How to upgrade firmware on Gen7 firewall with API tool?

Postman is a platform for API development. Since Gen7 firewalls use API, we can use Postman to upgrade firmware with API. More information about Postman can be found in the following link:https://www.postman.com/product/what-is-postman/

NOTE: Same version of firmware can not be upgraded via API. For example, SonicOS 7.0.1-5018-R1709: its firmware version is 7.0.1-5018. This version may have different minor releases, but as long as its name starts with 7.0.1-5018, then its firmware version is 7.0.1-5018. SonicOS 7.0.1-5030-R2007-H17127-540: firmware version is 7.0.1-5030. 

NOTE: The upgrade is one firewall at a time. But we can use variables to quickly change the target firewall IP address in order to upgrade next firewall. Example on upgrading firmware on TZ570 from 7.0.1-5030 to 7.0.1-5050.

Current firewall firmware:

Configured Postman:

Steps:

• Create a folder, example called “Gen 7 firmware upgrade’, define Variables, including IP, PORT, and baseUrl, and Save the settings:
  
  IP: 10.67.10.70 (Is FW IP)
  PORT: 443 (is MGMt port of the FW)
  baseUrl to be: https://{{IP}}:{{PORT}}/api/sonicos
  
  Here the IP can be changed easily to upgrade next firewall.
  
  
  
  
• Navigate to Auth_API. POST section has the variables:  {{baseUrl}}/auth
  
  
  
  In Body section, enter username and password. Then click Send:
  
  
  
  It returned “bearer_token”:
  
  
  
  Copy/paste the token at “Gen 7 firmware upgrade” folder under Authorization, click Save:
  
  

• Next API “Go to Config mode”. The API call is: {{baseUrl}}/config-mode.  Its type should be “Inherit auth from parent”:
  
  
  
  Click Send, it returned success, the firewall is in Config Mode:
  
  

• Next API call “upload firmware”: {{baseUrl}}/import/firmware
  
  The Authorization is still “Inherit auth from parent”:
  
  
  In Headers section, Content-Type has to be: Multipart/form-data; boundary=<calculated when request is sent> along with that we need Content-length value needs to set as <calculated when request is sent>
  
  
  At Body, need to enter KEY to be  “firmware”, VALUE to select “File”
  
  
  
  Click “Select Files” will prompt to select the firmware version 7.0.1-5050:
  
  
  
  CONTENT TYPE to be: application/octet-stream:
  
  
  
  Click on “Send”. It will take several minutes depending on file size. Here are the results:
  
  

• Next API “boot with uploaded firmware”: {{baseUrl}}/boot/uploaded
  
  No need to add or change any value here. Click Send
  
  TIP: Send button is shadowed under "No new changes to save".
  
  
  
  It returned message “Success” and Restarting now.
  
  
  
  
  
  
  Logging into firewall, confirmed the firmware has been upgraded to 7.0.1-5050: