Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
wdeloraine_FTNT
Staff
Staff

Created on ‎08-11-2023 06:29 AM Edited on ‎10-14-2024 05:31 AM By Moderator

Article Id 268493

Technical Tip: How to restore a FortiGate appliance after RMA

Description This article describes the necessary steps to restore a FortiGate appliance in the context of restoring a FortiGate appliance after an RMA.
Scope Any FortiGate appliance.
Solution

Restore firmware on regular FortiGate:

 

First, it is important to have the firmware that needs to be restored.


Secondly, setup the following IP address on a laptop NIC: @ip 192.168.1.10 Mask 255.255.255.0.

 

Next, connect to the console port of the FortiGate. The default account is 'admin' with no password.

After connecting, run the following command:

 

show system interface | grep -f 192.168.1.99

 

The results should appear similar to the following:

 

show system interface | grep -f 192.168.1.99

config system interface

edit "mgmt"

set ip 192.168.1.99 255.255.255.0

set allowaccess ping https ssh http telnet fgfm
set type physical
set dedicated-to management
set role lan
set snmp-index 2

next

end

 

It will provide the interface name where the default IP address is configured. It may sometimes be a dedicated management interface, or it may be an inband interface such as port1, 2, or 3.

 

Connect the laptop NIC to the interface retrieved from the last with an RJ45 cable.

 

Browse to https://192.168.1.99 and enter the username and password. If the admin account’s password was not changed, use the default username, admin, and leave the password field blank.

 

To upgrade the firmware in the GUI:

  1. Log into the FortiGate GUI as the administrator user.
  2. Go to System -> Firmware.
  3. Under Upload Firmware, select Browse and locate the previously targeted firmware image file.
  4. Select Backup config and upgrade.

 

The FortiGate unit backs up the current configuration to the management computer, uploads the firmware image file, upgrades to the new firmware version, and restarts. This process takes a few minutes.

 

To upgrade the firmware in the CLI:

  1. Make sure that the TFTP server is running.
  2. Copy the new firmware image file to the root directory of the TFTP server.
  3. Log into the CLI via CLI or Console
  4. Ping the TFTP server to ensure that the FortiGate can connect to it:

execute ping <tftp_ipv4>

 

  1. Enter the following command to copy the firmware image from the TFTP server to the FortiGate unit:

execute restore image tftp <filename> <tftp_ipv4>

 

The FortiGate unit will responds with the following message:

 

This operation will replace the current firmware version!

Do you want to continue? (y/n)

 

  1. Type Y. The FortiGate unit will upload the firmware image file, upgrade to the new firmware version, and restart. This process takes a few minutes.
  2. Reconnect to the CLI.
  3. Update the antivirus and attack definitions:

execute update-now

 

After the upgrade, connect to FortiGate via console or SSH and check the installed firmware:

 

get system status | grep build

Version: FortiGate-1101E v6.4.5,build1828,210217 (GA)

 

Restore the configuration file on a regular FortiGate

 

First, it is important to have the configuration that needs to be restored.
The device must run the firmware associated with the config file that is going to be restored.

 

In am HA cluster design, make sure to restore the correct configuration among the two members of the cluster. Both files look very similar, but they have significant differences.

 

Secondly, setup the following IP address on the laptop NIC: @ip 192.168.1.10 Mask 255.255.255.0.

 

Next, connect to the console of the FortiGate. The default account is 'admin' with no password.

 

Once connected, run the following command:

 

show system interface | grep -f 192.168.1.99

 

The output should be similar to the following:

 

show system interface | grep -f 192.168.1.99

config system interface

edit "mgmt"

set ip 192.168.1.99 255.255.255.0 <---

set allowaccess ping https ssh http telnet fgfm

set type physical

set dedicated-to management

set role lan

set snmp-index 2

next

end

 

The output will provide the interface name where the default IP address is configured. Sometimes, it may be a dedicated management interface. Other times, it may be an inband interface like port1, 2, 3, etc.

 

Connect the laptop NIC to the interface retrieved from the last with an RJ45 cable.

 

Browse to https://192.168.1.99 and enter the appropriate username and password. If the admin account password has not been changed, the default username is 'admin', and the password field should be left blank.

 

To restore the FortiGate configuration using the GUI:

 

  1. Select the user name in the upper right-hand corner of the screen and select Configuration -> Restore.
  2. Identify the source of the configuration file to be restored: the Local PC or a USB Disk.
  3. Select Upload, locate the configuration file, and select Open.
  4. Enter the password if required.
  5. Select OK. The FortiGate will now reboot.
  6. Once the configuration file is restored, run the command below.

diagnose debug config-error-log read

It will show if there was any config related error while restoring the configuration file.

 

To restore the FortiGate configuration using the CLI, copy the configuration file to the TFTP root directory and run the following command:

 

execute restore config tftp <backup_filename> <tftp_server> <password(if any)>
2804
Submit Article Idea
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.