Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
sunmark
New Contributor

Created on ‎06-25-2019 08:44 PM

Fortigate 60D cant upgrade

Hi all,

 

We are currently facing an issue with upgrading the firmware to a recent firmware. Currently, the Firewall is running FortiOS v5.4.10 build1220 (GA). Using the upgrade path tool, I need to do the following;

VersionBuild Number5.4.1012205.6.916736.0.50268

 

So, as usual, I upload at the firmware then select FGT_60D-v5-build1673-FORTINET.out and then the firewall appeared to hang ('rebooting screen for 40+ minutes - excluding time to actually do the backup, firmware upload, etc). The firewall had to be manually restarted after 1+ hour of waiting for a response. 

 

What can I do as its happening for 3 times now?

 

Thank you.

 

 

 

 

Labels:
14144
0 Kudos
1 Solution
Dave_Hall
Honored Contributor
In response to sunmark

Created on ‎06-26-2019 07:20 AM

Hi Sunmark.

 

As long as you can see the console output, the fgt should display what is wrong during the boot sequence.

 

 

 

If you make it to the login prompt, sign-in with your admin login then perform the following commands:

 

diag debug crashlog read get system startup-error-log

If the fgt crashed during or from an upgrade process, using the following commands to see what was messed up during the upgrade process:

 

diagnose debug config-error-log read

 

If the fgt doesn't get that far into the boot process to give you a login prompt, but does display the boot menu, you could try breaking into the boot menu (at the press any key prompt) and try booting from "backup firmware".  Though, personally if you are at this stage, I do hope you have at least a backup copy of the config file to be able to restore to in the event you do need to reformat the boot device and restore a firmware image.

 

If you are not sure what to do, you could always post your console output here for follow up feedback.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

View solution in original post

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
15 KB
7843
0 Kudos
9 REPLIES 9
Toshi_Esumi
SuperUser
SuperUser

Created on ‎06-25-2019 09:49 PM

You need to keep watching at console output (and save it to open a TAC case) when you upgrade FortiOS. Otherwise you're missing the most crucial information you need when the upgrade fails like your case. I'm almost sure the answer you're looking for was in the output.

7793
0 Kudos
sunmark
New Contributor
In response to Toshi_Esumi

Created on ‎06-25-2019 11:33 PM

Hello Toshi,

 

Thank you for your reply. 

 

Would you be able to direct me to a post/KB on how to do this? I'm fairly new here and previous firmware upgrades were very smooth and didn't require console yet. 

 

Thank you 

7793
0 Kudos
Alexis_G
Contributor II

Created on ‎06-25-2019 11:41 PM

what is the FortiOS version you wish to go ? 

Latest 5.4 ?

5.6 ?

what upgrade path you followed ?

 

--------------------------------------------

If all else fails, use the force !

-------------------------------------------- If all else fails, use the force !
7793
0 Kudos
sunmark
New Contributor
In response to Alexis_G

Created on ‎06-25-2019 11:46 PM

Hello jklapas,

 

I would be interested to upgrade to 6.0.4 at least. According to the upgrade path, I'd need to follow the below path;

1) 5.6.9 1673

2) 6.0.4 0231 

7793
0 Kudos
Alexis_G
Contributor II
In response to sunmark

Created on ‎06-26-2019 12:01 AM

backup current config

then upgrade first to latest 5.4

backup current config

then jump to 5.6 base

backup current config

Goto latest 5.6

If I where you i would stay there!!!

6.x.x is not yet mature for production I would say...

 

--------------------------------------------

If all else fails, use the force !

-------------------------------------------- If all else fails, use the force !
7793
0 Kudos
sunmark
New Contributor
In response to Alexis_G

Created on ‎06-26-2019 02:49 AM

since the current version is on 5.4.10 would you be suggesting me to update to 5.4.11 then if that is successful I shall upgrade it to 5.6.0 and then the last upgrade it to 5.6.9?

 

As for stability, I shall stay at 5.6.9 if all the previous ones turn to be a success.

7793
0 Kudos
sw2090
SuperUser
SuperUser
In response to Alexis_G

Created on ‎06-25-2019 11:48 PM

@sunmark: the best way would be to connect a console cable to the console port. This is the only cli connection that would not stop even if the FGT reboots or hangs at bootloader etc.

SSH/Telnet will only work once the system is up and as long as it is up.

 

You could use any standard console cable with RJ45 conector on one end. HP Switch Console Cables work as well as the Fortinet ones. APC or Cisco will not work due the different pinout. Then you nbeed either a serial port to connect this with your PC (Or if you don't have a physical serial port you need usb to serial converter).

 

With ssh/telnet you would not be able to see the output during firmware upgrade and reboot afterwards.

-- 

"It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams

-- "It is a mistake to think you can solve any major problems just with potatoes." - Douglas Adams
7793
0 Kudos
sunmark
New Contributor
In response to sw2090

Created on ‎06-26-2019 02:53 AM

Hi sw2090, thank you for your post on getting connected using the console. I have found the console cable from the fortigate fw box and then have got myself a usb to serial converter cable. 

 

Is there any guidelines or documentation on how to check for the output? 

7793
0 Kudos
Dave_Hall
Honored Contributor
In response to sunmark

Created on ‎06-26-2019 07:20 AM

Hi Sunmark.

 

As long as you can see the console output, the fgt should display what is wrong during the boot sequence.

 

 

 

If you make it to the login prompt, sign-in with your admin login then perform the following commands:

 

diag debug crashlog read get system startup-error-log

If the fgt crashed during or from an upgrade process, using the following commands to see what was messed up during the upgrade process:

 

diagnose debug config-error-log read

 

If the fgt doesn't get that far into the boot process to give you a login prompt, but does display the boot menu, you could try breaking into the boot menu (at the press any key prompt) and try booting from "backup firmware".  Though, personally if you are at this stage, I do hope you have at least a backup copy of the config file to be able to restore to in the event you do need to reformat the boot device and restore a firmware image.

 

If you are not sure what to do, you could always post your console output here for follow up feedback.

 

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C

NSE4/FMG-VM64/FortiAnalyzer-VM/6.0 (FWF30E/FW92D/FGT200D/FGT101E/FGT81E)/ FAP220B/221C
Preview file
15 KB
7844
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2025 Fortinet, Inc. All Rights Reserved.