通过 FortiGuard 升级
2025/10/29大约 4 分钟
通过 FortiGuard 升级
功能介绍
FortiGate 可以通过execute restore image management-station <version_name>命令在线下载版本并升级,该功能有以下特点:
- 相比较通过 Web 方式在线升级,可以看到固件的下载进度,更直观。
- 适用于暂时无法登录 FortiCloud 下载固件版本文件进行离线升级。
- FortiGate 需要可以通过 Internet 访问 FortiGuard。
- FortiGate 需要有 Firmware & General Updates License。
- 使用该方法升级同样支持 HA 不间断升级。
重要
- 升级前,务必做好配置备份,参考 系统管理 → 固件与配置管理 → 配置管理 → 配置备份及恢复。
- 升级固件必须遵循升级路径,参考 系统管理 → 固件与配置管理 → 固件版本管理 → 升级路径,前往 https://docs.fortinet.com/upgrade-tool 查询升级路径,否则可能造成配置丢失。
升级要点
重要
升级固件必须遵循升级路径,参考 系统管理 → 固件与配置管理 → 固件版本管理 → 升级路径,前往 https://docs.fortinet.com/upgrade-tool 查询升级路径,否则可能造成配置丢失。
升级前建议准备配置线,以防在升级失败后能及时处理。
升级过程中请不要断电或重启设备,升级过程一般在 5 分钟以内完成。
版本下载后设备将自动重启,重启才能生效。
升级步骤
举例:FortiGate-VM,7.0.17 GA 版本,需要升级至 7.4.7 版本,查询升级路径为 7.0.17 → 7.2.11 → 7.4.7。
登入 FortiGate 的 CLI 界面,输入命令
execute restore image management-station ?(最后输入?)。FortiGate-VM # execute restore image management-station ? Image-ID Version 07006000FIMG0013706003 v7.06 MR6-GA-F P3 b3510 (upgrade) 07006000FIMG0013706002 v7.06 MR6-GA-F P2 b3462 (upgrade) 07006000FIMG0013706001 v7.06 MR6-GA-F P1 b3457 (upgrade) 07006000FIMG0013706000 v7.06 MR6-GA-F b3401 (upgrade) 07004000FIMG0013704007 v7.04 MR4-GA-M P7 b2731 (upgrade) 07004000FIMG0013704006 v7.04 MR4-GA-M P6 b2726 (upgrade) 07004000FIMG0013704005 v7.04 MR4-GA-M P5 b2702 (upgrade) 07004000FIMG0013704004 v7.04 MR4-GA-F P4 b2662 (upgrade) 07004000FIMG0013704003 v7.04 MR4-GA-F P3 b2573 (upgrade) 07004000FIMG0013704002 v7.04 MR4-GA-F P2 b2571 (upgrade) 07004000FIMG0013704001 v7.04 MR4-GA-F P1 b2463 (upgrade) 07004000FIMG0013704000 v7.04 MR4-GA-F b2360 (upgrade) 07002000FIMG0013702011 v7.02 MR2-GA-M P11 b1740 (upgrade) 07002000FIMG0013702010 v7.02 MR2-GA-M P10 b1706 (upgrade) 07002000FIMG0013702009 v7.02 MR2-GA-M P9 b1688 (upgrade) 07002000FIMG0013702008 v7.02 MR2-GA-M P8 b1639 (upgrade) 07002000FIMG0013702007 v7.02 MR2-GA-M P7 b1577 (upgrade) 07002000FIMG0013702006 v7.02 MR2-GA-F P6 b1575 (upgrade) 07002000FIMG0013702005 v7.02 MR2-GA-F P5 b1517 (upgrade) 07002000FIMG0013702004 v7.02 MR2-GA-F P4 b1396 (upgrade) 07002000FIMG0013702003 v7.02 MR2-GA-F P3 b1262 (upgrade) 07002000FIMG0013702002 v7.02 MR2-GA-F P2 b1255 (upgrade) 07000000FIMG0013700016 v7.00 GA-M P16 b0667 (downgrade) 07000000FIMG0013700015 v7.00 GA-M P15 b0632 (downgrade) 07000000FIMG0013700014 v7.00 GA-M P14 b0601 (downgrade) 07000000FIMG0013700013 v7.00 GA-M P13 b0566 (downgrade) 07000000FIMG0013700012 v7.00 GA-M P12 b0523 (downgrade) 07000000FIMG0013700011 v7.00 GA-M P11 b0489 (downgrade) 07000000FIMG0013700010 v7.00 GA-M P10 b0450 (downgrade) 07000000FIMG0013700009 v7.00 GA-M P9 b0444 (downgrade) 07000000FIMG0013700008 v7.00 GA-F P8 b0418 (downgrade) 07000000FIMG0013700007 v7.00 GA-F P7 b0367 (downgrade) 06004000FIMG0013704016 v6.04 MR4-GA-M P16 b2098 (downgrade) ......输出信息中可以看到该设备型号可以升级/降级的所有固件版本,其中“Version”列可以标识具体的版本号,如
v7.04 MR4-GA-M P7 b2731表示 7.4.7,对应的“Image-ID”为07004000FIMG0013704007,v7.02 MR2-GA-M P11 b1740 (upgrade)表示 7.2.11,对应的“Image-ID”为07002000FIMG0013702011。重要
v7.02:表示版本 7.2。MR2-GA-F:F 表示功能版本,M 表示成熟版本。P11:表示 Patch 11(7.2.11)。b1740:表示 build 号。
Image-ID Version 07004000FIMG0013704007 v7.04 MR4-GA-M P7 b2731 (upgrade) 07002000FIMG0013702011 v7.02 MR2-GA-M P11 b1740 (upgrade)首先需要升级到 7.2.11 版本,执行如下 CLI 命令,
07002000FIMG0013702011为 7.2.11 版本的“Image-ID”,如果 FortiGate 可以正常通过 Internet 访问到 FortiGuard,会下载对应的版本并显示下载进度,下载完成后,键入y确认,随后设备将重启并升级至目标系统版本 7.2.11。FortiGate-VM # execute restore image management-station 07002000FIMG0013702011 Please wait... Getting image 07002000FIMG0013702011 from Management station... #################################################################################################### This operation will replace the current firmware version! Do you want to continue? (y/n)y Verifying the signature of the firmware image. Warning: Upgrading to an image with Mature maturity notation. Checking new firmware integrity ... pass Please wait for system to restart.使用相同的方法升级到 7.4.7 版本。
FortiGate-VM # execute restore image management-station 07004000FIMG0013704007 Please wait... Getting image 07004000FIMG0013704007 from Management station... #################################################################################################### This operation will replace the current firmware version! Do you want to continue? (y/n)y Verifying the signature of the firmware image. Image verification OK! Warning: Upgrading to an image with Mature maturity notation. Checking new firmware integrity ... pass Please wait for system to restart.如果升级的目标版本是 F(Feature)类型,会有额外的警告信息,并需要多次确认。
Verifying the signature of the firmware image. Warning: Upgrading to an image with Feature maturity notation. Image file uploaded is marked as a Feature image, are you sure you want to upgrade? Do you want to continue? (y/n)y Please confirm again. Are you sure you want to upgrade using uploaded file? Do you want to continue? (y/n)如果是降级或不按照升级路径升级(不推荐),会有额外的警告信息,并需要多次确认。
Verifying the signature of the firmware image. Warning: Installing image v7.2.11 from v7.4.7 is not a recommended upgrade path. Continuing with the upgrade may result in loss of configuration. Do you want to proceed? Do you want to continue? (y/n)y Warning: Downgrading to an image with Mature maturity notation. Image file uploaded is marked as a Mature image, are you sure you want to downgrade? Do you want to continue? (y/n)y Please confirm again. Are you sure you want to downgrade using uploaded file? Do you want to continue? (y/n)y This operation will downgrade the current firmware version. Do you want to continue? (y/n)