Maybe you have read in the “New Features” Guide for 7.4 about this new feature: “Prevent FortiGates with an expired support contract from upgrading to a major or minor firmware release”. Here it is explained that you cannot upgrade your Fortigate to a higher major or minor version (eg. upgrading from 7.4 to 8.0 or 7.6) with an expired support contract, while upgrading to a higher patch build (e.g 7.4.1 to 7.4.2) is still possible.
In principle, this is absolutely legitimate on Fortinets part. The development of the firmware is not free of charge and must be financed.
But the behavior you will get with 7.4.2 goes far beyond that: a Fortigate with 7.4.2 and without an active support contract can no longer be downgraded to any previous version. This means that not only is the upgrade to a minor or major version prevented, but also the downgrade. Even worse – the downgrade to an earlier patch build (e.g. 7.4.2 to 7.4.1) is also not possible!
We have tested the downgrade via WebUI (System –> Firmware & Registration) and CLI (exec restore image …) – it does not work either way. The only possibility to get to an earlier version is to boot from the secondary partition
# exec set-next-reboot secondary # exec reboot
or to format the boot device and upload a new firmware image via TFTP.
Update – 8. Feb. 2024: Additionally a Fortigate with 7.4.2 and no active support contract cannot be upgraded within a minor release. This means that an update to 7.4.3 is also not possible.
Hello,
I did as you suggested.
FG60F 7.4.2, update licence expired
I created backup at 7.4.2, I booted 7.4.1 at secondary partition, I upgraded to 7.4.4, I restored config from 7.4.2
Now I have current fw, current config (on secondary boot partition is still 7.4.1)
m
Hello,
if you have primary on 7.4.1 (FW-build2463-230830)
exec set-next-reboot primary
make update
update will be again in secondary