
If you frequently manage and deploy Fortigate Firewalls, updating the firmware is one of the first essential tasks, especially if the device is still running on its outdated default firmware.
NOTE
This note is based on Fortigate version 7.0.x, if you use a version below that, you can adjust it.
Prerequisite
Some things that are needed beforehand:
- Access to [support.fortinet.com];
- Admin access to the firewall device to be updated.
Procedure
If Fortigate has access to the internet
If our Fortigate has direct access to the internet, we should be able to directly upgrade the firmware by going to the System -> Firmware
menu, selecting the latest available Firmware version, and then pressing the Confirm and Backup Config
button. If we did a multi-step upgrade, you can repeat the steps until you reach the desired Firmware version.
If Fortigate does not have access to the internet
If our Fortigate does not have access to the internet, then we inevitably have to upgrade the firmware manually.
Check Upgrade Path
If we want to upgrade the Firmware from a fairly outdated version, we will most likely have to do a multi-step upgrade. In general, what usually needs to be done are: 1). Upgrade to the latest patch of the current minor version; 2). Upgrade to the latest patch of the next minor version; 3). Ad infinitum until you get to the latest patch of the minor version you want.
NOTE
To check the required upgrade path, you can use the tools from Fortinet which are available here
Download Firmware File from Fortinet Support
Then, of course, we need the required firmware file. We can download the file via [support.fortinet.com], then from the nav bar above, select the Support -> Downloads -> Firmware Download
menu. Find the patch version you need from your Fortigate model, then download the file by pressing the HTTPS
button in the far right column.
Upload Firmware File to Fortigate System
In Fortigate, go to the System -> Firmware
menu, then select File Upload
, then select the Firmware File that you have downloaded earlier.
NOTE
Before the Firmware upgrade process there should be an option to download the last configuration backup, but just in case you can do a backup first before upgrading.
To download the configuration backup can be done from your user name menu in the upper right corner, then select
Configuration -> Backup
.
Conclusion
At this point we should just wait for the upgrade process to complete and the device to finish rebooting (if you are using an HA setup, the current primary device will be replaced by a secondary device temporarily). You just have to pray that the Fortigate can come back to life normally.
For those who need to do a multi-step upgrade, you just need to repeat the previous steps until you reach the required patch version.
CAUTION
It is a good idea to be on site during the Firmware upgrade process, just in case you lose remote access and need to access via console.