Performing a firmware downgrade
Like upgrading, you need to make sure that it is done properly. While similar, the steps are somewhat different since there are other pitfalls in this case.
- Locate pre-upgrade configuration file.
Step 1 is very important. This is why, when you upgrade, you make a backup of your old configuration and save it. If you do not, then you will need to rebuild manually.
- Have copy of old firmware available.
Step 2 is fairly obvious. Even with devices that have multiple partitions and your downgrade process is simply going to be to switch the active partition, this could go wrong. In which case, you may be without Internet access. A professional has a plan for when things go wrong.
- Have disaster recovery option on standby - especially if remote.
Step 3 is no different from before. Hopefully you do not need to format the unit, but be prepared for that just in case.
- Read the release notes - is a downgrade possible, or necessary?
Step 4, once again, is to READ THE RELEASE NOTES. In this case, you will need to do this for the version that you are on, and the version that you are downgrading to, and everything in between (if you are going back multiple major releases or patches). Maybe the OS switched from 32 to 64 bits somewhere between the two firmware releases. In order to help make sure that nothing major goes wrong, check the upgrade and downgrade information in every major release and patch, as it may have a direct impact on your options.
- Double check everything.
- Downgrade - all settings, except those needed for access, are lost.
Step 5 and 6 are the same as before. Double check everything, then downgrade.
- Restore pre-upgrade configuration.
Step 7 is new. Most settings are lost when you downgrade so in order to get back up and running you will need to restore your old configuration file.
Downgrading FortiGates in an HA cluster causes all cluster members to be downgraded simultaneously. This process, also known as an interrupted downgrade, leads to a temporary interruption in the cluster’s communication. |