FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 301290
Description This article describes the typical circumstances behind the 'User shutdown of the device from forticron. The reason is 'System file integrity check failed'.
Scope FortiGate v7.2.5 and above.

If the FortiGate had gone down without any action and with the following log:


logid=0100032200 type="event" subtype="system" level="critical" action="shutdown" msg="User shutdown the device from forticron. The reason is 'System file integrity check failed'" logdesc="Device shutdown" ui="forticron"

This message says the shutdown was caused by a system file-checking failure, indicating the system has been compromised.


This can be an expected behavior depending on the BIOS security level. For level 1 and level 2, all file signatures are required to match their secure checksums as indicated on the Fortinet CA signed certificate. If the system file integrity check fails, it simply indicates that the system file may have been tampered with.


For more information regarding this new feature, refer to the following administration guide from FortiOS 7.2.5 (under 'BIOS-level signature and file integrity check'):

BIOS-level signature and file integrity checking NEW



Initiate a ticket with TAC support to check whether this is a false positive.



TFTP firmware reloads the firmware completely to erase the existing firmware on the hardware model if any quick solution is required without checking with Fortinet TAC. The factory reset command from the CLI will not work. Once TFTP reloaded the firmware, restore the backup configuration.