Scribd
Upload
296 views

Technical Note - Loading FortiGate Firmware Image Using TFTP PDF

This document provides instructions for downloading and installing new firmware onto a FortiGate device from a local TFTP server. It describes connecting the FortiGate to the TFTP server, restarting the FortiGate, selecting the firmware download option at the console menu, and entering the TFTP and firmware file details. Key steps include formatting the boot device if needed, monitoring the download progress, and selecting to save the firmware as default.

Uploaded by

Mohit Sharma
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
296 views

Technical Note - Loading FortiGate Firmware Image Using TFTP PDF

This document provides instructions for downloading and installing new firmware onto a FortiGate device from a local TFTP server. It describes connecting the FortiGate to the TFTP server, restarting the FortiGate, selecting the firmware download option at the console menu, and entering the TFTP and firmware file details. Key steps include formatting the boot device if needed, monitoring the download progress, and selecting to save the firmware as default.

Uploaded by

Mohit Sharma
Copyright
© © All Rights Reserved
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 4

Technical Note : Loading FortiGate firmware image using TFTP http://kb.fortinet.com/kb/viewContent.do?

externalId=10338&sliceId=1

Technical Note : Loading FortiGate firmware image using TFTP

Article

1 of 4 07-Aug-13 6:33 PM
Technical Note : Loading FortiGate firmware image using TFTP http://kb.fortinet.com/kb/viewContent.do?externalId=10338&sliceId=1

Description

This article describes how to download and install firmware from a local TFTP server via the BIOS, under CLI control.

Caution: Installing firmware from a local TFTP server under console control resets your FortiGate unit to factory default settings. If
possible, consider backing up your configuration before starting the TFTP server firmware upgrade.

Components

a null modem, or RJ-45 to DB9 console cable (supplied with the FortiGate unit). See also the related article Serial cable
pinouts for console access to Fortinet devices
an Ethernet RJ45 cable
a terminal client, such as a PC running HyperTerminal (Windows)
a TFTP server (see below the recommended software)

Recommended TFTP software

Windows users

TFTPD32 - Open Source tftp server for windows


[http://tftpd32.jounin.net/tftpd32.html]

3CDaemon V2 - 3com's TFTP server for windows


[http://support.3com.com/software/utilities_for_windows_32_bit.htm]

Linux users

Ubuntu 8.04 LTS, 8.10, 9.04 and 9.10


Fedora Core 9
Centos 5

tftpd-hpa
[http://freshmeat.net/projects/tftpd-hpa/]

Mac OS X 10.5/10.6 users

TFTP Server v 3.3.1


[http://ww2.unime.it/flr/tftpserver/]

Download the FortiGate firmware and verify MD5 checksum

1) Download the image for your FortiGate from the Fortinet Support Site. At the same website, you can also download the <image
name>.md5 file that contains the MD5 checksum for the firmware image you downloaded.

2) Check that the image was downloaded successfully and is not corrupted Compare your generated MD5 sum against the one in the
.md5 file.

Windows users can download and use the md5sum.exe <filename> (such as : http://www.pctools.net/win32/md5sums/ or
http://www.md5summer.com)
Linux users can accomplish this with md5sum <filename>
Mac OS X users can also use md5sum <filename>

Notes

Some console prompts in this procedure include a default value in square brackets, for example, [image.out]. To use this default value,

2 of 4 07-Aug-13 6:33 PM
Technical Note : Loading FortiGate firmware image using TFTP http://kb.fortinet.com/kb/viewContent.do?externalId=10338&sliceId=1

press Enter.

Terminal client communication parameters

8 bits
no parity
1 stop bit
9600 baud (the FortiGate-300 uses 115,000 baud)
Flow Control = None

Steps to load the firmware image

1 - Connect the computer to the FortiGate unit using the null modem cable.

2 - Connect the computer running the TFTP server to the FortiGate unit. Use the table below to determine which port to connect to.

FortiGate Model Interface


=============================================================
50, 50A, 100, 200, 300, 500, 800, 800F Internal
50B, all 60 models, 100A, 200A Internal port 1
100A, 200A (If Internal Port1 does not work) Internal port 4
300A, 310A, 400, 400A, 500A, 1000 and higher LAN port 1
1240B port40
Fortigate with a dedicated management port mgmt1

3 - Restart the Fortigate.

4 - When the console displays "Press any key to display configuration menu..." press the spacebar or any
other key.

5 - If the menu includes Format boot device [F] press F and wait for the device formatting to complete.

6 - Press G to start firmware download.


The console displays:

Enter TFTP server address [192.168.1.168]:

7 - Type the IP address of the computer running the TFTP server and press Enter.
The console displays:

Enter Local Address [192.168.1.188]:

8 - Type an unused IP address that is on the same subnet as the TFTP server and press Enter.
The console displays:

Enter File Name [image.out]:

9 - Type the firmware image file name and press Enter.


The console periodically displays a "#" (pound or hash symbol) to show the download progress. When the download completes, the
console displays a message similar to:

Save as Default firmware/Run image without saving:[D/R]

10 - Press D.

The FortiGate unit installs the new firmware image and restarts. The installation may take a few minutes to complete.

Troubleshooting

Once entering the firmware image name and pressing enter, the FortiGate unit MAC address appears and the "#" symbols indicate the
progress of the install. If the MAC address does not show up, check the network cable and connector to ensure they are firmly

3 of 4 07-Aug-13 6:33 PM
Technical Note : Loading FortiGate firmware image using TFTP http://kb.fortinet.com/kb/viewContent.do?externalId=10338&sliceId=1

attached to the FortiGate unit.


If MAC address shows up and no "#" signs appear, check which port the network cable is in. Use the table above in step 2 to ensure
its in the right port.

Sample Console Output

The following is an example of what the output from the console can look like. Depending on the FortiGate unit, this may vary slightly.

FortiGate-60 (root) # FGT60 (11:24-04.25.2005)


Ver:04000000
Serial number:FGT-101101101100
RAM activation
Total RAM: 128MB
Enabling cache...Done.
Scanning PCI bus...Done.
Allocating PCI resources...Done.
Enabling PCI resources...Done.
Zeroing IRQ settings...Done.
Verifying PIRQ tables...Done.
Boot up, boot device capacity: 30MB.
Press any key to display configuration menu...
..
[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[Q]: Quit menu and continue to boot with default firmware.
[H]: Display this list of options.

Enter G,F,Q,or H: F

All data will be erased,continue:[Y/N]?


Formatting boot device...
...............
Format boot device completed.

Enter G,F,Q,or H: G

Enter TFTP server address [192.168.1.168]: 192.168.1.1


Enter local address [192.168.1.188]: 192.168.1.99
Enter firmware image file name [image.out]: FGT_60-v300-build0660-
FORTINET.outMAC:00:01:01:1:a1:a1
############
Total 13547047 bytes data downloaded.
Verifying the integrity of the firmware image.

Total 28000kB unzipped.


Save as Default firmware/Run image without saving:[D/R]? D
Programming the boot device now.
...........................
Reading boot image 1326312 bytes.
Initializing firewall...
System is started.

=========================
Wait until firewall restart.

Login:

Last Modified Date: 01-24-2013 Document ID: 10338

4 of 4 07-Aug-13 6:33 PM

You might also like