Fortinet Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
Network_Engineer
New Contributor III

LLDP and USB

Q1 Is it possible to upgrade FW using "execute restore image usb" command because I want to use USB to upgrade my firewall instead of TFTP.

 

which brings me to the next question

 

Q2 Is USB or TFTP upgrade faster?

 

Q3 When I want to see fortigate lldp neighbors, I use the "diagnose lldprx neighbor summary". So what is the difference between a "get" and "diagnose" command?

 

Q4 Why isnt lldp under the "get" command? Like it is show cdp neighbor in cisco. 

 

 

1 Solution
ede_pfau
Esteemed Contributor III

regarding Q2 (upgrade via TFTP or USB):

For using TFTP upgrade, you will have to establish a working network connection first. On a notebook, you will have to set up a static IP, a TFTP server, connect FGT and NB via cable (find a free port on FGT), check connectivity from NB and from FGT side. All of this takes considerably more time than inserting a USB stick, check the auto-install settings, and reboot the FGT.

 

And preparing and inserting a USB stick can be done by nearly anybody, even without networking skills ('a helping hand'), which can be very convenient if the FGT is in a remote location.

So, I would not denounce the auto-install feature in general. Can be very efficient, for instance when new FGTs arrive and need to be upgraded to a target version at the very beginning. auto-install with 'image.out' and 'fgt_system.conf' settings is enabled by default after factory reset, and thus at delivery from distribution.

Just my 2 cents...


Ede

"Kernel panic: Aiee, killing interrupt handler!"

View solution in original post

14 REPLIES 14
xsilver_FTNT

I see you changed your mind (taken as solution) when you had a second thought on network setup necessity versus brisk deployment implications of auto-upgrade more described by @ede_pfau 

Tom xSilver, planet Earth, over and out!

Network_Engineer
New Contributor III

Q10 When I input "diag lldprx neighbor summary" I get a blank output so I assume that lldp is disabled. However, when I go to "Dashboard > Devices&Users> Device Inventory" , I can see the neighbors. Why is this so?

 

Q11 Is there an equivalent of "show etherchannel summary" in fortinet? "diag ip address list " only shows the ip address, but not the logical interfaces and their names. 

Network_Engineer
New Contributor III

Can anyone help to answer my 2 questions above?

Toshi_Esumi

for Q12, by combining two commands below, you can get about the same information with Cisco's "sh etherchannel summary". You need to be in a vdom, not global, to run these commands if it's multi-vdom env:

 

xxx-fg1 (root) # diag netlink aggregate list-active
List of 802.3ad link aggregation active interfaces:
1: AaaaPath: port25,port26
2: BbbbPath: port27,port28


xxx-fg1 (root) # diag netlink aggregate list
List of 802.3ad link aggregation interfaces:
1 name AaaaPath status up algorithm L3 lacp-mode active
2 name BbbbPath status up algorithm L3 lacp-mode active

 

Toshi

 

ede_pfau
Esteemed Contributor III

regarding Q2 (upgrade via TFTP or USB):

For using TFTP upgrade, you will have to establish a working network connection first. On a notebook, you will have to set up a static IP, a TFTP server, connect FGT and NB via cable (find a free port on FGT), check connectivity from NB and from FGT side. All of this takes considerably more time than inserting a USB stick, check the auto-install settings, and reboot the FGT.

 

And preparing and inserting a USB stick can be done by nearly anybody, even without networking skills ('a helping hand'), which can be very convenient if the FGT is in a remote location.

So, I would not denounce the auto-install feature in general. Can be very efficient, for instance when new FGTs arrive and need to be upgraded to a target version at the very beginning. auto-install with 'image.out' and 'fgt_system.conf' settings is enabled by default after factory reset, and thus at delivery from distribution.

Just my 2 cents...


Ede

"Kernel panic: Aiee, killing interrupt handler!"