Description
This articles describes the two ways to load an image to FPC. On FortiGate-6000 Series, there is a TFTP server running internally.
To upload a firmware image from an external TFTP server to the FortiGate internal TFTP server, run the below:
From MBD, '# execute upload image tftp <image-file> <comment> <tftp-server-address>'.
Option 1: From MBD, '# execute load-balance update image <slot number>'.
Option 2: From FPC, Download image from default TFTP server running on the MBD.
Fortigate-6301F (mgmt-vdom) # diagnose ip address list | grep tftp
IP=169.254.255.1->169.254.255.1/255.255.255.0 index=17 devname=base-tftp
- A 169.254.255 IP is required in the boot process. Use any IP in range 169.254.255.X and make sure that the IP is not in use anywhere on the network.
Fortigate-6000F (mgmt-vdom) # diagnose ip address list | grep "169.254.255\|SN"<----- ####<<169.254.255 ip addresses used usually on 6000 series>>####
Slot: 1 Module SN: FPC6KFT----------
IP=169.254.255.3->169.254.255.3/255.255.255.0 index=3 devname=x710-0
Slot: 2 Module SN: FPC6KFT----------
IP=169.254.255.4->169.254.255.4/255.255.255.0 index=3 devname=x710-0
Slot: 3 Module SN: FPC6KFT----------
IP=169.254.255.5->169.254.255.5/255.255.255.0 index=3 devname=x710-0
Slot: 4 Module SN: FPC6KFT----------
IP=169.254.255.6->169.254.255.6/255.255.255.0 index=3 devname=x710-0
Slot: 5 Module SN: FPC6KFT----------
IP=169.254.255.7->169.254.255.7/255.255.255.0 index=3 devname=x710-0
Slot: 6 Module SN: FPC6KFT----------
IP=169.254.255.8->169.254.255.8/255.255.255.0 index=3 devname=x710-0
MBD SN: FPC6KFT----------
IP=169.254.255.1->169.254.255.1/255.255.255.0 index=17 devname=base-tftp
If the first option 1 fails, use the second option to download the image as described below.
Scope
FortiGate-6000 series.
Solution
- Open two SSH connections to the MBD of the chassis.
- On one SSH session, execute:
# execute system console-server connect 3
- From 2nd SSH session on MBD, reboot the failed FPC.
# execute load-balance slot reboot 3
Fortigate-6301F (global) # execute system console-server connect 3
Trying 127.0.0.1...
<<<SKIPP>>>
Boot up, boot device capacity: 15272MB.
Press any key to display configuration menu...
[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[B]: Boot with backup firmware and set as default.
[I]: System configuration and information.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.
Enter C,R,T,F,B,I,Q,or H: <----- Type F.
All data will be erased, continue:[Y/N]? Y
Formatting boot device...
..............................
Format boot device completed.
Enter C,R,T,F,B,I,Q,or H: <----- Type C.
[P]: Set image download port.
[D]: Set DHCP mode.
[I]: Set local IP address.
[S]: Set local subnet mask.
[G]: Set local gateway.
[V]: Set local VLAN ID.
[T]: Set remote TFTP server IP address.
[F]: Set firmware image file name.
[E]: Reset TFTP parameters to factory defaults.
[R]: Review TFTP parameters.
[N]: Diagnose networking (ping).
[H]: Display this list of options.
[Q]: Quit this menu.
Enter P,D,I,S,G,V,T,F,E,R,N,H or Q: <----- Type I.
Enter local IP address [192.168.1.3]:169.254.255.50 <----- Choose any IP that is not in used in 169.254.255.X subnet. Here 169.254.255.50 is used.
Enter P,D,I,S,G,V,T,F,E,R,N,H or Q: <----- Type F.
Enter firmware file name [BurnGate/Fortigate-6301F/HQIP/FGT_6000F-HQIP.4.0.1.2353.out]:image.out. <----- ###<<image.out is the correct name. Type as it is>###
Enter P,D,I,S,G,V,T,F,E,R,N,H or Q: <----- Type T.
Enter remote TFTP server IP address [192.168.1.168]:169.254.255.1
Enter P,D,I,S,G,V,T,F,E,R,N,H or Q: ->> Type R to review the settings
Image download port: MGMT1
DHCP status: disabled
Local VLAN ID: none
Local IP address: 169.254.255.50 <----- Check
Local subnet mask: 255.255.255.0 <----- Check
Local gateway: 169.254.255.1
TFTP server IP address: 169.254.255.1 <----- Check
Firmware file name: image.out <----- Check.
Enter P,D,I,S,G,V,T,F,E,R,N,H or Q: <----- Type Q
Image download port: MGMT1
DHCP status: disabled
Local VLAN ID: none
Local IP address: 169.254.255.50 <----- Check.
Local subnet mask: 255.255.255.0 <----- Check.
Local gateway: 169.254.255.1
TFTP server IP address: 169.254.255.1 <----- Check.
Firmware file name: image.out <----- Check.
Enter P,D,I,S,G,V,T,F,E,R,N,H or Q: <----- Type T
[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[B]: Boot with backup firmware and set as default.
[I]: System configuration and information.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.
Enter C,R,T,F,B,I,Q,or H:
Please connect TFTP server to Ethernet port "MGMT1".
MAC:
MAC: E8:1C:BA:54:9F:92
##########################################################################
Total 78275712 bytes data downloaded.
Verifying the integrity of the firmware image.
Total 262144kB unzipped.
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]? <----- Type D
Programming the boot device now.
................................................................................................................................................................................................................................................................
Reading boot image 3096759 bytes.
Initializing firewall...
System is starting...
Resizing shared data partition...done
Formatting shared data partition ... done!
Starting system maintenance...
Scanning /dev/sda1... (100%)
Scanning /dev/sda3... (100%)
F6KF31T019-----6 login: admin
Password:
Please wait until the FPC is completely Up and Running. Example:
Fortigate-6301F (global) # diagnose load-balance status
Slot 3: FPC6KFT018-----1
Status:Working Function:Active
Link: Base: Up Fabric: Up
Heartbeat: Management: Good Data: Good
Status Message:"Running"
Related document:
https://docs.fortinet.com/index.php/document/fortigate-6000/6.4.10/fortigate-6000-release-notes/8172...
