Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
yogee95
New Contributor

Fortigate 300A reboot

Hi there, I am having issue with Fortinet 300A rebooting, i was told to upgrade my Firmware which i did after that it did not reboot for 2months and now it again started doing so, TAC told me perform several debug commands which i did,then told me for HQIP test to check my hradware but i am not able to perform that test gives me error ===================================== : Get firmware image from TFTP server. : Format boot device. : Boot with backup firmware and set as default. : Configuration and information. : Quit menu and continue to boot with default firmware. : Display this list of options. Enter Selection : Enter G,F,B,I,Q,or H: Please connect TFTP server to Ethernet port " 1" . Enter TFTP server address [192.168.1.168]: 192.168.1.44 Enter local address [192.168.1.188]: 192.168.1.99 Enter firmware image file name [image.out]: FortiGate-80C_HQIP_7405(1).img MAC:00090FD33468 ##### Total 5868224 bytes data downloaded. Verifying the integrity of the firmware image. invalid compressed format (err=1) Please any help would be appreciated
11 REPLIES 11
ede_pfau
Esteemed Contributor III

Please check the article " Troubleshooting Tip : message ' invalid compressed format' during TFTP procedure" from the Knowledgebase: http://kb.fortinet.com/kb/documentLink.do?popup=true&externalID=FD31018 It might well be that the TFTP server used causes the trouble. If possible, make sure the file is transfered in binary mode - some TFTP servers can be switched between binary and ASCII / text mode.

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
ede_pfau
Esteemed Contributor III

Oops - I got THICK tomatoes on my eyes! Your FGT is a 300A. The image you are trying to load is for a 80C!!
Enter firmware image file name [image.out]: FortiGate-80C_HQIP_7405(1).img

Ede

"Kernel panic: Aiee, killing interrupt handler!"
Ede"Kernel panic: Aiee, killing interrupt handler!"
yogee95

Hi there, Thanks for your reply, the link which you gave i already tired it but no user. The customer is having 300A but i am testing the scenario in my office with Fortigate 80C
emnoc
Esteemed Contributor III

What tfp-server are you using? By default TFTP is restrict to 512byte packets. Some server operate differently. I' ve had a lot of success with solarwinds free tftp-server or any thing under debian/linux. What I would do is to make sure your md5 hashes for the HQIP image are good. Then change tftp-server type. http://emea.fortinet.net/fortinet/hqipn/MD5Checksum_HQIP_image_20101013.txt

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
yogee95
New Contributor

Hi, I am using TFTP 32 and the link which you gave i have already check my MD5 images its matching,
emnoc
Esteemed Contributor III

TFTP 32
review the FAQ for tftp32 and block sizes http://tftpd32.jounin.net/tftpd32_faq.html

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
yogee95
New Contributor

Hi, Everything' s fine block sizes and all that stuff,but still is does not work
emnoc
Esteemed Contributor III

So if everything is fine then it should work or you have a bad fortigate. Have you tried the following; 1> have you tried to save a cfg to the tftp-server from the FGT or any other network device to validate the tftp-server is working ( write & read ). 2> have you ensure no personal firewall is enabled or any firewalls as far as that goes ( udp /69 ) 3> can you execute the tftpclient from the local host and does it connect and gathers the file(s)? If so what blksize does or doesn' t work if any. and now for my dumb questions but I have to ask 4> What port are you using on the FGT when doing this HQIP ( IIRC it' s always port #1 for all models ) & are you local to the FGT and not on any extended networks. 5> when you configure the temp FGT address is it pingable 6> are you sure the filename is correct? 7> have you tcpdump/wireshark the transfer for clues? and finally hint; if you have anything outside of windows, you can control these settings and getverbose reading from the client side (macosx 10.6.X) tftp> ? Commands may be abbreviated. Commands are: connect connect to remote tftp mode set file transfer mode put send file get receive file quit exit tftp verbose toggle verbose mode blksize set an alternative blocksize (def. 512) tsize toggle extended tsize option trace toggle packet tracing status show current status binary set mode to octet ascii set mode to netascii rexmt set per-packet retransmission timeout timeout set total retransmission timeout tout toggle extended timeout option ? print help information tftp> B4 I would waste my time with all of the above, I would seriously try another tftp-server package. Excute the diagnostic process is very trivial good luck

PCNSE 

NSE 

StrongSwan  

PCNSE NSE StrongSwan
yogee95
New Contributor

Hi, Thanks for your help but 1)I have tried to load Fortigate Image from TFTP i have success,there is nothing enabled all ports all open 2)Tired 2-3 TFTP server as well as 2-3 laptops as well as downloaded TFTP images 2-3 times and lastly i connect it to port 1 on FGT80C 3)The File name is correct (if you have sample file name can give it to me or you can see my first post where you can see file name) 4)I have not enabled WIRESHARK for the captures but let me tell you BEFORE STARTING THE FILE TRANSFER THE TFTP IP IS PINGING BUT WHEN THE TFTP STARTS TRANSFER THE PING GOES OUT
Labels
Top Kudoed Authors