Related Topics
Downgrade Fireware OS
Use these procedures to downgrade the version of Fireware OS to an earlier version.
It is not necessary to downgrade WatchGuard System Manager when you downgrade Fireware OS, because WatchGuard System Manager can manage a Firebox that uses an earlier version of Fireware OS.
Use a Saved Backup Image to Downgrade
The recommended method to downgrade a Firebox to an older version of Fireware OS is to use the saved backup image that you created before the most recent Fireware OS upgrade on the device. If you have a backup image, there are two procedures you can use to downgrade a Firebox to an earlier version of Fireware:
Restore the full backup image you created for the device before the last Fireware OS upgrade.
For more information, see Restore a Firebox Backup Image.
Use the USB backup file you created before the upgrade as your auto-restore image on a USB drive.
For more information, see Automatically Restore a Backup Image from a USB Drive.
Downgrade Without a Backup Image
If you do not have a backup image for your Firebox, there are two other methods you can use to downgrade Fireware. Both of these methods reset the Firebox configuration to factory-default settings.
Before You Downgrade
If you want to use the current configuration for this Firebox after the downgrade, use Policy Manager to save a copy of the configuration to a file before you downgrade. In Policy Manager, you can save the configuration for a specific version of Fireware. This enables Policy Manager to verify that all configured features and settings are compatible with the specific Fireware version you select.
To save the configuration for a specific Fireware version:
- Open the Firebox configuration in Policy Manager.
- Select File > Save > As Version.
- Select the Fireware version you want to downgrade to.
For more information on how to save a configuration file for a specific Fireware version, see Save the Configuration File
Downgrade Methods
Use the Quick Setup Wizard in WatchGuard System Manager to downgrade a Firebox started in recovery mode.
This downgrade requires that you create a new basic configuration. It removes the feature key and certificates. After the downgrade, you can use Policy Manager to save a different configuration file to the device.
For more information, see Use the Quick Setup Wizard to Downgrade Fireware OS.
Use the Upgrade feature in Fireware Web UI to install an older version of Fireware OS.
Use this method only to downgrade a device from Fireware OS v11.7 or higher. Because newer features are not all compatible with older OS versions, this downgrade procedure resets the configuration to factory-default settings. It does not change the device passphrases and does not remove the feature keys and certificates.
If you use the Web UI Upgrade feature to downgrade, the device configuration is reset to factory-default settings.
For more information, see Use the Web UI to Downgrade Fireware OS.
After You Downgrade
If you used Policy Manager to save the Firebox configuration to a file before the downgrade, you can use Policy Manager to save the previous configuration to the Firebox after the downgrade.
- Open the saved configuration in Policy Manager.
- Select Save > To Firebox.
- Specify the IP address of the trusted interface of the Firebox. When the Firebox is reset to factory-default settings, the trusted interface is Eth1 and the default IP address is 10.0.1.1.
- Specify the user name admin.
- Specify the device passphrase for the admin account. If you used the Quick Setup Wizard to downgrade the Firebox, the passphrase is the passphrase you set when you ran the wizard. If you used the Upgrade feature in Fireware Web UI to downgrade the Firebox, the passphrase for the admin account is the same as before the downgrade
Downgrade a FireCluster
To downgrade Fireware OS for a FireCluster, we recommend that you use Policy Manager to restore the backup image. For more information, see Restore a FireCluster Backup Image. To use the Web UI to restore the backup image to a FireCluster, you must have a unique backup image for each device, and you must restore the backup master first. For more information, see Use the Web UI with a FireCluster.
If you do not have a backup image for your FireCluster, you must break the cluster, use one of the other methods to downgrade each Firebox separately, and then reconfigure the FireCluster.