Use the Quick Setup Wizard to Downgrade Fireware OS

You can use the Quick Setup Wizard in WatchGuard System Manager to downgrade the version of Fireware on a Firebox started in recovery mode. When you use the Quick Setup Wizard to configure a device in recovery mode, the Quick Setup Wizard finds the latest version of Fireware OS installed on the management computer and installs that version of Fireware on the device, regardless of the version that is currently installed. The Quick Setup Wizard removes all existing settings, certificates, and feature keys. You can use this procedure to downgrade the version of Fireware on a device if you do not have a saved backup image.

XTM 5 Series and 8 Series devices are manufactured with a version of Fireware that cannot be upgraded directly to Fireware XTM v11.8 or higher. To use recovery mode with these models, you must install Fireware v11.7.x or lower on the management computer before you run the Quick Setup Wizard. The Quick Setup Wizard looks for the latest version of Fireware v11.7.x or lower on the management computer and installs that version on the device. For more information, see About Recovery Mode for XTM 5 and 8 Series.

If you have a saved backup image, the recommended method to downgrade a device to an earlier version of Fireware OS is to restore the device backup image. For more information, see Downgrade Fireware OS.

Step 1 — Save the Current Configuration File

If you do not have a saved configuration file that you want to use after the downgrade, use Policy Manager to save the current device configuration to a file before you downgrade. You can edit the configuration file and save it to the device after the downgrade.

Step 2 — Uninstall Newer Versions of Fireware OS 

If you want to use the Quick Setup Wizard to install an older version of Fireware OS, you must uninstall any newer versions of Fireware OS from the management computer. You also must make sure that the latest installed version of Fireware OS on the management computer is the one you want to downgrade to. Do not uninstall WatchGuard System Manager.

  1. In Windows Control Panel, find the list of installed programs.
    For each version of Fireware OS you have installed for each Firebox model there is a separate WatchGuard Fireware OS program.
  2. Find the installed version of the WatchGuard Fireware OSprogram for the Firebox model you want to downgrade.
  3. For your Firebox model, uninstall any Fireware OS version newer than the one you want to downgrade to.

  1. Verify that the latest installed version of Fireware OS is the version you want to install on the device.
  2. If necessary, download and install the older version of Fireware OS on your management computer. You can download the Fireware OS installer from the WatchGuard Portal on the WatchGuard website at http://www.watchguard.com.

Step 3 — Start the Device in Recovery Mode

Step 4 — Run the WSM Quick Setup Wizard

After you start the device in recovery mode, you can use the WSM Quick Setup Wizard to downgrade it.

  1. Connect the management computer to device interface 1.
  2. In WatchGuard System Manager, select Tools > Quick Setup Wizard.
  3. Select Yes, my device is ready to be discovered.
  4. Click Next to start device discovery.
  5. Provide the information to create a basic device configuration. For a description of the configuration steps, see Run the WSM Quick Setup Wizard.
    The final page of the Quick Setup Wizard shows the version of Fireware XTM installed on the device.

After the device restarts, it uses a basic configuration that includes five policies (TCP and UDP outgoing, FTP packet filter, ping, WatchGuard, and WatchGuard Web UI) and the interface IP addresses you specified. You can use Policy Manager to change this basic configuration or to save an existing configuration file to the device, as described in the next section.

Step 5 — Save a Configuration File to the Downgraded Device

After you downgrade the device, you can use Policy Manager to save an existing configuration file to the device. Before you save a configuration file to the device, make sure that you disable any features that are not supported on the version of Fireware XTM installed on the device.

  1. Open the saved configuration file you want to use in Policy Manager.
  2. Make sure the configuration file has the correct feature key for this device.
  3. Disable any features that are not supported in the version of Fireware XTM installed on the device. For example, if you downgrade from Fireware OS v11.7.x to Fireware OS v11.6.x, you must disable Link Aggregation, Mobile VPN with L2TP, WebBlocker with Websense, and other features not supported in Fireware XTM v11.6.x.
  4. Save the configuration file to the device.

If the configuration file you save has an enabled feature that is not supported by the version of Fireware XTM on the device, Policy Manager shows an error message to tell you about the feature that is not supported.  You must disable the feature before you can save the configuration file to the device.

Step 6 — Reinstall Device Certificates

When you use the Quick Setup Wizard for a device in recovery mode, any certificates installed on the device are removed. If your device had certificates installed, you must reinstall any certificates on the device after the downgrade. For more information, see Manage Device Certificates (WSM).

See Also

Downgrade Fireware OS

Give Us Feedback     Get Support     All Product Documentation     Technical Search