Help
Customer Service
Customer Service Information and Announcements
kbahrudin_FTNT
Staff
Staff

Created on ‎12-08-2015 12:50 AM Edited on ‎03-18-2025 07:58 AM By Moderator

Article Id 190993

Technical Tip: How to verify downloaded firmware checksum

Description

 

This article explains how to verify the checksum of firmware which has been downloaded from the Customer Service and Support web portal.

The download section provides a means to obtain firmware images and also retrieve firmware image checksums.


Scope

 

Firmware download.


Solution

 

The integrity of a Fortinet device firmware image that has been downloaded from the Fortinet Customer Service and Support web portal can be verified using the checksum files which are also available in the Download section.
 
Microsoft Windows.

Several MD5 checking tools are available, in this article next options are available to achieve these tasks:

Option 1: Using a third-party utility.
Option 2: Using Microsoft Windows native tool.
 
Option 1: Using a third-party utility:
On this option, the WinMD5Free utility is used.  It can be downloaded from http://www.winmd5.com

Once the utility has been installed, browse to the Fortinet Device firmware file that has been downloaded, and use the Calculate Downloaded Firmware Checksum option.

Compare the result of this calculation against the value that is available from the Fortinet Customer Service and Support web portal: Technical Tip: How to find firmware image checksums 
kbahrudin_FD37714_tn_FD37714.jpg

 

How to add a 'right-click' Windows shortcut to a PowerShell native command:

Windows Powershell can use 'get-filehash' to accomplish the task, and by changing the Windows registry manually it is possible to add a 'right-click' option to simplify the task. 

Copy and paste the output below into a new file and save it as 'checksum_menu.reg'.

It is important that the file extension is .reg to allow it to be easily imported into the registry.

 

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\GetFileHash]
"MUIVerb"="Hash"
"SubCommands"=""

[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\01SHA512]
"MUIVerb"="SHA512"

[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\01SHA512\command]
@="powershell.exe -noexit get-filehash -literalpath '%1' -algorithm SHA512 | format-list"

[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\02MD5]
"MUIVerb"="MD5"

[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\02MD5\command]
@="powershell.exe -noexit get-filehash -literalpath '%1' -algorithm MD5 | format-list"

 

Then 'right-click' on the .reg file and select 'merge'. This would import the above keys into the registry. After that, it is possible to 'right-click' any file and select the 'Hash' menu. 

 

lcamilo_0-1673548616123.png

 

By selecting the SHA512 for example, the PowerShell output will be visible.

 

lcamilo_1-1673548768655.png

 

The SHA512 Hash above can be compared with the firmware download hashes verifying that the file is exactly the same and no download errors happened. 

https://support.fortinet.com/Download/FirmwareImages.aspx

 

lcamilo_2-1673548979460.png

 

If there is 7-Zip software installed, it is possible to disable the overlapping 'right-click' option in the options below. 

 

lcamilo_3-1673549244350.png

 

The registry instructions above are provided as it is. Feel free to use them with risk.

Option 2 Using Microsoft Windows native tool:

Windows 10 and later Microsoft include 'certutil' tool. This tool is a CLI tool designed mainly to manage certificates and encryption services but is also possible to use it to check files hashes as MD5. This is useful when is not possible to install third-party tools to check downloaded files integrity.

To check the MD5 hash for downloaded files follow these steps:

 

  1. Locate on Windows OS file explorer GUI the file that is needed to check the hash. For instance, in this scenario will check the MD5 sum for file 'FSM_Full_All_ESX_7.1.3_build0165.zip' downloaded from the Fortinet Support portal
  • On Windows 10, select the menu File -> Open Windows PowerShell.
  • On Windows 11 'right-click' on a space on File Explorer and select Open In Terminal.

 

  1. Once on Windows PowerShell executes this command:


certutil -hashfile .\<File_Name> MD5

For instance: 

 

certutil -hashfile .\FSM_Full_All_ESX_7.1.3_build0165.zip MD5


Note:

It is possible to press [TAB] when writing a file name to autocomplete based on available files on the path in step 1.

 

  1. This will take a couple of seconds. The command will reveal the MD5 file for that file. After executing the command output should be similar to the next screenshot:

 

2024-09-12_16h42_14.png

  1. Compare the MD5 file hashes between the output of a command and those on the support portal.

 

Linux.

 

To verify the file checksum in Linux the console can be used with the commands 'md5sum' and 'sha512sum'.

 

The syntax is:

 

md5sum <filename>

 

sha512sum <filename>

 

Example:

 

md5sum FGT_40F-v7.4.7.M-build2731-FORTINET.out

 

Ubuntu-checksum.jpg

 

This can be compared to the checksum found on the FortiCloud support site.

 

actual-checksum.jpg

24268
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.