FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Rathan_FTNT
Staff
Staff
Description
In the event that the firmware upgrade does not load properly and the FortiGate unit will not boot, or continuously reboots, it is better to perform a fresh install of the firmware from a reboot using the CLI.

This article describes  how to install firmware from system reboot.

Scope
This procedure installs a firmware image and resets the FortiGate unit to factory default settings.
Use this procedure to upgrade to a new firmware version, revert to an older firmware version, or re-install the current firmware.

Solution
To use this procedure, connect to the CLI using the FortiGate console port and a RJ-45 to DB-9, or null modem cable.
Install a TFTP server to connect to from the FortiGate internal interface.
The TFTP server is on the same subnet as the internal interface.

Before beginning this procedure, ensure to have a FortiGate configuration backup. See Configuration backups for details.

If a previous FortiOS version is used, you will not be able to restore the previous configuration from the backup configuration file.

Installing firmware replaces the current antivirus and attack definitions, along with the definitions included with the firmware release in installation.

After new firmware installed, make sure that antivirus and attack definitions are up to date.

To install firmware from a system reboot:

1) Connect to the CLI using the RJ-45 to DB-9 or null modem cable.
2) Ensure that the TFTP server is running.
3) Copy the new firmware image file to the root directory of the TFTP server.
4) Ensure that the FortiGate unit can connect to the TFTP server using the execute ping command.
5) Restart the FortiGate unit: # execute reboot. The following message is shown:
This operation will reboot the system!
Do you want to continue? (y/n)
6) Type 'y'. As the FortiGate unit starts, a series of system startup messages appears.
7) When the following messages appears:
Press any key to display configuration menu..........
Immediately press any key to interrupt the system startup.
Press any key before tree seconds. The FortiGate will reboot if you do not, log in and repeat the execute reboot command will be then necessary.
If the startup process is interrupted, the following messages appears:
[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[B]: Boot with backup firmware and set as default
[C]: Configuration and information
[Q]: Quit menu and continue to boot with default firmware.
[H]: Display this list of options.
Enter G, F, Q, or H:
8) Type 'G' to get the new firmware image from the TFTP server. The following message appears:
Enter TFTP server address [192.168.1.168]:
9) Type the address of the TFTP server, then press Enter. The following message appears:
Enter Local Address [192.168.1.188]:
10) Type the IP address of the FortiGate unit to connect to the TFTP server. The IP address has to be on the same network as the TFTP server.Make sure that to do not enter the IP address of another unit on this network.
11) The following message appears:
Enter File Name [image.out]:
12) Enter the firmware image file name then press Enter. The TFTP server uploads the firmware image file to the FortiGate and the following message appears:
Save as Default firmware/Backup firmware/Run image without saving: [D/B/R]
13) Press 'D'. The FortiGate installs the new firmware image and restarts. The installation takes a few minutes to complete.

The IP address has to be on the same network as the TFTP server.
Make sure to do not enter the IP address of another uniton this network.

Related link.
https://help.fortinet.com/fos50hlp/52data/Content/FortiOS/fortigate-system-administration-52/Firmwar...

Related Articles

Technical Tip: Formatting and loading FortiGate firmware image using TFTP

Contributors