How the FortiGate firmware license works
Firmware upgrades are performed in the System > Firmware & Registration page or in the CLI. To demonstrate the functionality of this feature, the following explanations and examples use FortiGates that are running and upgrading to fictitious build numbers with fictitious release dates. For more information on performing an upgrade, see Upgrading individual devices. |
You can confirm the Firmware & General Updates (FMWR) contract expiry date in the System > FortiGuard page, by using the diagnose test update info contract | grep FMWR
command, or by hovering your mouse over the Updates tile in the Licenses widget in Dashboard > Status.
Maintaining an active support contract for your FortiGate allows you to access the latest firmware upgrades and downgrades including:
-
Updates between major versions, such as upgrading from FortiOS 6.0 to 7.0
-
Updates between minor versions, such as upgrading from FortiOS 7.0 to 7.2
-
Updates between patch versions, such as upgrading from FortiOS 7.4.2 to 7.4.3
In FortiOS 7.4.2 and above, enforcement of an active FortiGate firmware license to allow firmware upgrades and downgrades has been improved. Enforcement is based on the expiry date of the current firmware license compared to the release date of the first GA release of a major version. For example, for FortiOS 7.4.x firmware upgrades, enforcement is based on the expiry date of the current support contract compared to the release date of FortiOS 7.4.0 GA.
Therefore, upgrades and downgrades between major, minor, and patch versions are only allowed if the firmware license is valid relative to the release date of the first GA release of a major version. If the firmware license expiry date is earlier than the firmware first GA major release date, then the firmware update to that version will not be allowed.
For example, the release dates of major versions are as follows:
-
7.4.0 GA release on May 8, 2023
-
7.6.0 GA release on March 31, 2024
-
7.8.0 GA release on March 31, 2025
This example is using fictitious GA release dates of future versions for illustrative purposes only. These dates do not indicate the official FortiOS release schedule. |
Firmware license expiry date |
Is a FortiGate firmware upgrade allowed to the target version? |
||
---|---|---|---|
7.4.x |
7.6.x |
7.8.x |
|
March 31, 2025 or later | Yes | Yes | Yes |
March 25, 2025 | Yes | Yes | No |
March 25, 2024 | Yes | No | No |
May 2, 2023 | No | No | No |
Downgrades from one major version to another are not blocked because the FortiGate should have had a firmware expiry date that is later than the release date of the older firmware major version.
For example, if the firmware license expiry date was March 25, 2024, the FortiGate is currently running 7.4.2 and you wanted to downgrade to 7.2.7, since the release date of 7.2.0 GA was March 31, 2022 then this firmware downgrade would be allowed. The firmware license expiry date is later than the release date of the older firmware major version, 7.2.0 GA.
Upgrading firmware in the GUI through file upload
If the contract is expired relative to the major firmware GA .0 version release date, the following upgrade attempt will be blocked in the GUI System > Firmware & Registration page.
If the contract expiry date is earlier than the release date for the GA .0 version of a higher major, minor, or patch version of firmware that is being uploaded, then the upgrade is denied and an error is displayed.
Upgrading firmware in the GUI through FortiGuard
Until the support contract is renewed, FortiGuard upgrades will be unavailable, namely, the Confirm and Backup Config button will be grayed out. However, you will be able to view the FortiGate firmware images available on FortiGuard using Latest, All Upgrades, and All Downgrades tabs and this functionality will be restored upon support contract renewal.
Upgrading firmware in the CLI
The following example demonstrates what occurs when upgrading the firmware to a patch build and to a higher version with a license expiry date that is earlier than the major GA .0 version release date in the CLI. The major upgrade attempts and fails to upgrade the firmware from FortiOS 7.4.0 to 7.6.3.
This behavior is also observed for minor and patch upgrades with a license expiry date that is earlier than the major GA .0 version release date of the minor or patch firmware targeted for the upgrade.
To upgrade the firmware to a higher major version:
-
Confirm the current firmware version:
# get system status Version: FortiGate-301E v7.4.0,build2303,230307 (interim)
-
Upgrade the firmware:
# execute restore image tftp v763-B1505-GA-F_B234847_FGT_301E.out 172.16.200.55 ...... Firmware update licence is expired! Please update to a valid licence. Command fail. Return code -180
If your firmware support contract has expired, please contact your Fortinet Sales/Partner for details on renewing it. |