Fortinet white logo
Fortinet white logo

Administration Guide

Downgrading individual device firmware

Downgrading individual device firmware

note icon

Downgrading the firmware is not recommended.

Downgrading FortiGates in an HA cluster causes all cluster members to be downgraded simultaneously. This process, also known as an interrupted downgrade, leads to a temporary interruption in the cluster’s communication.

This procedure downgrades the FortiGate to a previous firmware version. After downgrading, you may be unable to restore the backup configuration.

To downgrade to a previous firmware version in the GUI:
  1. Log into the FortiGate GUI as the admin administrative user.

  2. Go to System > Firmware & Registration. The Firmware Version column displays the version and either (Feature) or (Mature).

  3. Select the FortiGate, and click Upgrade. The FortiGate Upgrade pane opens.

  4. Click one of the following tabs to select a downgrade method:

    All Downgrades

    Click the All Downgrades tab to view and select all firmware versions that are available from FortiGuard for downgrade.

    File Upload

    Click the File Upload tab to upload a firmware file that you previously downloaded from the Fortinet Customer Service & Support website.

    See Downloading a firmware image.

    In this example, the All Downgrades tab is selected.

  5. Select a firmware version and click Confirm and Backup Config. A warning message is displayed.

  6. Click Continue to continue with the downgrade.

    The FortiGate unit backs up the current configuration to the management computer, uploads the firmware image file, downgrades to the firmware version, and restarts. This process takes a few minutes.

To downgrade to a previous firmware version in the CLI:
  1. Make sure that the TFTP server is running.

  2. Copy the new firmware image file to the root directory of the TFTP server.

  3. Log into the CLI.

  4. Ping the TFTP server to ensure that the FortiGate can connect to it:

    execute ping <tftp_ipv4>
  5. Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit:

    execute restore image tftp <filename> <tftp_ipv4>

    The FortiGate unit responds with the message:

    This operation will replace the current firmware version!
    Do you want to continue? (y/n)
  6. Type y. The FortiGate unit uploads the firmware image file, then a message similar to the following is shown:

    Get image from tftp server OK.
    Check image OK. 
    This operation will downgrade the current firmware version!
    Do you want to continue? (y/n)
  7. Type y. The FortiGate unit downgrades to the old firmware version and restarts. This process takes a few minutes.

  8. Reconnect to the CLI.

  9. Update the antivirus and attack definitions:

    execute update-now

Downgrading individual device firmware

Downgrading individual device firmware

note icon

Downgrading the firmware is not recommended.

Downgrading FortiGates in an HA cluster causes all cluster members to be downgraded simultaneously. This process, also known as an interrupted downgrade, leads to a temporary interruption in the cluster’s communication.

This procedure downgrades the FortiGate to a previous firmware version. After downgrading, you may be unable to restore the backup configuration.

To downgrade to a previous firmware version in the GUI:
  1. Log into the FortiGate GUI as the admin administrative user.

  2. Go to System > Firmware & Registration. The Firmware Version column displays the version and either (Feature) or (Mature).

  3. Select the FortiGate, and click Upgrade. The FortiGate Upgrade pane opens.

  4. Click one of the following tabs to select a downgrade method:

    All Downgrades

    Click the All Downgrades tab to view and select all firmware versions that are available from FortiGuard for downgrade.

    File Upload

    Click the File Upload tab to upload a firmware file that you previously downloaded from the Fortinet Customer Service & Support website.

    See Downloading a firmware image.

    In this example, the All Downgrades tab is selected.

  5. Select a firmware version and click Confirm and Backup Config. A warning message is displayed.

  6. Click Continue to continue with the downgrade.

    The FortiGate unit backs up the current configuration to the management computer, uploads the firmware image file, downgrades to the firmware version, and restarts. This process takes a few minutes.

To downgrade to a previous firmware version in the CLI:
  1. Make sure that the TFTP server is running.

  2. Copy the new firmware image file to the root directory of the TFTP server.

  3. Log into the CLI.

  4. Ping the TFTP server to ensure that the FortiGate can connect to it:

    execute ping <tftp_ipv4>
  5. Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit:

    execute restore image tftp <filename> <tftp_ipv4>

    The FortiGate unit responds with the message:

    This operation will replace the current firmware version!
    Do you want to continue? (y/n)
  6. Type y. The FortiGate unit uploads the firmware image file, then a message similar to the following is shown:

    Get image from tftp server OK.
    Check image OK. 
    This operation will downgrade the current firmware version!
    Do you want to continue? (y/n)
  7. Type y. The FortiGate unit downgrades to the old firmware version and restarts. This process takes a few minutes.

  8. Reconnect to the CLI.

  9. Update the antivirus and attack definitions:

    execute update-now