Supported Upgrade Paths – FortiOS

Upgrading to 5.0

This table shows the upgrade path from earlier versions of the supported firmware to the latest version of FortiOS 5.0.

To make it easier to find the correct row for your upgrade, enter the current firmware version running on your FortiGate in the Search field. Only rows with the contents of the Search field will be shown.

Supported Upgrade Path to Latest FortiOS version 5.0

Starting VersionBuild #              
5.0.14323Latest Build

  • Fima Vaisman

    I have a new FortiGate 60E with FortiOS 5.4.1 build #5577. I want to upgrade it to FortiOS 5.6. Most other routers you download the image from the support site and install. Fortinet has made a simple process difficult to understand – can you point to the location where the image files are and to a step by step process to update. When I click update on the router, it says “System Software is Up to Date” which is clearly not true.

  • Ismael Rivera

    I’m trying to get the proper supported upgrade path for a FortiAnalyzer 100c. The link provided in this doc asked for my support login, yet when I put my credentials it does not work. Upgrade paths for firmware older than 5.0.5 is poorly documented, and not as easily found as the upgrade paths for Fortigate FortiOS. How can I obtain the upgrade path, starting from v4.0mr3patch 8 build 719?

    • Bruce Davis

      Currently, the upgrade information for FortiAnalyzer not in the FAZ upgrade path can be found in the Release Notes, so if you’re trying to find the most efficient sequence to for upgrading from all the version variations to the current version it can take a little bit if researching. I can get you started though.

      I did some research and here’s what I found, in the order that I found it starting at 4.3.8 and working my way forward:
      – 5.0.1 can be upgraded to from 4.3.5 or later
      – FortiAnalyzer v5.0 Patch Release 2 build 0151 officially supports upgrade from FortiAnalyzer
      v5.0 Patch Release 1.
      – Upon upgrading to FortiAnalyzer v5.0 Patch Release 1, your v4.0 MR3 logs are automatically
      converted and inserted into the SQL database. An icon appears at the top right corner after
      login to the Web-based Manager next to the logout and help buttons. This pops-up a small
      window displaying the progress.
      – Upon upgrading from FortiAnalyzer v4.0 MR3 the Web-based Manager incorrectly reports that
      the device is downgrading the firmware version. If you upgrade the firmware version from the
      CLI using the execute restore all-settings CLI command, the message is correct.

      So it looks like from 4.3.8, your next version is 5.0.1.
      5.0.3 is upgradable from 5.0.1
      5.0.4 is upgradable only from 5.0.3

      Then seemingly paradoxically,
      5.0.6 is upgradable from 4.3.7 or later. This probably has to do with the dates of release and parallel development as oppose to just straight version number sequences.
      This should put you in the realm of version where you were able to find so documentation already prepared. I do recommend reading the Release Notes for 5.0.6 carefully as it pertains to your specific situation as there appear to be a few warnings about the upgrade process.

      I hope this helps.

  • Harry

    please my version is 4.0 MR3 I didnt find it in the list, what should be my upgrade path

    • bdickie

      You can contact support or use the release notes (available from the support site) to determine the optimal upgrade path.

  • 廖威誌

    Hi We have an old device 80C need to upgrade
    now, it using version was 4.3.11
    so if i want to upgrade to 5.2.9
    my path was 4.3.11 >> 4.3.19 >> 5.0.0 >> 5.0.2 >> 5.0.3 >> 5.0.4 >> 5.0.7 >> 5.0.9 >> 5.0.11 >> 5.0.14 >> 5.2.10 ???

    if i don’t want to keep my old config.
    can I using TFTP to install 5.2.10 with format boot device ?


    • bdickie

      Yes, you can use TFTP to install 5.2.10. The only reason to follow the upgrade path is to keep your configuration.

  • Ismael Rivera

    Hope someone can clear something up for me.

    So according to the supported upgrade path that I have for my Fortigate 300C, I have to use the following:
    5.0.3 208 >> 5.0.4 >> 5.0.7 >> 5.0.9 >> 5.0.11 >> 5.0.14

    Does that mean, I have to upgrade to each step one at a time? Meaning If I’m on 5.0.3, and want 5.0.14, I can’t just perform one firmware upgrade (5.0.3 to 5.0.14)?

    Thanks in advance,

    • Victoria Martin

      Hello Ismael,

      You are correct, that is the supported upgrade path to go from 5.0.3 to 5.0.14. This path is recommended in order to make sure your existing configuration isn’t lost during the upgrade process, which could occur if you went directly from 5.0.3 to 5.0.14.

      • Ismael Rivera


        That was a quick response, thank you so much Victoria!


  • Matheus Mumbala

    Ive fortinet 60c with firmware v5.0 build292.
    I’ve just recently started @ this firm and they did not have an IT personel for like 2.5 years.
    Now i want to upgrade this device firmware and its not giving me any option to upgrade.
    If i do click on update it takes me to a page where i can only update from my hard disk..

    Please assist.. been going a lil nuts all day…

  • JimmyJ

    These aren’t entirely valid? Upgrade for example for 5.2.4 to 5.4.4 above shows 3 step upgrade, whereas this PDF, page 10, shows direct upgrade is supported:

    • Altare

      That document is for 5.4.0, not 5.4.4. Also this resource shows the safest path to take, taking in to account HA clusters, which the release notes do not.

  • Victoria Martin

    We have a 5.0 recipe about site-to-site IPsec that you may find helpful, if you want to keep using that version of the firmware:

    • olo

      ok i’ll try.
      Thank u victoria.

  • Olo

    Hello, i have FG 60D with 5.00-build228 (GA Patch 4).
    Which table should i use?

    This is my first time and the only IT support man,i worry if fail or any config not compatible or everything not work well.
    how to prevent that?

    Is it possible to downgrade firmware after FG upgraded?
    Thanks,sorry for bad english.

    • Victoria Martin

      Hello Olo,

      Since you are currently using 5.0.4, you need to use the table for 5.0. Also, while it is possible to downgrade the firmware, doing this is not supported by Fortinet.

  • Huerta

    someone can tell me what version has the build 4234?? I need to upgrade a fortigate 100D v5.0.X that has that build

    • Victoria Martin

      Hi Huerta,

      That number is not one of the standard build numbers for FortiOS 5.0, so I would suggest contacting Support to find out more information about which build you should be using.

  • ARL67

    I have several 60CM on 5.2.10 build742. I don’t see a specific 5.4.4 firmware image in the download section for the 60CM. I see only images for 60D & 60E. Can I use any of these ?

  • Monica

    I am using Fortigate 60D – Firmware 5.2.7 (build 718)…should I download the firmware outlined in my upgrade path 5.27 >> 5.2.9 >> 5.2.10 manually then upgrade to 5.2.9 and the 5.2.10?

    • Victoria Martin

      Yes, it is recommended to follow that upgrade path.

  • ScottS

    I have several 30D firewalls still in the box that I need to configure. These have never been configured. They are at firmware 5.0.9. since there is not a configuration on it can I put the latest 5.4.4 firmware on it? Since there is no configuration issues to worry about is that allowable or do I still need to do all of the steps outlined by the upgrade path?

    • bdickie

      Yes you can go ahead and install the latest firmware without following the upgrade path. The upgrade path is only meant to make sure you don’t loose your own configuration changes during an upgrade.

      • ScottS

        Perfect. That will save me a tone of time.

        • premar

          I would recommend to factory reset the firewalls after the update. Sometimes you migrate faulty default settings.

  • Maicon Pereira

    Hello, regard my environment I need downgrade my currently version v5.2.3,build670 to 5.0.12 after that I will go follow upgrade step by step as you tip. so I wonder it’s possible use the same file configuration through that steps ?

    • Bruce Davis

      There are a few reasons why down grading is looked at with some trepidation. The amount of pitfalls increases proportionally with the complexity of the configuration. The most important thing to take into account is that the configuration file is firmware version specific. It does not play well with versions of the firmware that it was not written for. Right off the bat, you cannot use a configuration file from 5.2.3 on a unit running 5.0.12.
      I might be going out on a limb here but if you are downgrading and then upgrading to the same firmware version, I have to make an educated guess that something is not working properly, possibly because somewhere along the upgrade process something was missed or broken. Chances are the issue may not be with the firmware you are running, but with something in the configuration file.
      The configuration file is essentially a number of CLI commands to the firmware that are run each time the unit is powered on. If there is a syntax error in those commands, the firmware may not behave as intended.
      During an upgrade there is a background process that takes the existing configuration file and changes any commands and settings to comply with the syntax of the new firmware. Skipping an firmware version that should have been part of the upgrade path means that the syntax of one or more commands didn’t get updated to work with the current firmware. This means that even if you downgrade to 5.0.12 with a factory reset, when you go through the supported upgrade path to 5.2.3, which the current config file is from, it may not be advisable to install that configuration file. You could end up with the same issue.
      The bad news is that you may need to rebuild your configuration from the ground up. The good news is that you may not have to down grade and upgrade. You can start with the firmware you have installed now. Depending on the issue, you might be able to get away with a simple factory reset, which will give you a brand new configuration file, and then just start customizing your configuration.
      If you are comfortable in the CLI, you could use some techniques found in the SysAdmin Note to cut and paste portions of the existing configuration file into the new one. At some point you are likely to come across an error as the it determines that the syntax is somehow wrong and then you will have to set up that portion of the configuration from scratch.
      Sorry I couldn’t give you happier news.

      • Maicon Pereira

        Thank you for your explanation!

  • Fidel

    Hi I want to upgrade my FortiAP 5.0 and I have a v5.0,build0271 (GA Patch 6) 80C, I just want to know up until which version of FortiAP is supported by v5.0,build0271 (GA Patch 6) of the 80C

  • أمين مواتسي

    Hi ,please we have downgrade fortigate from FGT_300C-v5-build0688-FORTINET to FGT_300C-v4 -build0632-FORTINET and we crashed the firmware so please can you help us to upgrade to the current version.

    • Judith Haney

      Hello, I recommend you contact Fortinet Support to walk you through the upgrade. Reading the document at will help you make your time with Fortinet Support more efficient. — kind regards,

      • أمين مواتسي

        hello , judith thanks a lot for answering me , i appreciate , God bless you

        • Judith Haney

          My pleasure. — best regards

  • Luis Danilo Ruiz Tórrez

    Hi, I think this version should be 5.0.12

    Version: FortiGate-240D v5.0,build0318,150514 (GA Patch 12)
    Branch point: 318

    My question is, can i upgrade FG directly into 5.2.9??

    As the tables states,
    5.0.12 318 >> 5.2.9 >> 5.4.3

    After 5.2.9 then again I could upgrade into 5.4.3, is that right?

    • Bruce Davis

      As long as the firmware that you are upgrading to supports the model of FortiGate that you’re going to be running it on, you should be able to upgrade from 5.0.12 to 5.2.9 and then to 5.4.3. This does not mean that you shouldn’t bother reading the Release Notes for the versions that you are upgrading to. The table is a simplified version of what is supported. Depending on your configuration, there may be some changes that go along with the upgrade that you will want to be aware of. These can usually be found in the Release Notes.

  • Biswarup Datta

    Hi, I have upgraded from 5.4.1 to 5.4.2. Received an error “Internet-service versioin(3) is not supported” in time of reboot. What should be the probable reason???

    • Bruce Davis

      I have not experienced or heard of that particular error before. The first thing I would do verify is what generated the error. Was it the FortiGate or were you viewing it through a browser when you saw the error.The second thing to do would be to see if your FortiGate is functioning properly. Was the FortiGate successfully upgraded? Is it properly processing traffic? Once you have this information you could contact the Technical Assistance Center for any troubleshooting or ask them to forward the question to Developement.

  • Mahfud Dahyani

    Hi, we have firmware 4.0 MR1 build 209 Patch8 want to upgrade to ver5.0, what step upgrade paths to do.. thanks. from the document we have to start from :
    4.0 MR1
    209 ► 4.2.15 ► 4.3.11 ► 4.3.18 ► 5.0.12 ► 5.2.5 ► 5.40, we can’t find ver 4.2 and 4.3. can we jump to 5.0 for the upgrade ? thanks

  • Jorge

    How can I find the supported upgrade from 5.0.12 to 5.2.7? I only see the option directly to 5.2.9


    • Judith Haney

      Hi Jorge, Page 11 of the Release Notes for 5.2.7 says that “FortiOS version 5.2.7 officially supports upgrade from version 5.0.12 or later” and that document can be found at this link: — Hope that helps!

      • Jorge

        Hi Judith,
        Does it mean upgrade directly from 5.0.12 to 5.2.7 is supported? Thanks for your quick answer!

        • Judith Haney

          Yes Jorge.

  • Aleksandr

    Need help with searching the correct path.
    My Firmware Version v4.0,build0313,110301 (MR2 Patch 4)
    What numbers should I refer to? (4.2.4 313 >> 4.3.6 >> 4.3.11 >> 4.3.18? does build0313 equals to bild 313 from this table?)

    • bdickie

      Yes MR2 Patch 4 can also be expressed as 4.2.4 and yes 0313 and 313 are the same build. We aren’t planning on researching the optimal upgrade paths from 4.2.4. But once you get to any 4.3 build then any of the upgrade paths in the document should get you to 4.3.18 and beyond.

      • Aleksandr

        ok, thx for quick reply

  • Shagma

    Where is the FORTIAP upgrade path document?