- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- FortiDDoS Upgrade Loop
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
FortiDDoS Upgrade Loop
Hi,
I have a FortiDDoS-400B and provided upgrade to version 4.3.1. The unit went to upgrade loop like it is shown below. Is it a normal behaviour?
System is started.
FortiASIC-TP.0: update started. Reconfigure process takes a few minutes FortiASIC-TP.0: 0% Complete FortiASIC-TP.0: 10% Complete FortiASIC-TP.0: 20% Complete FortiASIC-TP.0: 30% Complete FortiASIC-TP.0: 40% Complete FortiASIC-TP.0: 50% Complete FortiASIC-TP.0: 60% Complete FortiASIC-TP.0: 70% Complete FortiASIC-TP.0: 80% Complete FortiASIC-TP.0: 90% Complete FortiASIC-TP.0: download complete. FortiASIC-TP.0: update success (256.521233 s). FortiASIC-TP.0: chip reconfigure, try again FortiASIC-TP.0: chip reconfigure... success. FortiASIC-TP.0: update finished rebooting FortiDDoS-400B (14:23-02.03.2014) Ver:04000007 Serial number:FI400Bxxxxxxxxxx RAM activation CPU(00:000306a9 bfebfbff): MP initialization CPU(01:000306a9 bfebfbff): MP initialization CPU(02:000306a9 bfebfbff): MP initialization CPU(03:000306a9 bfebfbff): MP initialization CPU(04:000306a9 bfebfbff): MP initialization CPU(05:000306a9 bfebfbff): MP initialization CPU(06:000306a9 bfebfbff): MP initialization CPU(07:000306a9 bfebfbff): MP initialization Total RAM: 8192MB Enabling cache...Done. Scanning PCI bus...Done. Allocating PCI resources...Done. Enabling PCI resources...Done. Zeroing IRQ settings...Done. Verifying PIRQ tables...Done. Boot up, boot device capacity: 15272MB. Press any key to display configuration menu... ......
Reading boot image 2791105 bytes. Initializing FortiDDoS...˙
System is started.
FortiASIC-TP.0: update started. Reconfigure process takes a few minutes FortiASIC-TP.0: 0% Complete
...........
AtiT
AtiT
3 REPLIES 3
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
If it does this twice and stops, it is normal, particularly if you are upgrading from a release below 4.2.3. FortiDDoS has 2 hardware components. The "normal" x86 CPU infrastructure (the 2nd part of the boot shown above) and the TP2 processor which is an FPGA - essentially a custom processor similar to the FortiGate ASICs but field re-configurable. Configuration of the TP2 takes a long time because the gates within the device are being re-configured to change the processor's functions. It is not like adding firmware to RAM. If you are upgrading from pre-4.2.3, this is done twice. The first time, baseline code is added to the TP2 - this will improve upgrades in future. Once that is done the system goes through its normal x86 initialization but then starts a new cycle to add the 4.3.1 firmware to the TP2, after which it should again initialize the x86 CPUs and then complete.
I think the Release Note says that several reboots will occur.
If it is stuck in this boot loop then the device is likely RMA, although you have console access. If it has stopped booting and you have console access, login and at the command prompt type:
diagnose debug rrd_cmd_check
the console will scroll with a % complete notification - this can also take a long time - 5 minutes or more. It will eventually say "rrd command check successful" or "failed". If failed, please contact TAC.
Product Manager - FortiDDoS B/E/F-Series
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hello Steve,
Thank you for the update.
The boot loop not finished so I tried to upload the image as backup image and boot this backup image.
The upgrade looks differnet:
FortiASIC-TP.0: update started. Reconfigure process takes a few minutes FortiASIC-TP.0: 0% Complete FortiASIC-TP.0: 10% Complete FortiASIC-TP.0: 20% Complete FortiASIC-TP.0: 30% Complete FortiASIC-TP.0: 40% Complete FortiASIC-TP.0: 50% Complete FortiASIC-TP.0: 60% Complete FortiASIC-TP.0: 70% Complete FortiASIC-TP.0: 80% Complete FortiASIC-TP.0: 90% Complete FortiASIC-TP.0: FPGA image download complete. FortiASIC-TP.0: Checking update image on FPGA..... FortiASIC-TP.0: Checking update image on FPGA.....OK, GBL_RUPD_RECONFIG_STAT = 0x3 FortiASIC-TP.0: UPDATE FPGA OK, WAIT FOR REBOOT.... FortiASIC-TP.0: update finished
There is no "chip reconfigure, try again" but messages about FPGA.
The debug:
# diagnose debug rrd_cmd_check rrdmd5 Total 21504 files scanned... Verifying the integrity of RRD commands please wait... 20 %complete Checksum mismatch for /home/rrdcmds/ICMP_45568_1_1m RRD commands check failed
I will try to format the flash and upload the image once again.
AtiT
AtiT
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Sorry for the delay on this. That looks like a normal upgrade. The chip reconfigure message you were getting before should happen if you are upgrading to 4.2.3 or 4.3.x. Those upgrades did extra TP2 installations to help with future upgrades. However, the rrd_cmd info shown indicates something did not work on the upgrade - probably the logdisk.
Do you have GUI access? Does the Dashboard show the correct Firmware Release? if so,
you can try 2 things:
diagnose debug rrd_cmd_recreate - this will fix graphing problems if it works.
Failed rrd_cmds show up as missing labels on the Monitor Graphs - they will display v0, v1, etc. instead of a text label. You can usually check by looking at the Aggregate Drop Graphs. A failed graph "under" graph this rolls up and fails this graph.
Last resort:
execute formatlogdisk - this will delete all data but it will rebuild all the rrds and rrd_cmds, which are critical to system operation. (rrd commands are separate from the rrds themselves).
Otherwise please start a ticket or reach out to me directly at stephen@fortinet.com and we will try to recover the unit.
Steve Robinson
Product Manager - FortiDDoS B/E/F-Series
Related Posts
- USB auto-install new firmware and factory-reset 1601 Views
- Bricked Forti 421E - Reset via... 4448 Views
- FortiWifi 60D firewall 100% CPU randomly 13340 Views
- Lost access over BGP when upgrading... 4051 Views
Labels
-
FortiGate
6,534 -
FortiClient
1,304 -
5.2
801 -
5.4
639 -
FortiManager
563 -
6.0
416 -
FortiAnalyzer
414 -
5.6
362 -
FortiSwitch
333 -
FortiAP
333 -
FortiClient EMS
263 -
6.2
251 -
FortiMail
242 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
150 -
6.4
128 -
FortiNAC
106 -
FortiGuard
102 -
FortiSIEM
88 -
FortiGateCloud
87 -
FortiCloud Products
84 -
IPsec
73 -
FortiToken
69 -
Customer Service
69 -
4.0MR3
64 -
SSL-VPN
60 -
Wireless Controller
58 -
FortiProxy
44 -
FortiADC
42 -
Fortivoice
41 -
FortiEDR
39 -
FortiGate v5.4
34 -
FortiDNS
34 -
FortiExtender
31 -
FortiSandbox
31 -
FortiSwitch v6.4
28 -
SD-WAN
24 -
Firewall policy
23 -
FortiConnect
23 -
FortiWAN
22 -
FortiConverter
21 -
VLAN
20 -
High Availability
20 -
FortiPortal
18 -
ZTNA
16 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
FortiMonitor
14 -
Certificate
14 -
DNS
13 -
FortiDDoS
13 -
SAML
12 -
BGP
12 -
Routing
12 -
FortiAuthenticator
12 -
FortiCASB
12 -
Interface
11 -
Logging
11 -
FortiGate v5.0
10 -
LDAP
10 -
FortiRecorder
10 -
VDOM
10 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
Virtual IP
9 -
NAT
9 -
4.0MR2
9 -
RADIUS
8 -
Traffic shaping
8 -
SSID
7 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
fortilink
7 -
FortiAnalyzer v5.0
7 -
FortiGate v4.0 MR3
7 -
Admin
7 -
4.0
7 -
SSL SSH inspection
6 -
Security profile
6 -
Authentication
6 -
Fortigate Cloud
6 -
IP address management - IPAM
6 -
Traffic shaping policy
5 -
FortiBridge
5 -
SNMP
5 -
SSO
5 -
Application control
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
WAN optimization
4 -
Web application firewall profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Proxy policy
4 -
IPS signature
3 -
packet capture
3 -
FortiToken Cloud
3 -
FortiAP profile
3 -
Intrusion prevention
3 -
Automation
3 -
DoS policy
3 -
Port policy
3 -
FortiDB
3 -
FortiDeceptor
2 -
FortiInsight
2 -
NAC policy
2 -
VoIP profile
2 -
Antivirus profile
2 -
Web profile
2 -
Traffic shaping profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Netflow
2 -
Fortinet Engage Partner Program
2 -
trunk
2 -
SDN connector
1 -
4.0MR1
1 -
Users
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
Web rating
1 -
FortiPAM
1 -
Application signature
1 -
Multicast routing
1 -
Authentication rule and scheme
1 -
Zone
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
System settings
1 -
Explicit proxy
1 -
TACACS
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.