Help
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
rrodrigues
New Contributor II

Created on ‎01-02-2024 09:30 AM Edited on ‎01-02-2024 09:33 AM

Scheduled Firmware upgrade results in failed initialisation - no connectivity of APs or internet

Hello,

Our system was set for a schedule firmware upgrade - 7.4.1 to 7.4.2.

There was a scheduled automated message about the upgrade "Automatic firmware upgrade schedule changed" which housed when and what:

 

date=2023-12-22 time=23:08:37 devid="xxxx" devname="FG-companyname-SC" eventtime=1703315317648109599 tz="-0800" logid="0100032263" type="event" subtype="system" level="notice" vd="root" logdesc="Automatic firmware upgrade schedule changed" user="system" msg="System patch-level auto-upgrade new image installation scheduled between local time Thu Dec 28 23:16:15 2023 and local time Fri Dec 29 01:00:00 2023."

 

 

 

And in our logs we have a critical event (see screenshot) where this was actioned (in line with the timing listed in the email above) and we've just had reports that the there is no wifi being served through this.

A hard reset of the fortigate seems to resolve this issue but happens everytime the system reboots itself after an update.

Screenshot 2024-01-02 at 17.32.03.png

What I find interesting is that there is no events between the 28th and 2nd Jan.

Its worth noting that there is also a warning in the logs after this update on 28th December but unsure if connected so will mention it never the less:

 

Local certificate Fortinet_SSL_RSA4096 will expire in 0 days.

 

 

Is there a known issue or something specific I could search for in order to help track down what the potential issue is for this?

Labels:
1057
0 Kudos
2 REPLIES 2
akumar02
Staff
Staff

Created on ‎01-04-2024 01:54 PM

Hello Rrodrigues,

Sometimes it happens that the certificate is expired and admins have trouble logging into the FortiGate GUI, as many browsers do not accept expired certificate.

In order to renew an expired built-in certificate, run the following command on FortiGate CLI:

 

# execute vpn certificate local generate default-ssl-key-certs

 

A message will be prompted to confirm the re-generation of the default certificate.

 

"Are you sure to re-generate the default RSA, DSA, ECDSA and EdDSA key certs for ssl resign?
Do you want to continue? (y/n)y

 

Ref: https://community.fortinet.com/t5/FortiGate/Technical-Tip-Renew-Certificate-Expired-on-FortiGate/ta-...

If you are not able to access the Fortigate due to expired certificates then the Console access to the Fortigate will be able to help us find the RCA. 
https://community.fortinet.com/t5/FortiGate/Technical-Tip-How-to-deal-with-a-kernel-panic/ta-p/22680...

 

Kindly let us know if this helps. 

Best Regards,
. . . . . . . . . . . . . . . . . . . . . . . .
Arun Kumar | TAC Engineer II
FORTINET TAC - America EAST
NSE Certified: 1,2,3,4,5,7
Office Hours: 9AM-6PM EST (Tue-Sat)
Contact: https://fortinet.com/support-and-training/support/contact.html
Community Forum: https://community.fortinet.com
# Is there anything Fortinet could have assisted with further, better, or differently?
# Simply request a Manager follow-up
1029
0 Kudos
rrodrigues
New Contributor II

Created on ‎01-06-2024 07:41 PM

So its not about the page loading and having an error show up about an expired certificate.

You cant actually connect to the IP address and it simply times out.

992
0 Kudos
Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors
View all
Broad. Integrated. Automated.

The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.

Social Media
Security Research
Company
News & Articles
Contact Us

Copyright 2024 Fortinet, Inc. All Rights Reserved.