TFTP Problems with FortiWiFi 30B

Forum|Forum|14 years ago
December 12, 2011
5 replies
7788 views

Greetings: --Semi-newbie here with a few TFTP questions, namely what is the proper config to flash firmware? I' m don' t seem to have any connectivity between the TFTP server on my laptop and the FortiWifi 30 B. --I suspect the upload port is wrong as per other support docs. There are no # characters showing progress (see below). However, I' m unable to change from internal port 4 (the default) as suggested. --I also won' t rule out an IP misconfig, since I have little experience doing this. Regardless, below is a summary of the other troubleshooting steps I took as well as a snippet of the HyperTerminal output. --I' d really appreciate any suggestions. Thanks in advance for your time and expertise. All the best. Patrick ::TROUBLESHOOTING:: -Attempted to change internal ports for upload -Formatted the HDD (as per vendor support) -Disabled Windows firewall -Everyone group has full control on SMB/NFTS to TFTP-Root directory. ::HYPERTERMINAL OUTPUT:: Enter Selection : Enter G,F,I,Q,or H: Please connect TFTP server to Ethernet port " 4" . Enter TFTP server address [192.168.1.168]: 192.168.1.99 (Laptop IP as per support docs) Enter local address [192.168.1.188]: 192.168.1.10 (Random IP on same subnet). Enter firmware image file name [image.out]: FWF_30B-v400-build0178-FORTINET.out MAC:00090FC7F5A8 -

emnoc

New Member

suggestion: To eliminate the port issues, when you set the ip_address on teh FWF30B and laptop , can you ping the unit? If you can, and the TFTP dowdloads are failing, have you check the TFTP transfer byte size? What tftp-server are you using?

sakpguAuthor

New Member

Hi emnoc: --Thanks for the info. I' ve used SolarWinds TFTP as well as TFTPD32 for TFTP. The terminal app are HyperTerminal and PuTTY. I configured my device as per this KB article:[link=] http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=10338&sliceId=1&docTypeID=DT_KCARTICLE_1_1[/link] --I suspect the problem is on the Forigate ports. I can ping my server IP (my laptop) OK no matter what IP I set. I cannot ping the Fortigate no matter what IP I use. The output says to use " Ethernet port 4" . The above referenced doc recommends changing the upload port to another port for troubleshooting. However, I am unable to change the upload port on the Foritgate. It always stays at port 4 no matter how it' s set. The TFTPD32 logs show no connection is made. --Also, I can check the transfer byte size. What do you suggest I set it to? --Thanks again for the assist. All the best, Patrick

AlexFeren

New Member

I cannot ping the Fortigate no matter what IP I use.

Make sure that " show system interface" has " set allowaccess ping" for administrative interface you' ll be using. By the way, consider using " execute restore image usb" if you have physical access to the box, or " execute restore image tftp" command instead of rebooting if you must use tftp - less restrictive than reboot environment.

emnoc

New Member

Make sure that " show system interface" has " set allowaccess ping" for administrative interface you' ll be using.

he' s doing this from an interrupted bootup process, by the screenshot he provided. So that part is not an issue at this point. back to the problem, I never heard of any FGT units using a high # number port for the TFTP firmware upgrade or restoral from the CLI and a interrupted bootup. I would personally used the lower number port 1st and then check my cable. On the byte size, you can validate the sized used via wireshark or even the log. Solarwinds TFTP server should be fine as-is, and I think your problem is cable or cabling connection related. Once you configured the FWF30B with the interface ip_address, try a continous ping from the window host and tehn repeat but with using a different port. Also don' t rule out your cable. IIRC a straight should be fine but you might need a X-over.

rwpatterson

New Member

For what it' s worth, I was never able to ping the FGT during a TFTP restore. May be operating as designed.

AlexFeren

New Member

For what it' s worth, I was never able to ping the FGT during a TFTP restore.

I' m using 60C v4.0 MR3 Patch 3. The interface only becomes enabled after Fortigate TFTP data is entered and retrieval is attempted, via Internal 1. Observe:

FortiGate-60C (14:57-01.26.2011)  Ver:04000024  Serial number: FGT60C3G1100????  CPU(00): 525MHz  Total RAM: 512MB  Initializing boot device...  Initializing MAC... nplite#0  Press any key to display configuration menu...  ..    :  Get firmware image from TFTP server.  :  Format boot device.  [ I]:  Configuration and information.  [ B]:  Boot with backup firmware and set as default.  :  Quit menu and continue to boot.  :  Display this list of options.    Enter G,F,I,B,Q,or H: G    Please connect TFTP server to Ethernet port ' Any of port 1,2,3,4,5' .    Enter TFTP server address [192.168.1.168]: 10.0.0.2  Enter local address [192.168.1.188]: 10.0.0.1  Enter firmware image file name [image.out]: xx.out  MAC: 00:09:0f:f5:cc:e8    Connect to tftp server 10.0.0.2 ...    ^C  Abort    Reading boot image... 1173664 bytes.  Initializing firewall...    System is started.

Attachment is a pcap file (with Window' s chatter traffic filtered out) taken during above sequence on 10.0.0.2 PC. You can see Fortigate' s TFTP request and my (successful) ping from the PC.

Om33256.gif

emnoc

New Member

The interface only becomes enabled after Fortigate TFTP data is entered and retrieval is attempted, via Internal 1. Observe:

That' s my experience also. Once you get to the " Enter local address [ 192.168.1.188]: and after you enter the filename, the interface should come up hot. for the OP, do you have a warranty or support on the FWF30B? i remember mine was strange when doing a upgrade, but it was not as problematic as yours.

sakpguAuthor

New Member

--Thanks a lot for all your help. I' m going to open a support ticket (now that the unit is properly registered). I suspect it' s a bad device. It' s not my config, cabling, etc. I can TFTP to a similar model w/o a problem. I also noted that the Status light stays lit when the unit is powered on. Thanks again. P.

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded