Contents

Downgrade Fireware OS

Use these procedures to downgrade the version of Fireware OS on a Firebox to an earlier version.

It is not necessary to downgrade WatchGuard System Manager when you downgrade Fireware OS, because WatchGuard System Manager can manage a Firebox that uses an earlier version of Fireware OS.

Downgrade with a Saved Backup Image

If you have a saved backup image, there are three methods you can use to downgrade a Firebox to an earlier version of Fireware OS:

Use the Upgrade feature in Fireware Web UI to downgrade to Fireware OS v12.2.1 or higher.

If you use the Web UI Upgrade feature to downgrade to Fireware OS v12.2.1 or higher, you can restore a compatible backup image that is saved on the Firebox or a backup image that does not include Fireware OS that is stored on a connected USB drive.

Because these backup images do not include the Fireware OS, you must download and install the older version of Fireware OS on your management computer. When you install an older version of Fireware OS, you can select a compatible backup image to restore.

For more information, see Use the Web UI to Downgrade Fireware OS.

Restore a backup image file that includes the Fireware OS from a connected USB drive.

Backup images saved to a USB drive that is connected to your Firebox can include the Fireware OS. You can restore the backup image to downgrade a Firebox. For more information, see Use a USB Drive for System Backup and Restore.

You can also configure a Firebox to automatically restore a designated backup image from a connected USB drive when it starts in recovery mode. For more information, see Automatically Restore a Backup Image from a USB Drive.

Restore a backup image you created for the device in Fireware OS v12.2 or lower.

Backup images saved to your computer or network from Fireware v12.2 or lower include the Fireware OS. You can restore the backup image to downgrade a Firebox.

If your Firebox runs Fireware OS v12.2.1 or higher, see Import a Backup Image to the Firebox.

If your Firebox runs Fireware OS v12.2 or lower, see Restore a Backup Image (Fireware 12.2 and lower).

Downgrade without a Backup Image

If you do not have a backup image for your Firebox, there are two other methods you can use to downgrade Fireware. Both of these methods reset the Firebox configuration to factory-default settings.

Before You Downgrade

If you want to use the current configuration for this Firebox after the downgrade, use Policy Manager to save a copy of the configuration to a file before you downgrade. In Policy Manager, you can save the configuration for a specific version of Fireware. This enables Policy Manager to verify that all configured features and settings are compatible with the specific Fireware version you select.

To save the configuration for a specific Fireware version:

  1. Open the Firebox configuration in Policy Manager.
  2. Select File > Save > As Version.
  3. Select the Fireware version you want to downgrade to.

For more information on how to save a configuration file for a specific Fireware version, see Save the Configuration File

Downgrade Methods

You can use these methods to downgrade the version of Fireware OS installed on your Firebox when you do not have a backup image:

Use the Upgrade feature in Fireware Web UI to downgrade to Fireware OS v12.2 or lower.

Because newer features are not all compatible with older OS versions, this downgrade procedure resets the configuration to factory-default settings. It does not change the device passphrases and does not remove the feature keys and certificates.

If you use the Web UI Upgrade feature to downgrade to Fireware OS v12.2 or lower, the device configuration is reset to factory-default settings.

For more information, see Use the Web UI to Downgrade Fireware OS.

Use the Quick Setup Wizard in WatchGuard System Manager to downgrade a Firebox started in recovery mode.

This downgrade method requires that you create a new basic configuration. It removes the feature key and certificates. After the downgrade, you can use Policy Manager to save a different configuration file to the device.

For more information, see Use the Quick Setup Wizard to Downgrade Fireware OS.

After You Downgrade

If you used Policy Manager to save the Firebox configuration to a file before the downgrade, you can use Policy Manager to save the previous configuration to the Firebox after the downgrade.

  1. Open the saved configuration in Policy Manager.
  2. Select Save > To Firebox.
  3. Specify the IP address of the trusted interface of the Firebox. When the Firebox is reset to factory-default settings, the trusted interface is Eth1 and the default IP address is 10.0.1.1.
  4. Specify the user name admin.
  5. Specify the device passphrase for the admin account. If you used the Quick Setup Wizard to downgrade the Firebox, the passphrase is the passphrase you set when you ran the wizard. If you used the Upgrade feature in Fireware Web UI to downgrade the Firebox, the passphrase for the admin account is the same as before the downgrade.

Downgrade a FireCluster

To downgrade Fireware OS for a FireCluster, we recommend that you have the cluster members leave the cluster, use one of the methods to downgrade each Firebox separately, and then reconfigure the FireCluster. In Fireware 12.2.1 or higher, this enables you to restore a backup image when you downgrade each cluster member.

See Also

Downgrade to an Earlier Version of WSM

Give Us Feedback  ●   Get Support  ●   All Product Documentation  ●   Technical Search