Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
zromano
Staff & Editor
Staff & Editor

Created on ‎11-25-2025 09:09 AM Edited on ‎12-12-2025 12:01 AM By Community Manager

Article Id 420398

Troubleshooting Tip: Possible way to recover a FortiGate stuck in a boot loop

Description This article describes how it might be possible to recover a FortiGate that is not starting correctly and is stuck in a boot loop.
Scope FortiGate.
Solution

In rare cases, it might happens that the FortiGate remains stuck in a boot loop and cannot boot up correctly.
This may happen, for example, after an unexpected power off or after a failed upgrade.

 

If this happens, depending on where in the booting process the device encounters the problem, it might be possible to recover the FortiGate by loading the secondary partition from the BIOS.

 

Note:

For this procedure, a console cable is required (it is not possible to perform this with SSH or HTTPS access):
Technical Tip: How to connect to the FortiGate console port

 

If the FortiGate shows the following line during the booting process, pressing any key will enter the BIOS:

 

Press any key to display configuration menu...

 

In the BIOS menu, select "Boot with backup firmware and set as default.":

 

[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[B]: Boot with backup firmware and set as default. <<<<<<<<<<<<<
[I]: System configuration and information.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.

 

Enter C,R,T,F,B,I,Q,or H:


The FortiGate will load the secondary partition and boot.

 

Loading backup firmware from boot device...


Verifying the integrity of system files.

Reading boot image 6212342 bytes.
Initializing firewall...

System is starting...
Starting system maintenance...


FortiGate login:

 

Recommendations:

If the backup firmware fails to boot as well, select the option '[T] Initiate TFTP firmware transfer' to reinstall the image to the FortiGate with a known-good firmware file.

 

If the boot device is corrupted, select option '[F] Format boot device', forcing to erase of all data, including configuration, then reload firmware via TFTP.

 

More detailed information: Technical Tip: Formatting and loading FortiGate firmware image using TFTP.

 

Verify running firmware version:

 

get system status

 

Check partition status with:

 

diagnose sys flash list

 

Use the GUI to retry the firmware upgrade process following the correct upgrade path as per this guide Technical Tip: Downgrade/Upgrade via GUI from v7.2.0.

 

Then restore the configuration if required.

 

Note:

Normally, the secondary partition contains the configuration before the last firmware upgrade (this could also be used as a rollback option).
This means that the configuration and firmware will not be the desired ones. Therefore, upgrading and restoring the most recent configuration should be required.

The FortiGate appliances maintain dual firmware partitions, allowing recovery by booting from the backup partition when the primary firmware becomes corrupted.

 

Related article:
Technical Tip: Boot the backup firmware and config via console
349
0 Kudos
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.