How to patch FortiGate (FortiOS)
Fortinet · Network / Security · 6 steps · Fortinet FortiOS security status → · updated June 2026
FortiGate firewalls run FortiOS, and upgrades usually require following a supported upgrade path — you often cannot jump straight to the newest release. Always back up the config first, because a firewall is a single point of failure.
Fortinet FortiOS has 18 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent.
Check your current version first
Before you patch, record what you're running (FortiGate CLI):
get system statusOr paste your version into the checker for an instant verdict.
Step by step
Run get system status (or System → Firmware in the GUI) to record your model and FortiOS version/build.
FortiOS frequently requires stepping through intermediate versions. Use the Fortinet Upgrade Path tool to map the exact sequence — do not skip major versions.
Save a full config backup (System → Configuration → Backup, or execute backup config). If anything goes wrong you can restore in minutes.
Get the firmware image matching your specific model from the Fortinet Support portal — images are model-specific.
Upload via System → Firmware (GUI) or execute restore image (CLI). The unit reboots automatically. Follow the planned path one hop at a time.
Confirm the new version with get system status, then verify policies, VPNs and connectivity still work.
- Never skip the supported upgrade path — jumping versions can corrupt the config.
- Schedule a window: the firewall reboots during the upgrade and drops traffic briefly.
Official sources
- Advisory: Fortinet PSIRT advisories ↗
- Download: Fortinet Support portal ↗
Don't patch blind. Fortinet FortiOS has 18 actively-exploited vulnerabilities on the CISA KEV list — patching is urgent. See exactly which versions are safe and what you're exposed to.
Fortinet FortiOS security status →Stay ahead of the next one
- Fortinet FortiOS security status & health score — score, open CVEs and safe version.
- Fortinet FortiOS vulnerabilities — the full CVE list and what's exploited.
- Fortinet FortiOS end-of-life dates — don't run a release that's stopped getting fixes.
- Monitor Fortinet FortiOS — get an email alert the moment a new exploited vulnerability lands.
Frequently asked questions
What is the latest version of Fortinet FortiOS?
Check the current supported Fortinet FortiOS release on its product page or the official vendor advisory, then patch to it.
How do I check which version of Fortinet FortiOS I am running?
Use: get system status (FortiGate CLI). Record the result before and after patching to confirm the update applied.
Is Fortinet FortiOS being actively exploited right now?
Yes — 18 Fortinet FortiOS vulnerabilities are on the CISA Known Exploited Vulnerabilities (KEV) list, so attackers are using them in the wild. Patch promptly. See the exploitation radar.
How do I patch Fortinet FortiOS safely without breaking production?
Always test in a non-production environment first, take a backup or snapshot, follow the official vendor advisory, and have a tested rollback. Patch one node at a time for clustered or high-availability setups.
Patch steps are general, well-established guidance for Fortinet FortiOS — always test in a non-production environment first and follow the official Fortinet advisory for your exact version. IsItPatched is independent and not affiliated with Fortinet; this is not a substitute for vendor documentation. See our disclaimer.