Even with careful planning, things can go wrong. This is why a robust rollback plan is non-negotiable.
Resolving known issues in previous firmware versions. 3. How to Upgrade FortiGate Firmware
If this returns text, your configuration has errors that need manual CLI remediation.
The cluster synchronizes back to its normal operating state. fortigate firmware
Recently transitioned to Mature (starting with 7.6.5); recommended for production on E, F, and G models. Feature/Stable
If you manage multiple FortiGates, FortiManager provides staged upgrade workflows, pre-upgrade configuration checks, and rollback capabilities that are far safer than manual upgrades.
Directly jumping to the latest version can sometimes lead to configuration issues. Instead, follow these steps: Even with careful planning, things can go wrong
This is preferred for remote upgrades or if the GUI is unavailable. Transfer the firmware file via TFTP/FTP to the FortiGate.
+-------------------------------------------------+ | FortiOS User Interface & Management | | (Web GUI, CLI, FortiManager) | +-------------------------------------------------+ | v +-------------------------------------------------+ | FortiOS Core Security Kernel | | (Routing, UTM Engines, Session States) | +-------------------------------------------------+ | +------------------+------------------+ | | v v +-----------------------+ +-----------------------+ | CPUs (General Tasks) | | SPUs (ASIC Offloading)| | Management, Logging | | NP & CP Accelerators | +-----------------------+ +-----------------------+
to see if you need "interim" versions (e.g., upgrading to 6.4.x before moving to 7.0.x). The "Run Image" Trick Recently transitioned to Mature (starting with 7
For organizations managing dozens or hundreds of FortiGates, FortiManager is the only way to go. This central management platform allows you to schedule upgrades, push images to devices in bulk, and enforce upgrade policies across your entire estate. It's a force multiplier for large-scale deployments.
Furthermore, older vulnerabilities such as and heap buffer overflows (CVE-2022-42475, CVE-2023-27997) remain persistent threats, with many devices still vulnerable months after patches were released. Running outdated firmware leaves your network open to these exploits, making a disciplined upgrade schedule essential.