Downgrade Fireware

Use these procedures to downgrade the version of Fireware on a Firebox to an earlier version.

You cannot downgrade a Firebox to a version of Fireware lower than Fireware v12.1.3 Update 8, v12.5.9 Update 2, or v12.7.2 Update 2, based on your device model.

It is not necessary to downgrade WatchGuard System Manager when you downgrade Fireware, because WatchGuard System Manager can manage a Firebox that uses an earlier version of Fireware.

Downgrade with a Saved Backup Image

If you have a saved backup image, there are three methods you can use to downgrade a Firebox to an earlier version of Fireware:

Use the Upgrade feature in Fireware Web UI to downgrade to Fireware v12.2.1 or higher.

If you use the Web UI Upgrade feature to downgrade to Fireware v12.2.1 or higher, you can restore a compatible backup image that is saved on the Firebox or a backup image that does not include Fireware that is stored on a connected USB drive.

Because these backup images do not include Fireware, you must download and install the older version of Fireware on your management computer. When you install an older version of Fireware, you can select a compatible backup image to restore.

For more information, go to Use the Web UI to Downgrade Fireware.

Restore a backup image file that includes the Fireware from a connected USB drive.

Backup images saved to a USB drive that is connected to your Firebox can include Fireware . You can restore the backup image to downgrade a Firebox. For more information, go to Use a USB Drive for System Backup and Restore.

You can also configure a Firebox to automatically restore a designated backup image from a connected USB drive when it starts in recovery mode. For more information, go to Automatically Restore a Backup Image from a USB Drive.

Restore a backup image you created for the device in Fireware v12.2 or lower.

Backup images saved to your computer or network from Fireware v12.2 or lower include Fireware. You can restore the backup image to downgrade a Firebox.

You cannot restore a backup image from a version of Fireware lower than Fireware v12.1.3 Update 8, v12.5.9 Update 2, or v12.7.2, based on your device model.

If your Firebox runs Fireware v12.2.1 or higher, go to Import a Backup Image to the Firebox.

If your Firebox runs Fireware v12.2 or lower, go to Restore a Backup Image (Fireware 12.2 and lower).

Downgrade without a Backup Image

If you do not have a backup image for your Firebox, there are two other methods you can use to downgrade Fireware. Both of these methods reset the Firebox configuration to factory-default settings.

Before You Downgrade

If you want to use the current configuration for this Firebox after the downgrade, use Policy Manager to save a copy of the configuration to a file before you downgrade. In Policy Manager, you can save the configuration for a specific version of Fireware. This enables Policy Manager to verify that all configured features and settings are compatible with the specific Fireware version you select.

To save the configuration for a specific Fireware version:

  1. Open the Firebox configuration in Policy Manager.
  2. Select File > Save > As Version.
  3. Select the Fireware version you want to downgrade to.

For more information on how to save a configuration file for a specific Fireware version, go to Save the Configuration File

Downgrade Methods

You can use these methods to downgrade the version of Fireware installed on your Firebox when you do not have a backup image:

Use the Upgrade feature in Fireware Web UI to downgrade to Fireware v12.2 or lower.

Because newer features are not all compatible with older Fireware versions, this downgrade procedure resets the configuration to factory-default settings. It does not change the device passphrases and does not remove the feature keys and certificates.

If you use the Web UI Upgrade feature to downgrade to Fireware v12.2 or lower, the device configuration is reset to factory-default settings.

For more information, go to Use the Web UI to Downgrade Fireware.

Use the Quick Setup Wizard in WatchGuard System Manager to downgrade a Firebox started in recovery mode.

Only use this downgrade method with direction from Support. It requires that you create a new basic configuration and removes the feature key and certificates. After the downgrade, you can use Policy Manager to save a different configuration file to the device.

For more information, go to Use the Quick Setup Wizard to Downgrade Fireware.

After You Downgrade

If you used Policy Manager to save the Firebox configuration to a file before the downgrade, you can use Policy Manager to save the previous configuration to the Firebox after the downgrade.

  1. Open the saved configuration in Policy Manager.
  2. Select Save > To Firebox.
  3. Specify the IP address of the trusted interface of the Firebox. When the Firebox is reset to factory-default settings, the trusted interface is Eth1 and the default IP address is 10.0.1.1.
  4. Specify the user name admin.
  5. Specify the device passphrase for the admin account. If you used the Quick Setup Wizard to downgrade the Firebox, the passphrase is the passphrase you set when you ran the wizard. If you used the Upgrade feature in Fireware Web UI to downgrade the Firebox, the passphrase for the admin account is the same as before the downgrade.

Downgrade a FireCluster

To downgrade Fireware OS for a FireCluster, we recommend that you have the cluster members leave the cluster, use one of the methods to downgrade each Firebox separately, and then reconfigure the FireCluster. In Fireware v12.2.1 or higher, this enables you to restore a backup image when you downgrade each cluster member. For information about how to make a cluster member leave the cluster, go to Make a Member Leave a Cluster.

Related Topics

Downgrade to an Earlier Version of WSM