Help
FortiGate
FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Shashwati
Staff
Staff

Created on ‎08-04-2023 07:54 AM Edited on ‎11-06-2024 06:23 AM

Article Id 267570

Troubleshooting Tip: Unable to boot the firewall or load firmware image

Description This article describes an issue that prevents booting the firewall or loading a firmware image and offers a solution.
Scope FortiGate v6.X and v7.X.
Solution

The error appears as one of the following:

 

Fatal error: Loading FOS fails!
  Please power cycle. System halted.

 

Or:

 

Fatal error: AV engine file authentication failed!
  Please power cycle. System halted.

 

To solve the issue, follow the steps below.

 

Make sure Windows defender firewall and any 3rd party firewall is disabled before further testing.

 

Step 1: Restart the Firewall using the CLI. While the device restarts, press any key to see boot options.

 

Initializing boot device...

Initializing MAC... NP6XLITE#0

Please wait for OS to boot, or press any key to display the configuration menu.

[C]: Configure TFTP parameters.

[R]: Review TFTP parameters.

[T]: Initiate TFTP firmware transfer.

[F]: Format boot device.

[I]: System information.   >>>>>>>>>>>>>>>>>>   Select This Option

[B]: Boot with backup firmware and set as default.

[Q]: Quit menu and continue to boot.

[H]: Display this list of options.

 

Step 2: Enter option I.

 

Enter C,R,T,F,I,B,Q,or H:

[S]:  Set serial port baudrate.

[R]:  Set restricted mode.

[T]:  Set menu timeout.

[U]:  Set security level.   

[I]:  Display system information.

[E]:  Reset system configuration.

[P]:  Normal POST test.

[Q]:  Quit this menu.

[H]:  Display this list of options.

 

Step 3: Enter option U.

 

Enter C,R,T,F,I,B,Q,or H:

[S]:  Set serial port baudrate.

[R]:  Set restricted mode.

[T]:  Set menu timeout.

[U]:  Set security level.   

[I]:  Display system information.

[E]:  Reset system configuration.

[P]:  Normal POST test.

[Q]:  Quit this menu.

[H]:  Display this list of options.

 

Step 4: Enter option 1 to set the security level to 1.

 

Enter option 1 to set security level to 1

Enter S,R,T,U,I,E,P,Q,or H:

 [0]: Level 0 - Check image silently

 [1]: Level 1 - Check image with result only

 [2]: Level 2 - Check image and reinforce validity

 

Enter security level setting [2]:. Done

 

Step 5: Load the firmware image from the TFTP server.

 

Note:

If the customer is getting a System Halt message during boot like this:

 

System is starting...
Error: Package validation failed. level:2, sign_status:2, pid: 111, path: /data/lib/libips.so
Found AV engine signature invalid!!!
Found IPS engine signature invalid!!!
FortiGate detected an invalid AV/IPS engine, experiencing an unexpected shutting down!
The system is going down NOW !!
The system is halted.

If the Customer FortiGate firmware version is 6.4.13, 7.0.12, 7.2.5, or 7.4.0 then it is necessary to change the BIOS/Security level to 1 or 0.

This issue has been resolved in FortiOS versions 6.4.15:2115, 7.0.13:0550, 7.2.6:1548, 7.4.1:2413.

 

Related articles:

Technical Tip: Loading FortiGate firmware image using TFTP.

Technical Tip: Installing firmware from system reboot.

Technical Tip: BIOS level signature and file integrity checking - FortiGate Administration Guide.

Troubleshooting Tip: Downgrade of FortiOS fails due to BIOS check
33531
Suggest New Article
Article Feedback
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.