Upgrading Fortigate Fortios version is easy:

Downgrading is not that straightforward. The reason is that major versionreleases (and many times minor) change the configuration commands in some way -remove, add, move location. And when upgrading, the Fortios "upgrades" theconfiguration file as well fixing the differences between releases. E.g. inFortiOS 5.x, and 6.x you configure SD-WAN as config system virtual-wan-link,but in FortiOS 7.x it was replaced with config system sd-wan. When you followthe upgrade path, Fortigate takes care of it automatically. But if you decide todowngrade, it is NOT being done at all. As a consequence, you cannot applyFortiOS 7.2 configuration backup to the FortiOS 6.4 Fortigate. Actually, theFortigate will issue an error if you try to, as the firmware version is in theheader of the config file.

The best way to downgrade and keep the configuration is to save configuration oneach upgrade step - upgraded 6.4.3 → 6.4.9? Back up the configuration. Inthis case, you can freely reset to factory defaults the Fortigate, downgrade toany version you want, say from 7.2 to 6.4.9, then upload the backed upconfiguration of version 6.4.9.

If you didn’t save configuration on the intermediate upgrades, then there is arisk to decide upon. The risk is that downgrading to lower versions, may delete,render not working various parts of the Fortigate configuration. And there is notool to calculate this risk or help with assessing what is going to happen tothe configuration. In my opinion it is safer to manually copy & paste importantconfiguration parts after downgrading the factory-defaulted configuration.

The officially supported way to convert the Fortigate configuration betweendifferent models and firmware versions is FortiConverter. The FortiConvertercomes either as a standalone software paid yearly (expensive), or as a one-timeservice from the Fortinet support.

Follow me on https://www.linkedin.com/in/yurislobodyanyuk/ not to miss what Ipublish on Linkedin, Github, blog, and more.