Description
This article explains how to verify the checksum of firmware which has been downloaded from the Customer Service and Support web portal.
The download section provides a means to obtain firmware images and also retrieve firmware image checksums.
The download section provides a means to obtain firmware images and also retrieve firmware image checksums.
Scope
Firmware download.
Solution
The integrity of a Fortinet device firmware image that has been downloaded from the Fortinet Customer Service and Support web portal can be verified using the checksum files which are also available in the Download section.
Several MD5 checking tools are available, in this article next options are available to achieve these tasks:
Several MD5 checking tools are available, in this article next options are available to achieve these tasks:
Option 1: Using a third-party utility.
Option 2: Using Microsoft Windows native tool.
Option 1: Using a third-party utility:
On this option, the WinMD5Free utility is used. It can be downloaded from http://www.winmd5.com
Once the utility has been installed, browse to the Fortinet Device firmware file which has been downloaded and use the Calculate Downloaded Firmware Checksum option.
Compare the result of this calculation against the value that is available from the Fortinet Customer Service and Support web portal.
Once the utility has been installed, browse to the Fortinet Device firmware file which has been downloaded and use the Calculate Downloaded Firmware Checksum option.
Compare the result of this calculation against the value that is available from the Fortinet Customer Service and Support web portal.
How to add a 'right-click' windows shortcut to a PowerShell native command:
Windows Powershell can use 'get-filehash' to accomplish the task, and by changing the windows registry manually it's possible to add a 'right-click' option to simplify the task.
Copy and paste the output below into a new file and save it as 'checksum_menu.reg'.
It is important that the file extension is .reg to allow it to be easily imported into your registry.
Windows Registry Editor Version 5.00
[HKEY_CLASSES_ROOT\*\shell\GetFileHash]
"MUIVerb"="Hash"
"SubCommands"=""
[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\01SHA512]
"MUIVerb"="SHA512"
[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\01SHA512\command]
@="powershell.exe -noexit get-filehash -literalpath '%1' -algorithm SHA512 | format-list"
[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\02MD5]
"MUIVerb"="MD5"
[HKEY_CLASSES_ROOT\*\shell\GetFileHash\shell\02MD5\command]
@="powershell.exe -noexit get-filehash -literalpath '%1' -algorithm MD5 | format-list"
Then 'right-click' on the .reg file and select 'merge'. This would import the above keys into the registry. After that, it is possible to 'right-click' any file and select the 'Hash' menu.
By selecting the SHA512 for example, the PowerShell output will be visible.
The SHA512 Hash above can be compared with the firmware download hashes verifying that the file is exactly the same and no download errors happened.
https://support.fortinet.com/Download/FirmwareImages.aspx
If there is 7-Zip software installed, it is possible to disable the overlapping right-click option in the options below.
The registry instructions above are provided as it is. Feel free to use them with risk.
Option 2:Using Microsoft Windows native tool:
Windows 10 and later Microsoft include 'certutil' tool. This tool is a CLI tool designed mainly to manage certificates and encryption services but is also possible to use it to check files hashes as MD5. This is useful when is not possible to install third-party tools to check downloaded files integrity.
To check the MD5 hash for downloaded files follow these steps:
- Locate on Windows OS file explorer GUI the file that is needed to check the hash. For instance, in this scenario will check the MD5 sum for file "FSM_Full_All_ESX_7.1.3_build0165.zip" downloaded from the Fortinet Support portal
- On Windows 10, select the menu File -> Open Windows PowerShell
- On Windows 11 'right-click' on a space on File Explorer and select Open In Terminal.
- Once on Windows PowerShell executes this command:
certutil -hashfile .\<File_Name> MD5
For instance:
certutil -hashfile .\FSM_Full_All_ESX_7.1.3_build0165.zip MD5
Note:
It is possible to press [TAB] when writing file name to autocomplete based on available files on the path on step 1.
- This will late a couple seconds. Command will reveal the MD5 file for that file. After execute command output should be similar to next screenshot:
- Comparte the MD5 file hashes between the output of command and those on support portal.
