Performing A Firmware Downgrade – FortiOS 5.2 Best Practices
Just like upgrading, you need to make sure it’s done properly. While similar, the steps are somewhat different since there are other pitfalls in this case.
1. Locate pre-upgrade configuration file.
Step 1 is very important. This is why, when you upgrade you make a backup of your old configuration and save it. If you don’t, then you’ll need to rebuild manually.
2. Have copy of old firmware available.
Step 2 is fairly obvious. Even with devices that have multiple partitions and your downgrade process is simply going to be to switch the active partition, this could go wrong. In which case, you may be without Internet access. A professional has a plan for when things go wrong.
3. Have disaster recovery option on standby — especially if remote.
Step 3 is no different from before. Hopefully you don’t need to format the unit, but be prepared for that, just in case.
4. Read the release notes — is a downgrade possible, or necessary?
Step 4, once again, is to READ THE RELEASE NOTES. In this case, you will need to do this for the version you are on, and the version you are downgrading too, and everything in between (if you are going back multiple major releases or patches). Maybe the OS switched from 32 to 64 bits somewhere between the two firmware releases. In order to make sure you don’t get nailed by something like that you need to check the upgrade and downgrade information in every major release and patch, as it may have a direct impact on your options.
5. Double check everything.
6. Downgrade — all settings, except those needed for access, are lost.
Step 5 and 6 are the same as before. Double check everything, then downgrade.
7. Restore pre-upgrade configuration.
Step 7 is new. Obviously most settings are lost when you downgrade so in order to get back up and running you will need to restore your old configuration file
Having trouble configuring your Fortinet hardware or have some questions you need answered? Check Out The Fortinet Guru Youtube Channel! Want someone else to deal with it for you? Get some consulting from Fortinet GURU!
Don't Forget To visit the YouTube Channel for the latest Fortinet Training Videos and Question / Answer sessions!
- FortinetGuru YouTube Channel
- FortiSwitch Training Videos
Cybersecurity Videos and Training Available Via: Office of The CISO Security Training Videos
Leave a Reply