1. Understanding a hard reboot (power cycle) on the FortiGate.

2. Rebooting the FortiGate after a firmware upgrade.

3. Tips for rebooting the FortiGate for issue resolution and troubleshooting.

1. Understanding a Hard Reboot.

A hard reboot, or forced reboot, on a FortiGate firewall is a process often required in specific circumstances, such as troubleshooting or resolving critical issues. However, it is important to recognize the risks associated with a hard reboot, including potential configuration file corruption or data loss if not handled properly. For this reason, a proper shutdown is always the preferred approach whenever feasible.

Key considerations before performing a hard reboot:

• Risk of data loss: A hard reboot can interrupt ongoing processes, leading to possible data loss or file corruption, especially if the firewall is processing configurations or updates at the time.
• Restart time: After a hard reboot, the device may require several minutes to reinitialize all services, which varies based on the device model and configuration.

Additionally, if the FortiGate device is part of an HA cluster, an unplanned hard reboot can trigger failover behavior or desynchronization between units.

Why hard reboots are necessary:

Hard reboots are often used as a last resort when the firewall becomes unresponsive, or normal reboot methods fail. They serve as a way to restore functionality quickly in critical scenarios, but they should be executed with caution to avoid unintended disruptions.

Recommended practices:

• Perform a graceful reboot whenever possible. Graceful reboots ensure a proper shutdown of services, minimizing the risk of data corruption.
• Always back up the configuration file before initiating any reboot, especially in environments where data integrity and uptime are critical.

For detailed instructions on performing a hard reboot on a FortiGate firewall, refer to Technical Tip: How to properly shut down or reboot a FortiGate.

Purpose of rebooting a firewall:

Rebooting plays a critical role in maintaining firewall functionality. It is commonly performed after a firmware upgrade to ensure the updated software integrates correctly or as part of troubleshooting efforts to resolve issues such as unresponsive services or resource overloads. Proper rebooting practices help enhance system stability and performance.

2. Rebooting the FortiGate after a firmware upgrade.

Rebooting a FortiGate firewall following a firmware upgrade is widely regarded as a best practice. This step ensures all components fully integrate with the new firmware, eliminates residual configurations from the previous version, and reduces the risk of issues caused by lingering temporary files or processes. While many firmware updates do not explicitly require a reboot, taking this additional step can significantly improve system stability and performance.

Why rebooting matters:

1. Rebooting after an upgrade removes processes or cached data from the previous version, allowing the firewall to operate on a clean slate with the new firmware. This reduces the likelihood of conflicts or compatibility problems that might affect performance.

2. A reboot clears the system memory and re-initializes critical services, ensuring optimal performance. It also applies any kernel-level changes included in the firmware upgrade.

3. Some updates introduce or modify configurations. A reboot aligns these settings properly, preventing misconfigurations and maintaining network integrity.

4. Rebooting immediately after an upgrade, preferably during scheduled maintenance, helps avoid unexpected downtime later. This proactive step can be planned in advance to prevent disruptions to normal operations.

3. Tips for rebooting the FortiGate for issue resolution and troubleshooting.

1. Schedule upgrades and reboots during a maintenance window to avoid disrupting network operations.
2. Review system and configuration backups before starting the upgrade.
3. Follow the firmware upgrade process outlined in Fortinet’s documentation.
4. Once the upgrade is complete, perform a reboot to ensure a fresh start with the updated firmware.

Rebooting is a simple yet effective preventive measure to maintain system reliability and ensure the upgraded firewall operates at peak performance. In most cases, TAC will inquire whether the firewall has been rebooted when troubleshooting an issue.

Rebooting a Firewall for troubleshooting:

Rebooting can be a helpful troubleshooting step to address specific issues. While it should not be the first option, a reboot can clear temporary glitches, refresh system processes, and resolve problems related to stalled services or resource allocation. However, frequent or unscheduled reboots are discouraged, as they can disrupt network operations and obscure deeper issues.

When to consider rebooting for troubleshooting:

1. When critical services such as VPN, IPS, or web filtering stop responding or malfunction, a reboot can reset these services and restore normal functionality.
2. If CPU or memory usage becomes abnormally high, a reboot can release system resources and reset processes affected by memory leaks or stalled applications.
3. After applying new configurations, a reboot may help fully implement changes, particularly if certain settings or services appear stuck or misconfigured.

Troubleshooting:

1. Examine logs and diagnostics before initiating a reboot to identify potential issues that may not require restarting the firewall.
2. If a reboot is deemed necessary, schedule it during a maintenance window to minimize the impact on users and operations.
3. Monitor the firewall’s performance after the reboot to confirm the issue has been resolved and the system remains stable.

A controlled reboot is an effective troubleshooting tool when used appropriately. However, it should be part of a larger diagnostic approach to ensure recurring issues are identified and resolved thoroughly.

Related article:

Rebooting, resetting, and shutting down the system - FortiADC Handbook.