Updating your FortiGate’s firmware

In this example, you will update your FortiGate to use the latest version of FortiOS, so that you can use the latest FortiOS features.

In this recipe, a FortiGate is updated from FortiOS 5.2.5 to 5.4.0. This upgrade path is supported, as shown in the Supported Upgrade Paths – FortiOS.

Find this recipe for other FortiOS versions
5.2 | 5.4

1. Checking the current FortiOS firmware

Go to the Dashboard (in FortiOS 5.2, System > Dashboard > Status) and view the System Information dashboard widget. The Firmware Version section shows the firmware that is currently installed and if a new version is available.

 

2. Reviewing the Release Notes

If a new version is available, select View Release Notes to access the Release Notes for that version. Review the release notes to determine if you want to upgrade to this version.

Pay extra attention to the Upgrade Information section, to find out if you can upgrade directly from your current firmware to the latest version. You should also check the Supported Upgrade Paths document, found at the Fortinet Documentation Library.

 

3. Updating to the latest firmware

If you wish to upgrade to the latest FortiOS version, select Update.

Under Available Firmware, select the Recommended tab, then select Backup Config and Upgrade.

If the firmware version you wish to upgrade to is not shown in this tab, it may be listed under All Available.

 

 

Firmware can also be downloaded directly from Fortinet Support, then uploaded manually to your FortiGate.

4. Results

The FortiGate unit uploads the firmware image file, updates to the new firmware version, restarts, and displays the FortiGate login. This process takes a few minutes. You might see a message to check the disk or filesystem; this is normal.

You may have to refresh your browser to see the FortiGate login.

Go to Dashboard. In the System Information dashboard widget, the Firmware Version will show the updated version of FortiOS.

 

For further reading, check out Firmware in the FortiOS 5.4 Handbook.

Victoria Martin

Victoria Martin

Technical Writer & Head Cookbook Chef at Fortinet
Victoria Martin works in Ottawa as part of the FortiOS technical documentation team. She graduated with a Bachelor's degree from Mount Allison University, after which she attended Humber College's book publishing program, followed by the more practical technical writing program at Algonquin College. She does need glasses but also likes wearing them, since glasses make you look smarter.
Victoria Martin

Latest posts by Victoria Martin (see all)

Share this recipe:

Facebooktwittergoogle_pluslinkedin
When a new FortiOS version is released, it may not be listed on your FortiGate right away. If this occurs, go to https://support.fortinet.com to download the firmware, then use Upload Firmware to upgrade your FortiGate.

Leave a comment:

Before commenting, please read the site's comment policy. Only questions related to documentation will be answered. For other concerns, please contact Fortinet support.

  • Jack

    My fortigate 90D (firmware 5.4.0) not show updated button. Please help me how to show it

    • Victoria Martin

      Hello Jack,

      With a new release, such as FortiOS 5.4.1, the Upgrade button is not available right away. However you can still download the firmware from Fortinet Support and use the Upload Firmware button to upgrade your FortiGate.

      I will add a note to the recipe about this potential issue. Thank you for your comment.

  • John

    My Fortinet 60D is currently running version 5.2.2. It says there is a update available to version 5.2.10. The upgrade path documant says I should go from 5.2.2 -> 5.2.3 -> 5.2.5 -> 5.2.7 -> 5.2.9-> 5.2.10. If I were to click on Backup Config and Upgrade, will it perform the intermediate update steps in the recommended upgrade path or will it jump right to v.5.2.10? If it jumps right to 5.2.10, what are the implications to my configuration file?

    • Bruce Davis

      As is mentioned in the upgrade path document, the upgrade path is based on a couple of things:
      1. The Release Notes of the firmware that come out when the firmware is made public.
      2. Information and issues that arise as the firmware gets supported in real world situations.
      The QA department does not have the time or resources to test all of the possible permutations possible in an upgrade, so they test for upgrades going back a reasonable number of builds in the same version and often a few in the previous version. Sometimes the limit of an upgrade hope is determined by the fact that testing shows the upgrade has negative consequences, sometimes its because going back further is outside of their testing range. Considering how often new features are added and how fast technology changes in IT, the first of those two scenarios is more likely than the second. I realize that there is software that supports upgrades from legacy versions going back a long way but that requires a lot of coding and leads to bloat.
      Additional limitations sometimes appear through the life of the firmware and these are added to the upgrade path. This means that the upgrade paths can sometimes be more conservative than even the Release Notes but they are also safer.
      As to your specific question, I didn’t know with absolute certainty if it performed intermediate steps or not, so I tested it. It went directly from 5.2.2 to 5.2.10 in one step.
      The implications are this:
      Part of each upgrade process to a new firmware is to make changes to the configuration file from the existing syntax to one that is compatible with the new firmware. These changes can only work for syntax the firmware expects to see. Therefore only for supported upgrade path versions of the firmware will be properly upgraded.
      Skipping a number of intermediate steps may leave content in the configuration file that isn’t properly recognized by the new firmware. This probability goes up with the complexity of the configuration.
      If you do save the configuration file, you can always go back to 5.2.2, install that configuration file and start over.
      Recommendation: If there is a conflict between the automated recommendation in the dashboard widget and the upgrade path document, use the upgrade path document.