Description |
This article describes the steps required to format/flash a FortiAuthenticator hardware device and install a desired firmware using a TFTP server.
This procedure is especially helpful for resolving issues such as database corruption, system or disk errors, SATA link failures, inability to boot up the node, or recovery from unexpected or abnormal shutdowns/reboots. The TFTP server will be a laptop connected to one of the FortiAuthenticator interfaces.
Prerequisites:
|
Scope |
FortiAuthenticator, all HW appliances. |
Solution |
In this article, the procedure is demonstrated on a FortiAuthenticator 300F. A laptop is connected to the FortiAuthenticator via the console interface, and an Ethernet cable is connected to Port2 of the device for TFTP transfer.
FortiAuthenticator Port2 IP: 10.10.10.1/24 TFTP Server IP (Laptop): 10.10.10.3/24
Note: This procedure will wipe data on the boot partition. While it generally does not delete the configuration, it is highly recommended to back up the configuration before proceeding, whenever possible. Sometimes the node may be completely inaccessible from GUI and SSH, or it may fail to boot up.
Serial number:FAC3HFT… Total RAM: 8192MB Boot up, boot device capacity: 1913MB. Press any key to display configuration menu.....
[C]: Configure TFTP parameters. [R]: Review TFTP parameters. [T]: Initiate TFTP firmware transfer. [F]: Format boot device. [B]: Boot with backup firmware and set as default. [Q]: Quit menu and continue to boot. [H]: Display this list of options.
Enter C,R,T,F,B,Q,or H:
It is possible to configure the Image Download Port by pressing [P]. This option is particularly useful when multiple cables are connected to the device. If only one laptop is connected, no additional configuration is necessary, as the FortiAuthenticator can automatically detect the active interface. In this case, since only Port 2 of the FortiAuthenticator is connected, defining an Image Download Port is not required.
From the TFTP-Server, transfer details will be visible as below:
> execute factory-reset
This command will erase your current configuration. Do you want to continue? (y/n)> execute factory-reset
This command will erase your current configuration. Do you want to continue? (y/n)
Note: This reset will erase all configurations on the node, so it is important to download a configuration backup, if it was not possible to do so before the formatting.
execute restore config tftp <filepath> <server fqdn:ipaddr> [password <encryption password>]
Note that these issues can occur if FortiAuthenticator is not properly rebooted or is shut down by 'pulling the plug'. The Database processes or filesystem may be writing data at that time that suddenly gets interrupted. Usually this will not cause issues, but it may in some cases. Evidence of these cases can be found in the FortiAuthenticator logs by searching for this entry:
"FortiAuthenticator recovered from an unintended/unusual shutdown/reboot." 2024-05-22T11:38:22.352474+02:00 lab-fac kernel: [ 332.818260] EXT4-fs (sdb2): error count since last fsck: 5 2024-05-22T11:38:22.352518+02:00 lab-fac kernel: [ 332.818277] EXT4-fs (sdb2): initial error at time 1685892993: ext4_check_bdev_write_error:218 2024-05-22T11:38:22.352522+02:00 lab-fac kernel: [ 332.818281] EXT4-fs (sdb2): last error at time 1685894675: ext4_truncate:4336: inode 2637896
System errors, database corruption, and SATA link failures can cause the node to take several hours to boot up. All of these issues can be resolved by reinstalling the firmware.
Related articles: Technical Tip: Downgrading FortiAuthenticator Technical Tip: Formatting and loading FortiGate firmware image using TFTP |