My Network Security Journal: January 2025

Wednesday, January 8, 2025

FortiGate Direct Firmware Upgrade

You can "safely" upgrade the FortiOS directly to the target firmware code if it's brand new and since it still has a default configuration. You only follow the upgrade path if there's an existing configuration and the upgrade process will handle the changes in the command line or features (if there's any).

I upgraded a brand new standalone FortiGate and it was shipped with a default 6.4 firmware.

FortiGate-xxF login: admin

Password:

You are forced to change your password. Please input a new password.

New Password:

Confirm Password:

Welcome!

FortiGate-xxF # get system status

Version: FortiGate-xxF v6.4.4,build5543,201214 (GA)

Firmware Signature: certified

Virus-DB: 1.00000(2018-04-09 18:07)

Extended DB: 1.00000(2018-04-09 18:07)

IPS-DB: 6.00741(2015-12-01 02:30)

IPS-ETDB: 6.00741(2015-12-01 02:30)

APP-DB: 6.00741(2015-12-01 02:30)

INDUSTRIAL-DB: 6.00741(2015-12-01 02:30)

Serial-Number: FGxxFT923901234

IPS Malicious URL Database: 1.00001(2015-01-01 01:01)

BIOS version: 05000011

System Part-Number: P25132-01

Log hard disk: Available

Hostname: FortiGate-xxF

Private Encryption: Disable

Operation Mode: NAT

Current virtual domain: root

Max number of virtual domains: 10

Virtual domains status: 1 in NAT mode, 0 in TP mode

Virtual domain configuration: disable

FIPS-CC mode: disable

Current HA mode: standalone

Branch point: 1803

Release Version Information: GA

FortiOS x86-64: Yes

I uploaded the target firmware and the direct upgrade only took around 4 minutes to complete. I proceeded with the configuration afterwards.