Supports preventing major and minor version firmware upgrades when support contract expires
Description
This article explains that the GUI prevents major and minor firmware upgrades on FortiGate when the support contract has expired. Devices with an expired support contract cannot upgrade to higher major or minor versions, but they can still upgrade within the same version to higher patch releases (for example, 7.4.1 to 7.4.3) to receive important security updates.
Scope
FortiGate v7.4.0, v7.4.1
Solution
The status of the FortiGate support contract can be checked in the Licenses widget under Dashboard → Status.
1. OS upgrade from 7.4.1 to 7.6.0: FortiGate FortiGuard upgrades will not be available until the support contract is renewed.
2. OS upgrade from 7.4.1 to 7.4.3: The FortiGate firmware can be upgraded to a higher patch release to apply important security updates. In this example, a firmware image file is uploaded to upgrade from 7.4.1 to 7.4.3. Since it is a patch-level upgrade, the file is accepted and the upgrade process can continue.
3. OS downgrade from 7.4.1 to 7.2.4: The FortiGate firmware can be downgraded to lower major and minor versions. In this example, a firmware image file is uploaded to downgrade from 7.4.1 to 7.2.4. Since it is a lower version, the file is accepted and the downgrade process can proceed.
This behavior has been improved in version 7.4.2 on FortiGate. Firmware license enforcement is now based on the license expiry date compared to the first GA release date of a major version. If the support contract is expired before the first GA release date of a major version, firmware upgrades between major or minor versions will not be allowed until the contract is renewed.For example, if the firmware license expired on 2022/09/02 and the 7.4.0 GA release date is 2023/05/11, then upgrading from 7.4.5 to 7.4.6 will not be permitted, even though it is only a minor upgrade, until the support contract is renewed.