2.1.6 Ensure the latest firmware is installed

Information

Check against the Fortinet website to make sure that the latest stable firmware is installed.

Fortinet periodically updates the FortiGate firmware to include new features and resolve important issues. After you have registered your FortiGate unit, firmware updates can be downloaded from the Fortinet Customer Service & Support website.

It is important to constantly keep the firmware up to date to prevent any new well-known exploitation.

NOTE: Nessus has provided the target output to assist in reviewing the benchmark to ensure target compliance.

Solution

First, determine the upgrade path recommended by Fortinet. If you have not upgraded the system for a long time, it is not recommended to upgrade straight to the latest version, as the configuration could be lost. Fortinet provides a tool to recommend an upgrade path for all of its products.

Go to

https://docs.fortinet.com/upgrade-tool

. Choose your product from the "Current Product" drop-down menu, the "current FortiOS version", and the latest firmware version available for that model from "Upgrade to FortiOS Version". Click "Go". Write down the path and then click on "Download" to download all the necessary versions.

The second step is to download the required FortiOS firmware/s. Go to

https://support.fortinet.com

and login. Go to Support -> Firmware Download. Once there, select the product and click on "Upgrade Path". Choose the specific model of the hardware, the current firmware version and the latest firmware version available for that model. Click "Go". Write down the path and then click on "Download" to download all the necessary versions.

The last step is to install the new firmwares in the order provided by the "Upgrade tool". It is recommended to use GUI to perform this task as it would be much easier.

In the GUI

1. Go to System > Fabric Management
2. Right click on device that needs to be upgraded.
3. Then click on "Upgrade". You might have to perform this step multiple times if you follow the upgrade path.

See Also

https://workbench.cisecurity.org/benchmarks/15284

Item Details

Category: SECURITY ASSESSMENT AND AUTHORIZATION, RISK ASSESSMENT

References: 800-53|CA-5, 800-53|RA-1, 800-53|RA-5, CSCv7|2.2, CSCv7|8.2, CSCv7|11.4

Plugin: FortiGate

Control ID: 62b3a89258041f1f57db9cb4d8fd57fd6127ca832847c5ba821ce0c1729fac55