Customer Service
Customer Service Information and Announcements
kbahrudin_FTNT
Article Id 190993

Description

 

This article explains how to verify the checksum of firmware which has been downloaded from the Customer Service and Support web portal.

The download section provides a means to obtain firmware images and also retrieve firmware image checksums.


Scope

 

Firmware download.


Solution

 

The integrity of a FortiOS firmware image that has been downloaded from the Fortinet Customer Service and Support web portal can be verified using the checksum files which are also available in the Download section.

A number of MD5 checking tools are available, in this article the WinMD5Free utility is used.  It can be downloaded from http://www.winmd5.com

Once the utility has been installed, browse to the FortiOS firmware file which has been downloaded and use the Calculate Downloaded Firmware Checksum option.

Compare the result of this calculation against the value which is available from the Fortinet Customer Service and Support web portal.

kbahrudin_FD37714_tn_FD37714.jpg

 

 

How to add a 'right-click' windows shortcut to a PowerShell native command:

Windows Powershell can use 'get-filehash' to accomplish the task, and by changing the windows registry manually it's possible to add a 'right-click' option to simplify the task. 

Copy and paste the output below into a new file and save it as 'checksum_menu.reg'.

It is important that the file extension is .reg to allow it to be easily imported into your registry.

 

 

Windows Registry Editor Version 5.00

[HKEY_CLASSES_ROOT\*\shell\GetFileHash]
"MUIVerb"="Hash"
"SubCommands"=""

[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\01SHA512]
"MUIVerb"="SHA512"

[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\01SHA512\command]
@="powershell.exe -noexit get-filehash -literalpath '%1' -algorithm SHA512 | format-list"

[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\02MD5]
"MUIVerb"="MD5"

[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\02MD5\command]
@="powershell.exe -noexit get-filehash -literalpath '%1' -algorithm MD5 | format-list"

 

 

Then 'right-click' on the .reg file and select 'merge'. This would import the above keys into the registry. 

After that, it is possible to 'right-click' any file and select the 'Hash' menu. 

 

lcamilo_0-1673548616123.png

 

By selecting the SHA512 for example, the PowerShell output will be visible.

 

lcamilo_1-1673548768655.png

 

The SHA512 Hash above can be compared with the firmware download hashes verifying that the file is exactly the same and no download errors happened. 

https://support.fortinet.com/Download/FirmwareImages.aspx

 

lcamilo_2-1673548979460.png

 

If there is 7-Zip software installed, it is possible to disable the overlapping right-click option in the options below. 

 

lcamilo_3-1673549244350.png

 

The registry instructions above are provided as it is. Feel free to use them with risk.