• Matt Sherif

Rollback after code upgrade

Contingency planning, we all do it when we plan firmware, operating system, or application upgrades. The biggest one is "how do we roll back in the event of things going sideways, and we're up against the maintenance window?". In working with a customer, I found an easy way to roll back a FortiGate to the previous code rev and config.

The old way was install old code, factory reset, and apply backed up config. It's easy enough but time consuming. It's still a good idea to take a backup of the config prior to upgrading firmware as a precaution.

First thing you need to do is identify what versions you have on what partitions. Execute the following command for that:

diagnose sys flash list

The output should look like this:

This will give you a list of partitions and their contents. Note the active partition - in this case it's partition 2 - I am running 6.2.1 (Build 0932). I can rollback to 6.0.5 including the last config used on that version. You can do that by issuing the following command:

exec set-next-reboot <partition#>

exec reboot

This will set the next reboot to the partition you specify, and execute a reboot. When the system comes back online it will be running the version on the partition specified along with that config.

Thank you for reading, I hope this was helpful.