Description
In the event that the firmware upgrade does not load properly and the FortiGate unit will not boot or continuously reboots, it is better to perform a fresh install of the firmware from a reboot using the CLI.
This article describes how to install firmware from system reboot.
Scope
FortiGate.
Solution
This procedure installs a firmware image and resets the FortiGate unit to factory default settings.
Use this procedure to upgrade to a new firmware version, revert to an older firmware version, or re-install the current firmware.
To use this procedure, connect to the CLI using the FortiGate console port and a RJ-45 to DB-9, or null modem cable.
Install a TFTP server to connect to from the FortiGate internal interface.
The TFTP server is on the same subnet as the internal interface.
Before beginning this procedure, ensure to have a FortiGate configuration backup. See Configuration backups for details.
If a previous FortiOS version is used, you will not be able to restore the previous configuration from the backup configuration file.
Installing firmware replaces the current antivirus and attack definitions, along with the definitions included with the firmware release in installation.
After new firmware installed, make sure that antivirus and attack definitions are up to date.
To install firmware from a system reboot:
- Connect to the CLI using the RJ-45 to DB-9 or null modem cable.
- Ensure that the TFTP server is running.
- Copy the new firmware image file to the root directory of the TFTP server.
- Ensure that the FortiGate unit can connect to the TFTP server using the execute ping command.
- Restart the FortiGate unit with the following command (the response is also shown below):
execute reboot
This operation will reboot the system!
Do you want to continue? (y/n)
- Press 'y'. As the FortiGate unit starts, a series of system startup message appears.
- When the following messages appears, press any key before three seconds elapse:
Press any key to display configuration menu..........
Immediately press any key to interrupt the system startup.
The FortiGate will reboot if no button is pressed. If this happens, logging in and repeating the execute reboot command will then be necessary.
If the startup process is interrupted, the following messages appear:
[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[B]: Boot with backup firmware and set as default
[C]: Configuration and information
[Q]: Quit menu and continue to boot with default firmware.
[H]: Display this list of options.
Enter G, F, Q, or H:
- Type 'G' to get the new firmware image from the TFTP server. The following message will appear:
Enter TFTP server address [192.168.1.168]:
- Type the address of the TFTP server, then press Enter. The following message will appear:
Enter Local Address [192.168.1.188]:
- Type the IP address of the FortiGate unit to connect to the TFTP server. The IP address has to be on the same network as the TFTP server. Make sure not to enter the IP address of another unit on this network.
- The following message will appear:
Enter File Name [image.out]:
- Enter the firmware image file name and then press Enter. The TFTP server will upload the firmware image file to the FortiGate and the following message will appear:
Save as Default firmware/Backup firmware/Run image without saving: [D/B/R]
- Press 'D'. The FortiGate will install the new firmware image and restart. The installation takes a few minutes to complete.
The IP address has to be on the same network as the TFTP server.
Make sure not to enter the IP address of another unit on this network.
Related documents:
