MR-7 on a Model 50

Kevin_Ericson · ‎03-04-2004

I tried to upgrade from MR-6 to MR-7 on a Model 50 and as I went to flash the code I got a warning that it would set the the Fortigate back to FACTORY DEFAULTS. I didn' t see anything like that in the MR-7 release notes. Anyone else try to upgrade a 50 to MR-7? I upgraded a 60 and it kept my config so I' m wondering if it' s something that only applies to the 50 (ie - not enough memory to expand the new OS without blowing out the config). I doubt that if I save the MR-6 config that I could load it back in with MR-7. Am I doomed to go on site and write down ALL the config settings to get my 50 configured?

Kevin Ericson, Pres., FCNSP Certified Fortinet Engineer Deadbolt Security Networks 9791 W Stanford Ave #5D Denver, CO 80123

Report Inappropriate Content · ‎03-09-2004

The WebGUI upgrade from MR6 to MR7 worked fine for me. To not loose the config during the upgrade, either use the WebGUI or use the CLI command of " exec restore image ...." . Flashing the code, makes reset the config to factory default.

Kevin_Ericson · ‎03-09-2004

The upgrade WAS done from the Web GUI. I pulled one of our new FG-50s from inventory (we' re a reseller) and loaded it with the same OS and the same config from that client. Did the upgrade and it did NOT give the same warning. It accepted the upgrade and kept the config however after I did this the FG-50 would not pass packets out the WAN port which was confirmed working just moments before on the earlier OS. I removed all config parameters from the WAN port, added them back in with no change. Reset box back to Factory but still couldn' t get the WAN port to come back. I had a protocol analyzer on the WAN port at all times and at no time observed any packets coming out that port. The noticed that the my config was still on the box and the factory reset had not succeeded. Tried a factory reset from the cable console and it too did not clear my config. Tried to downgrade back to MR6 and received a message that there " was no room for image in memory" . I then tried to downgrade via TFTP and discovered that neither the LAN or WAN ports would accept an image. Also verified during this part of the test that neither port had put out a single packet of information. Because this is a brand new, unsold unit I' m reluctant to register it so I can get tech support as that would start the time ticking for me to sell this unit. I' d hate to sell a new unit and tell the customer that you have something less than 90 of warranty because I was doing testing with your box before I sold it to you.

Kevin Ericson, Pres., FCNSP Certified Fortinet Engineer Deadbolt Security Networks 9791 W Stanford Ave #5D Denver, CO 80123

Report Inappropriate Content · ‎03-10-2004

All I can say is thank goodness I noticed these forums when I went to get my upgrade to MR7 for my fortinet 50.

Report Inappropriate Content · ‎03-14-2004

so, what does this mean? Should we fgt50 owners stick to mr6? or mr5? what do you suggest? Kindest regards, Georg Siotis Besides: the MR5 and MR6 images for the FGT-50 are deleted from the Fortinet FTP-server, so I cannot downgrade! Must be done over the weekend. Only the 50A versions are left. Same thing with the MR7 images.

SECCON1MC · ‎03-14-2004

This is what i was told from support on 3/2/04:

FG-50' s are now EOL. My thinking was that MR7 might take care some of these problems, but I have just found out that MR6 is as far as support will go with these units (as of today 3-2-2004). If there are more than 5 users or a publicly facing internet app, then it is recommended to go to Build 2.36 which requires a TFTP load and a reset to factory defaults. So it sounds like the FG-50 has had a lot of problems with MR6 and its processing requirements.

[link=http://logMojo.com]logMojo[/link] by Security Confidence Cloud Based - Logging â— Alerting â— Reporting â— Monitoring â— Management Signup today!

Report Inappropriate Content · ‎03-15-2004

Ok, thank you for your reply. I will downgrade to 2.36 (the firmware the fgt-50 came with out of the box) The important thing here is that it runs clean and stable, with appr. max. 10 users and in transparent mode. The transparent mode option is the reason I came to the Fortinet world, since I Â´ve tested the Netgear FVL328 and the D-LINK DFL-700, where both are specified to handle " transparent mode" but noone at their support seems to know what it means and how it is configured. The downgrade: is it done via a telnet session only? or via the serial console interface? Kindest regards to all forum members Georg Siotis

Report Inappropriate Content · ‎03-18-2004

Heres the method I was given by tech support. (I used the SolarWinds free TFTP server) You will need to reenter all settings (do screen shots in the webui for later) Julian TFTP OS Image Flash Note: You will need a TFTP server program. You can download a freeware program from www.downloads.com. Perform a search for " tftp server" . To flash the OS via TFTP, please do the following: 1) Connect a console cable from your host to the Fortigate device. The port settings are - 9600-8-N-1-N. Note: On the FortiGate 300, the baud rate is 115200. Also, the ethernet cable must be connected to the internal network or directly connected to the host. 2) Start the TFTP server. It must be on the Internal/Trust side of the Fortigate. For most, it will be the client that you are working from. 3) Place the OS image file in the root directory of the TFTP server. 4) Reboot the device. At the " Press Any Key To Download Boot Image" line during boot up, hit <enter>. 5) You will get the following: a. Enter TFTP Server Address [192.168.1.168]: Enter the ip address of the TFTP server. For most, it will be the ip of the client. b. Enter Local Address [192.168.1.188] Enter any ip address on the trust/internal network. It can be the internal ip of the Fortigate. c. Enter File Name [image.out]: Enter the OS image file name EXACTLY as it appears with the file extension (.out). If this is incorrect, flash will not work. 6) You will see a series of <#######> followed by: Total 123456 Bytes Data Is Downloaded. Testing The Boot Image Now. Total 32768k Bytes Are Unzipped. Do You Want To Save The Image ?[Y/n] 7) Enter <y>. You will se a series of <++++++++> followed by: Reading Boot Image 892205 Bytes. Initializing Firewall ... 8) The flash is complete. Log into the device. IMPORTANT NOTE: Flashing the image via TFTP will restore your device back to factory defaults!!!!!

Report Inappropriate Content · ‎03-18-2004

Thank you very much for your mail, Julian, I used exactly this configuration (solarwinds tftp) and it worked fine for me. Now the fGT-50 runs in 2.36 build 85. I am planning to put it in production next week, everything runs fine with it, EXCEPT that the clients internally (Transparent mode) cannot get their IP adress from an DHCP server that resides on the external network. IÂ´m going to try to open port 68 and 69 from the outside to the inside to see what happens (tips from the very effective and helpful Technical Support of Fortinet in Europe). My overall impression, compared to the technical support of other companies is that Fortinet rocks. I am very pleased, not to say astonished, by the quality. Kindest regards, and thanks in advance.