106 Fortinet Inc.
Changing the FortiGate firmware System status
If you are reverting to a previous FortiOS version (for example, reverting from FortiOS
v2.50 to FortiOS v2.36) you might not be able to restore your previous configuration
from the backup configuration file.
To use the following procedure you must have a TFTP server that the FortiGate unit
can connect to.
To revert to a previous firmware version using the CLI
1 Make sure that the TFTP server is running.
2 Copy the new firmware image file to the root directory of the TFTP server.
3 Log into the FortiGate CLI as the admin administrative user.
4 Make sure the FortiGate unit can connect to the TFTP server.
You can use the following command to ping the computer running the TFTP server.
For example, if the TFTP server's IP address is 192.168.1.168:
execute ping 192.168.1.168
5 Enter the following command to copy the firmware image from the TFTP server to the
FortiGate unit:
execute restore image <name_str> <tftp_ip>
Where <name_str> is the name of the firmware image file on the TFTP server and
<tftp_ip> is the IP address of the TFTP server. For example, if the firmware image
file name is FGT_300-v250-build045-FORTINET.out and the IP address of the
TFTP server is 192.168.1.168, enter:
execute restore image FGT_300-v250-build045-FORTINET.out
192.168.1.168
The FortiGate unit uploads the firmware image file. After the file uploads, a message
similar to the following is displayed:
Get image from tftp server OK.
This operation will downgrade the current firmware version!
Do you want to continue? (y/n)
6 Type Y.
7 The FortiGate unit reverts to the old firmware version, resets the configuration to
factory defaults, and restarts. This process takes a few minutes.
8 Reconnect to the CLI.
For information about logging into the CLI when the FortiGate unit is set to factory
defaults, see “Connecting to the Command Line Interface (CLI)” on page 47.
9 To confirm that the new firmware image has been loaded, enter:
get system status
10 Restore your previous configuration. Use the following command:
execute restore config
Note: Installing firmware replaces the current antivirus and attack definitions with the definitions
included with the firmware release that you are installing. After you install new firmware, use the
procedure “Manually initiating antivirus and attack definitions updates” on page 125 to make
sure that antivirus and attack definitions are up to date. You can also use the CLI command iexecut up atescnt r y-6.(p ates)6(now]TJ/TT4 1 Tf2 0 0 9 136.00660 6436 0 00.00167Tc00.0012 Tw[(s)-6.7(tho)-6.7(tp at-5.45(e)-5.85 th))-5.85 tnirus aattaitio