Home

How to Safely Upgrade FortiManager Firmware (v7.4.x to v7.6.x)

.

In the rapidly evolving landscape of cybersecurity, maintaining the backbone of your network management is paramount. Upgrading your FortiManager firmware is not just about accessing new features—it is a critical step in ensuring system stability, security compliance, and seamless orchestration of your Fortinet Security Fabric.

This guide synthesizes the latest technical documentation for FortiManager versions 7.6.5, 7.4.7, and 7.4.6, providing a professional roadmap for administrators to execute a seamless transition.

1. The Pre-Upgrade Phase: Planning for Success

Before clicking the "Upgrade" button, technical preparation is the difference between a smooth transition and extended downtime. Several "Golden Rules" apply.

Review Release Notes and Compatibility

Every version has unique dependencies. Always check the FortiManager Release Notes for:

  • Upgrade Paths: Verify if your current version can jump directly to the target version or if an interim step is required.
  • Supported Models: Ensure your hardware or VM instance supports the new firmware.
  • FortiOS Compatibility: FortiManager should typically be upgraded before the managed FortiGate units to ensure it can parse new FortiOS syntax.

Perform a System Health Check

  • Install Pending Configurations: Ensure all device settings are synchronized before starting.
  • Check Databases: Run integrity checks on the FortiManager databases to prevent corruption during the migration.
  • Review Resource Usage: Ensure there is sufficient disk space and CPU overhead for the upgrade process, which often triggers an SQL database rebuild.

The Ultimate Safety Net: Backups

Never upgrade without a fresh backup.

  • Configuration Backup: Export the system configuration.
  • VM Snapshots: If running a virtual machine, take a snapshot.
  • FortiGuard Packages: Back up any locally stored FortiGuard update packages.

2. Step-by-Step: Executing the Firmware Upgrade

FortiManager offers two primary methods for upgrading via the Graphical User Interface (GUI), as detailed in the 7.6.5 Administration Guide.

Method A: Upgrading via FortiGuard (Recommended)

This is the most straightforward method for internet-connected units.

  1. Navigate to the System Information widget on the dashboard.
  2. Locate the Firmware Version field and click the Upgrade Firmware icon.
  3. Select the FortiGuard Firmware list.
  4. Look for the version with the green checkmark—this indicates the recommended stable path.
  5. Click OK. The system will download the image, install it, and reboot automatically.

Method B: Manual Image Upload

Ideal for air-gapped environments or specific build requirements.

  1. Download the .out firmware file from the Fortinet Customer Service & Support portal.
  2. In the FortiManager Firmware Version widget, select Upload.
  3. Browse to your local file and click OK.
  4. Pro Tip: For faster uploads and to avoid timeouts, ensure the workstation you are using is in the same physical or network location as the FortiManager unit.

3. High Availability (HA) Considerations

For organizations running FortiManager in an HA cluster, the sequence is vital for maintaining redundancy:

  • Secondary First: Always upgrade the Secondary (Slave) units first.
  • Primary Last: Once the secondaries are back online and synchronized, upgrade the Primary (Master) unit. This ensures that at least one unit is always available to manage the network.

4. Post-Upgrade: Validation and Next Steps

Once the reboot is complete and you have logged back in, the work isn't quite finished.

Verify Database Integrity

A common side effect of upgrading (especially to 7.6.x) is an SQL database rebuild. While this happens in the background, existing logs might be temporarily unavailable. Check the Event Log to monitor the progress of the rebuild.

Sequence of Managed Device Updates

After FortiManager is stable, follow this order to bring the rest of your environment up to date:

  1. Update firmware for managed FortiGate devices.
  2. Upgrade ADOM (Administrative Domain) versions to match the new firmware capabilities.
  3. Update the Global ADOM version.

Frequently Asked Questions (FAQ)

Q1: Can I downgrade my FortiManager if the upgrade fails?

While possible, downgrading is generally not recommended as it may result in data loss or configuration conflicts. It is always better to restore from a backup/snapshot taken prior to the upgrade.

Q2: Why are my logs missing after the upgrade to 7.6.5?

This is likely due to the SQL database rebuild process. During this time, new logs are inserted and visible, but historical logs are hidden until the indexing is complete.

Q3: How long does the upgrade process take?

The firmware installation and reboot usually take 5–10 minutes. However, the subsequent database rebuild can take anywhere from a few minutes to several hours, depending on the volume of log data.

Q4: Should I upgrade FortiManager or FortiGate first?

Always upgrade FortiManager first. This allows the manager to recognize and support any new CLI syntax or features introduced in the newer FortiOS version.

Q5: What is the maximum password length for the backup encryption?

According to Fortinet documentation, the encryption password for configuration backups can be a maximum of 63 characters.

FortiManager Upgrade Guide, FortiManager 7.6.5 Firmware, Fortinet Firmware Best Practices, FortiManager HA Upgrade, FortiManager SQL Database Rebuild.