Created on 11-01-2004 12:00 AM Edited on 12-24-2024 03:04 AM By Anthony_E
Description
This article describes how to download and install firmware from a local TFTP server via the BIOS, under CLI control.
It is also necessary to install firmware using the local TFTP server if 'OPEN DEVICE BOOT FAILED' message appears on console as follows:
Caution: Installing firmware from a local TFTP server under console control will reset the FortiGate unit to factory default settings.
Consider backing up the configuration (using the GUI or CLI commands below) before starting the TFTP server firmware upgrade:
execute backup config
execute backup ipsuserdefsig
The first command backs up the configuration and the second one backs up the IPS custom signatures, if any.
Scope
FortiGate.
Solution
Components:
Physical connection:
Download the required firmware and verify the MD5 checksum:
Create a directory and name it something like 'TFTP'.
Note 1:
Ensure that only the firmware file named 'image.out' is present in the TFTP server's 'Current Directory.' If other files are in the directory, FortiGate may fail to load the firmware, even if the filename matches 'image.out'.
Note 2:
The connected network adapter will not show as 'connected,' and the NIC port on the PC will not light up until the file transfer begins.
Terminal client communication parameters:
8 bits
no parity
1 stop bit
9600 baud (the FortiGate-300 uses 115,000 baud)
Flow Control = None
FortiGate-81E (12:47-03.03.2017)
Ver:05000007
Serial number: FGT81E*********1
CPU: 1000MHz
Total RAM: 2 GB
Initializing boot device...
Initializing MAC... nplite#0
Please wait for OS to boot, or press any key to display the configuration menu.
[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[I]: System information.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.
Enter C,R,T,F,I,B,Q,or H:
It will erase data in boot device. Continue? [yes/no]:yes
Formatting..........done
Done.
Enter C,R,T,F,I,B,Q,or H:R
Image download port: WAN1 <----- This port of the FortiGate should be connected to the computer ethernet port.
DHCP status: Disabled
Local VLAN ID: <NULL>
Local IP address: 10.10.10.115
Local subnet mask: 255.255.255.0
Local gateway: 10.10.10.1
TFTP server IP address: 10.10.10.1
Firmware file name: FGT_100F-v7.0.0-build0066-FORTINET.out
[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[I]: System information.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.
Enter C,R,T,F,I,B,Q,or H:C
[P]: Set firmware download port.
[D]: Set DHCP mode.
[I]: Set local IP address.
[S]: Set local subnet mask.
[G]: Set local gateway.
[V]: Set local VLAN ID.
[T]: Set remote TFTP server IP address.
[F]: Set firmware file name.
[E]: Reset TFTP parameters to factory defaults.
[R]: Review TFTP parameters.
[N]: Diagnose networking(ping).
[Q]: Quit this menu.
[H]: Display this list of options.
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: <-- [I]: Set local IP address.
Enter local IP address [10.1.1.115]: 10.10.10.115
.done
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: <-- [S]: Set local subnet mask.
Enter local subnet mask [255.255.255.0]: 255.255.255.0
.done
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: <-- [G]: Set local gateway.
Enter remote TFTP server IP address [10.1.1.1]: 10.10.10.1
.done
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: <-- [T]: Set remote TFTP server IP address.
Enter remote TFTP server IP address [10.1.1.1]: 10.10.10.1
.done
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: <-- [F]: Set firmware file name.
Enter firmware file name [FGT_100F-v7.0.0-build0066-FORTINET.out]: image.out
.done
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: <-- [Q]: Quit this menu.
Please connect TFTP server to Ethernet port 'WAN1'.
MAC: 94:ff:3c:6e:e9:66
Connect to tftp server 10.10.10.1 ...
After this is connected and the transfer has begun, the screen will start filling with the '#' symbol as below. This means that the TFTP transfer has started successfully.
#######################################################################################################################################################################################
Image Received.
Checking image... OK
This firmware image is certified!
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?D
Programming the boot device now. The system must re-layout the boot device to install this firmware.
The default and backup firmware will be lost.
Continue:[Y/N]?Y
.. OK
Verifying... OK
.done
Booting OS...
Initializing firewall...
System is starting...
Resizing shared data partition...done
Formatting shared data partition ... done!
Starting system maintenance...
Scanning /dev/mmcblk0p1... (100%)
Scanning /dev/mmcblk0p3... (100%)
FortiGate-81E login: admin
Password:
You are forced to change your password. Please input a new password.
New Password:
Confirm Password:
Welcome!
After formatting the device, it will be reachable again using the default IP 192.168.1.99/24. So, the laptop connected to the management interface must have an IP part of this subnet and then it will be possible to restore the configuration file via GUI and CLI.
If there is any error while loading the firmware the error is something like the below, in that the solution could be found in the following KB.
Fatal error: Loading FOS fails!
Please power cycle. System halted.
Or:
Fatal error: AV engine file authentication failed!
Please power cycle. System halted.
Note:
Related articles:
Troubleshooting Tip: Unable to boot the firewall or load firmware image
Troubleshooting Tip: Boot secondary/stand by firmware from console
This document can also be used to boot with the backup/secondary firmware (step 11) in case the main one is bad or corrupted.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.