Use the Web UI to Downgrade Fireware

You can use the upgrade feature in Fireware Web UI to downgrade the Firebox to a lower version of Fireware.

If you use Fireware Web UI to downgrade a Firebox to Fireware v12.2.1 or higher, the downgrade process includes the option to restore a compatible backup image previously saved to the Firebox or to a USB drive connected to the Firebox. If you choose not to restore a backup image, the downgrade process resets the Firebox configuration to factory-default settings.

If you want to downgrade to Fireware v12.2 or lower, this is not the preferred method, because it resets your configuration to factory-default settings. For more information about other downgrade methods, see Downgrade Fireware.

If you use the Fireware Web UI Upgrade feature to downgrade the installed version of Fireware OS, and you do not restore a backup image, the downgrade process resets the configuration to factory-default settings. The downgrade process does not change the Firebox passphrases and does not remove backup images stored on the Firebox, feature keys, or certificates.

Before you downgrade, use Policy Manager to save the Firebox configuration to a file. In WatchGuard System Manager v12.1 and higher, you can use Policy Manager to save a configuration file for a specific Fireware version. For more information on how to save a configuration file for a specific Fireware version, see Save the Configuration File

You cannot downgrade a Firebox to a version of Fireware lower than Fireware v12.1.3 Update 8, v12.5.9 Update 2, or v12.7.2 Update 2, based on your device model.

Step 1 — Install the Older Version of Fireware

If you do not already have it, install the older version of Fireware on your management computer.

  1. Go to https://software.watchguard.com/ and select your device model from the list.
  2. At the bottom of the page, click the link to show previous software for your device.
  3. Download the older version of the Fireware installer file.
  4. Install the Fireware file on your management computer.
    By default, the file is installed in the C:\Program Files (x86)\Common Files\WatchGuard\resources\FirewareXTM\<OS-version> folder.

Step 2 — Use the Upgrade Feature in Fireware Web UI to Downgrade

  1. Select System > Upgrade OS.

    The Upgrade OS page appears.
  2. Click Browse to select the downgrade Fireware file from the folder where you installed it.
    The name of the file appears on the Upgrade OS page. The file name ends with .sysa_dl.
  3. Click Upgrade.
    In Fireware 12.2.1 or higher, a message states that you can restore a configuration from a saved backup image or reset the Firebox. If you downgrade to Fireware 12.2 or lower, you cannot restore a saved backup image.
  4. Click Yes.
    If backup images for the Fireware version you want to downgrade to are saved on the Firebox or on a USB drive connected to the Firebox, the Image List dialog box appears. Backup images that include the Fireware are not listed.

Screen shot of Image List dialog box.

  1. To restore a backup image, select it in the list and click Yes. If you do not want to restore a backup image, click No.
  2. If you selected a backup image stored on the USB drive, type the Password that was used to encrypt the file. Click Save.
    After the backup image upload is complete, a confirmation message appears.
  3. Click Yes to complete the downgrade and reboot.
    The Firebox reboots.

If you did not restore a backup image, after the downgrade, the network and security settings are reset to factory default settings, but the admin and status management account passphrases are not reset. You must connect to the device on Eth1, with the default IP address 10.0.1.1 to manage it. For more information about the factory default settings, see About Factory-Default Settings.