Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
ssudhakar
Staff
Staff

Created on ‎04-22-2024 10:46 AM Edited on ‎04-22-2024 10:06 PM By Community Manager

Article Id 310914

Technical Tip: Factoryreset on MBD/FIM will remove image file which may affect few scenarios

Description

On v7.2, When 'execute factoryreset' is performed on MBD/FIM the default image used for FPC/FPM sync will be removed until a new image is manually updated either via the GUI or via the CLI. Uploading a new image via the GUI will reboot the chassis. If a reboot needs to be avoided, use the TFTP option as shown below for image upload. Missing default image on FIM/MB can impact the following scenarios.

  • In RMA cases, when a new FPM joins the cluster, the image will not be updated automatically if it’s running a different version than the FIM.
  • When the filesystem gets corrupted on the blades (example EXT2-fs (sda1): previous I/O error to superblock detected error is seen on console) a format and a re-image of the blade may be required.
  • Sometimes blades show “open boot device failed” while booting, a format and re-image of the blade is required to bring up the blade.
Scope

6000F, 7000E, and 7000F, v7.2 onwards.
Solution

Step 1: Upload firmware image from an external TFTP server to FIM/MBD

 

 execute upload image tftp <image-file> <comment> <tftp-server-address>

 

Example: 6000F.

 
6000f-tftp.png

 

Step 2: Verify that the firmware file has been uploaded. Below is the path. Run this on global on MBD/FIM.

 

On 6000F/7000F:

 

fnsysctl ls /data2/tftproot/

 

It will be uploaded as image.out:

 
6000F-image.out.png

 

7000F-image.out.png

On 7000E: 

 

fnsysctl ls /data2/image

 

It will be uploaded as the firmware file name. The screenshot shows a 7.2.8 image file.

 

7000E-image file.png

 

  • Indication: When trying to load the image on the blade, either the TFTP file will be missing (on 6k and 7KF) or the blade will keep rebooting. This is because it is trying to sync the image from MBD/FIM, which does not exist.
  • Fix: It is required to upload the image manually from an external TFTP after factoryreset, (follow Step 1 and Step 2 ) and then reimage the blades. If the image file is not available on MBD/FIM, then it’s not possible to reimage the blade . Make sure the firmware file is uploaded.
  • This issue impacts only from v7.2 onwards.

Fortigate-6000F:

 

Before factoryreset:

 

6000F-image.out.png

 

Performing factoryreset:

 

6000F-factoryreset.png

After factoryreset:

 

6000F-factoryreset-after-1.png

FortiGate 7000E:

 

Before factoryreset:

 

7000E-image file.png

 

Performing factoryreset:

 

7000E-factoryreset.png

 

After factoryreset:

 

7000E-factoryreset-after-NO-image-1.png

Fortigate 7000F:

 

Before factoryreset:

 

7000F-image.out.png

 

Performing factoryreset:

 

7000F-factoryreset-.png

After factoryreset:

 

7000F-factoryreset-after-1.png

 

This is a known issue:

 

954881- Image synchronization failure happened after a factory reset on FortiGate 7000E/F
339
0 Kudos
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.