Description
This article explains how to verify the checksum of firmware which has been downloaded from the Customer Service and Support web portal.
The download section provides a means to obtain firmware images and also retrieve firmware image checksums.
The download section provides a means to obtain firmware images and also retrieve firmware image checksums.
Scope
Firmware download.
Solution
The integrity of a FortiOS firmware image that has been downloaded from the Fortinet Customer Service and Support web portal can be verified using the checksum files which are also available in the Download section.
A number of MD5 checking tools are available, in this article the WinMD5Free utility is used. It can be downloaded from http://www.winmd5.com
Once the utility has been installed, browse to the FortiOS firmware file which has been downloaded and use the Calculate Downloaded Firmware Checksum option.
Compare the result of this calculation against the value which is available from the Fortinet Customer Service and Support web portal.
A number of MD5 checking tools are available, in this article the WinMD5Free utility is used. It can be downloaded from http://www.winmd5.com
Once the utility has been installed, browse to the FortiOS firmware file which has been downloaded and use the Calculate Downloaded Firmware Checksum option.
Compare the result of this calculation against the value which is available from the Fortinet Customer Service and Support web portal.
How to add a 'right-click' windows shortcut to a PowerShell native command:
Windows Powershell can use 'get-filehash' to accomplish the task, and by changing the windows registry manually it's possible to add a 'right-click' option to simplify the task.
Copy and paste the output below into a new file and save it as 'checksum_menu.reg'.
It is important that the file extension is .reg to allow it to be easily imported into your registry.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\GetFileHash]
"MUIVerb"="Hash"
"SubCommands"=""
[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\01SHA512]
"MUIVerb"="SHA512"
[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\01SHA512\command]
@="powershell.exe -noexit get-filehash -literalpath '%1' -algorithm SHA512 | format-list"
[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\02MD5]
"MUIVerb"="MD5"
[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\02MD5\command]
@="powershell.exe -noexit get-filehash -literalpath '%1' -algorithm MD5 | format-list"
Then 'right-click' on the .reg file and select 'merge'. This would import the above keys into the registry.
After that, it is possible to 'right-click' any file and select the 'Hash' menu.
By selecting the SHA512 for example, the PowerShell output will be visible.
The SHA512 Hash above can be compared with the firmware download hashes verifying that the file is exactly the same and no download errors happened.
https://support.fortinet.com/Download/FirmwareImages.aspx
If there is 7-Zip software installed, it is possible to disable the overlapping right-click option in the options below.
The registry instructions above are provided as it is. Feel free to use them with risk.
