My Network Security Journal: FortiGate Firewall Firmware Upgrade

Here's a link regarding the firmware upgrade of a standalone FortiGate firewall using the web GUI.

To check the current FortiOS firmware version (in FortiOS 6.x), go to System > Firmware > Current version: FortiOS v6.4.6 build6083

You can perform a firmware upgrade either online via FortiGuard or manually (offline) which I've performed in this post. My target firmware is 7.2.2 build1255.

Always check the upgrade path using the Fortinet Upgrade Path tool and release notes. Select Current Product from the drop-down option (FortiGate-40F) > select Current FortiOS Version: 6.4.6 > select Upgrade to FortiOS Version: 7.2.2 > click GO.

The Recommended Upgrade Path is: 6.4.6 build 1879 > 6.4.8 build 1914 > 7.0.7 build 0367 > 7.2.2 build 1255.

Since I'm already on firmware version 6.4.6 build 6083, I upgraded first to 6.4.8 build 1914.

Go to FortiCloud > Support > Downloads > Firmware Download. You'll need to create a login and valid support contract in order to download the firmware.

Go to Download tab

Select the v7.00 directory folder.

Select the 7.2 directory folder.

Download the firmware according to FortiGate platform/model. In this case I used a FortiGate 40F.

Use the get system status command to verify in CLI.

FW01_PRI # get system status

Version: FortiGate-40F v6.4.6,build6083,210729 (GA)

Firmware Signature: certified

Virus-DB: 1.00000(2018-04-09 18:07)

Extended DB: 1.00000(2018-04-09 18:07)

IPS-DB: 6.00741(2015-12-01 02:30)

IPS-ETDB: 0.00000(2001-01-01 00:00)

APP-DB: 6.00741(2015-12-01 02:30)

INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)

Serial-Number: FGT40FTK21091234

IPS Malicious URL Database: 4.00561(2022-12-15 11:35)

BIOS version: 05000021

System Part-Number: P24680-04

Log hard disk: Not available

Hostname: FW01_PRI

Private Encryption: Disable

Operation Mode: NAT

Current virtual domain: root

Max number of virtual domains: 10

Virtual domains status: 1 in NAT mode, 0 in TP mode

Virtual domain configuration: disable

FIPS-CC mode: disable

Current HA mode: standalone

Branch point: 1879

Release Version Information: GA

System time: Fri Feb 10 20:39:21 2023

Download the firmware files needed for the upgrade path.

Click Checksum to view the MD5 and SHA-512 checksum code string/hash.

Click HTTPS hyperlink to download the firmware file.

Go to System > Firmware > Select file > Browse > select the firmware file in your PC.

Click Backup config and upgrade.

Click Continue to proceed.

FortiGate-40F #

Firmware upgrade in progress ...

The FortiGate device will auto reboot. The firmware upgrade took around 3 minutes to complete and the login page with auto refresh.

The FortiGate will automatically backup the config and save in Downloads folder.

Upon login, it will show a quick video of the latest features in the new firmware.

The FortiGate doesn't have an Internet connection yet, so it failed to load the video.

Click OK to procced.

You can view the current firmware (in FortiOS 6.x) under System > Firmware > Current version: FortiOS v6.4.8 build 1914.

You can also view the firmware using the get system status command.

FortiGate-40F # get system status

Version: FortiGate-40F v6.4.8,build1914,211117 (GA)