Upgrading Fortigate Firmware

Preface

One of the key responsibilities in system management is ensuring the system is always running on the most stable version. This is particularly crucial for cybersecurity systems like firewalls, as updates often address and fix vulnerabilities.

If you frequently manage and deploy Fortigate Firewalls, updating the firmware is one of the first essential tasks, especially if the device is still running on its outdated default firmware.

NOTE

This note is based on Fortigate version 7.0.x, if you use a version below that, you can adjust it.

Prerequisite

Some things that are needed beforehand:

  • Access to [support.fortinet.com];
  • Admin access to the firewall device to be updated.

Procedure

If Fortigate has access to the internet

If our Fortigate has direct access to the internet, we should be able to directly upgrade the firmware by going to the System -> Firmware menu, selecting the latest available Firmware version, and then pressing the Confirm and Backup Config button. If we did a multi-step upgrade, you can repeat the steps until you reach the desired Firmware version.

If Fortigate does not have access to the internet

If our Fortigate does not have access to the internet, then we inevitably have to upgrade the firmware manually.

Check Upgrade Path

If we want to upgrade the Firmware from a fairly outdated version, we will most likely have to do a multi-step upgrade. In general, what usually needs to be done are: 1). Upgrade to the latest patch of the current minor version; 2). Upgrade to the latest patch of the next minor version; 3). Ad infinitum until you get to the latest patch of the minor version you want.

NOTE

To check the required upgrade path, you can use the tools from Fortinet which are available here

Download Firmware File from Fortinet Support

Then, of course, we need the required firmware file. We can download the file via [support.fortinet.com], then from the nav bar above, select the Support -> Downloads -> Firmware Download menu. Find the patch version you need from your Fortigate model, then download the file by pressing the HTTPS button in the far right column.

Upload Firmware File to Fortigate System

In Fortigate, go to the System -> Firmware menu, then select File Upload, then select the Firmware File that you have downloaded earlier.

NOTE

Before the Firmware upgrade process there should be an option to download the last configuration backup, but just in case you can do a backup first before upgrading.

To download the configuration backup can be done from your user name menu in the upper right corner, then select Configuration -> Backup.

Conclusion

At this point we should just wait for the upgrade process to complete and the device to finish rebooting (if you are using an HA setup, the current primary device will be replaced by a secondary device temporarily). You just have to pray that the Fortigate can come back to life normally.

For those who need to do a multi-step upgrade, you just need to repeat the previous steps until you reach the required patch version.

CAUTION

It is a good idea to be on site during the Firmware upgrade process, just in case you lose remote access and need to access via console.

References