FortiGate 310b won' t boot

95yj · ‎08-28-2012

Customer has a FortiGate 310B that wouldn' t reboot after a power failure. We have temporarily replaced it with a Cisco ASA but would like to get the FortiGate back online. Bootup looks normal up to this point: Reading boot image 1421706 bytes. Initializing firewall... System is started. pid-36 lock_mlog()-504 shmget()failed: No such file or directory From here, the pid message just keeps repeating. To make matters worse, the customer doesn' t have a backup of the configuration or a username/password. What can we do to get the unit back online?

rwpatterson · ‎08-28-2012

I hate to break it to you, but I think you need to format the flash and reload the firmware. Not having a backup means a total rebuild. The system is hanging on the reading of the firmware and the configuration. No way I know of retrieving it if you can' t boot it... One thing to try... Don' t format the flash, TFTP the same firmware image down, and select to run the firmware in memory, not installing as default. I' ve not done this myself. There is an outside chance you may be able to get into the configuration to make a backup. Slim, but a chance. After a backup (if lucky), you' ll have to flatten it and restore.

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

Jan_Scholten · ‎08-29-2012

Let my guess: a 4.1.X (where X<10?) This bug was so severe that Fortinet even issued a special warning urging to update and retracted all 4.1.1-4.1.9 FortiOS from their servers Customer Service Bulletin was CSB-110610-1 I guess rebooting and breaking the boot cycle and using TFTP is the only way. I did not manage to do that without format, but ymmv So no backup is bad, hope your customer learns from that..

95yj · ‎08-29-2012

Thanks for the responses. There was a second boot image on the box and I was able to boot into that one and then save a copy of the configuration. The corrupted image was: FG310B-4.00-FW-build194-100121. The image that I was able to boot to was older than that. Now I have to get a copy of a current image to install except I' m having issues registering the box on Fortigate' s site probably because the original installer who doesn' t exist anymore registered it under their name and not the owner' s name.

rwpatterson · ‎08-29-2012

ORIGINAL: 95yj The corrupted image was: FG310B-4.00-FW-build194-100121.

V4, MR1, P3. Kudos Jan!

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

g3rman · ‎08-29-2012

Nice. I told my CIO at the time that we needed to upgrade some of our critical firewalls since they were running 4.1 MR7. He told me no .. and promptly the firewalls keeled over ;)

A Real World Fortinet Guide Configuration Examples & Frequently Asked Questions http://firewallguru.blogspot.com

rwpatterson · ‎08-29-2012

I bet you still get no respect...

Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com

95yj · ‎08-29-2012

Thanks for all the responses. I was able to boot to partition 2 on v4.0.2 build 099 and get a backup. Then I upgraded partition 1 which had build 194 to MR3 patch 9 build 637 and loaded this image. I got two errors from the config when it loaded but these weren' t for anything that was configured on the firewall. It appears that everything will be fine. I' ll replace the firewall into production as soon as the customer has a time slot available. Any reason I shouldn' t be running MR3 patch 9?

Jan_Scholten · ‎08-30-2012

If you want to go for 4.3 its fine.. I' ll have most of my boxes on 4.2.12, as 4.3 has changed a bit, but it is stable, as long as you don' t have any issues go for it. @g3rman: i guess they said: " what did you do to the firewall?" As we are on warning here: remember to upgrade your Java to 1.7.7 to get rid of this nasty 0-day (that fortinet - AV does not recognize yet)