- Forums
- Knowledge Base
- Customer Service
- FortiGate
- FortiClient
- FortiAP
- FortiAnalyzer
- FortiADC
- FortiAuthenticator
- FortiBridge
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiExtender
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiManager
- FortiMonitor
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecon
- FortiRecorder
- FortiSandbox
- FortiSASE
- FortiScan
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- TFTP Problems with FortiWiFi 30B
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
TFTP Problems with FortiWiFi 30B
Greetings:
--Semi-newbie here with a few TFTP questions, namely what is the proper config to flash firmware? I' m don' t seem to have any connectivity between the TFTP server on my laptop and the FortiWifi 30 B.
--I suspect the upload port is wrong as per other support docs. There are no # characters showing progress (see below). However, I' m unable to change from internal port 4 (the default) as suggested.
--I also won' t rule out an IP misconfig, since I have little experience doing this. Regardless, below is a summary of the other troubleshooting steps I took as well as a snippet of the HyperTerminal output.
--I' d really appreciate any suggestions. Thanks in advance for your time and expertise.
All the best.
Patrick
::TROUBLESHOOTING::
-Attempted to change internal ports for upload
-Formatted the HDD (as per vendor support)
-Disabled Windows firewall
-Everyone group has full control on SMB/NFTS to TFTP-Root directory.
::HYPERTERMINAL OUTPUT::
Enter Selection :
Enter G,F,I,Q,or H:
Please connect TFTP server to Ethernet port " 4" .
Enter TFTP server address [192.168.1.168]: 192.168.1.99 (Laptop IP as per support docs)
Enter local address [192.168.1.188]: 192.168.1.10 (Random IP on same subnet).
Enter firmware image file name [image.out]: FWF_30B-v400-build0178-FORTINET.out
MAC:00090FC7F5A8
-
9 REPLIES 9
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
suggestion:
To eliminate the port issues, when you set the ip_address on teh FWF30B and laptop , can you ping the unit?
If you can, and the TFTP dowdloads are failing, have you check the TFTP transfer byte size?
What tftp-server are you using?
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi emnoc:
--Thanks for the info. I' ve used SolarWinds TFTP as well as TFTPD32 for TFTP. The terminal app are HyperTerminal and PuTTY. I configured my device as per this KB article:[link=] http://kb.fortinet.com/kb/microsites/microsite.do?cmd=displayKC&docType=kc&externalId=10338&sliceId=1&docTypeID=DT_KCARTICLE_1_1[/link]
--I suspect the problem is on the Forigate ports. I can ping my server IP (my laptop) OK no matter what IP I set. I cannot ping the Fortigate no matter what IP I use. The output says to use " Ethernet port 4" . The above referenced doc recommends changing the upload port to another port for troubleshooting. However, I am unable to change the upload port on the Foritgate. It always stays at port 4 no matter how it' s set. The TFTPD32 logs show no connection is made.
--Also, I can check the transfer byte size. What do you suggest I set it to?
--Thanks again for the assist.
All the best,
Patrick
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I cannot ping the Fortigate no matter what IP I use.Make sure that " show system interface" has " set allowaccess ping" for administrative interface you' ll be using. By the way, consider using " execute restore image usb" if you have physical access to the box, or " execute restore image tftp" command instead of rebooting if you must use tftp - less restrictive than reboot environment.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Make sure that " show system interface" has " set allowaccess ping" for administrative interface you' ll be using.he' s doing this from an interrupted bootup process, by the screenshot he provided. So that part is not an issue at this point. back to the problem, I never heard of any FGT units using a high # number port for the TFTP firmware upgrade or restoral from the CLI and a interrupted bootup. I would personally used the lower number port 1st and then check my cable. On the byte size, you can validate the sized used via wireshark or even the log. Solarwinds TFTP server should be fine as-is, and I think your problem is cable or cabling connection related. Once you configured the FWF30B with the interface ip_address, try a continous ping from the window host and tehn repeat but with using a different port. Also don' t rule out your cable. IIRC a straight should be fine but you might need a X-over.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For what it' s worth, I was never able to ping the FGT during a TFTP restore. May be operating as designed.
Bob - self proclaimed posting junkie!
See my Fortigate related scripts at: http://fortigate.camerabob.com
Bob - self proclaimed posting junkie!See my Fortigate related scripts
at: http://fortigate.camerabob.com
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
For what it' s worth, I was never able to ping the FGT during a TFTP restore.I' m using 60C v4.0 MR3 Patch 3. The interface only becomes enabled after Fortigate TFTP data is entered and retrieval is attempted, via Internal 1. Observe:
FortiGate-60C (14:57-01.26.2011) Ver:04000024 Serial number: FGT60C3G1100???? CPU(00): 525MHz Total RAM: 512MB Initializing boot device... Initializing MAC... nplite#0 Press any key to display configuration menu... ..Attachment is a pcap file (with Window' s chatter traffic filtered out) taken during above sequence on 10.0.0.2 PC. You can see Fortigate' s TFTP request and my (successful) ping from the PC.: Get firmware image from TFTP server. : Format boot device. [ I]: Configuration and information. [ B]: Boot with backup firmware and set as default. : Quit menu and continue to boot.: Display this list of options. Enter G,F,I,B,Q,or H: G Please connect TFTP server to Ethernet port ' Any of port 1,2,3,4,5' . Enter TFTP server address [192.168.1.168]: 10.0.0.2 Enter local address [192.168.1.188]: 10.0.0.1 Enter firmware image file name [image.out]: xx.out MAC: 00:09:0f:f5:cc:e8 Connect to tftp server 10.0.0.2 ... ^C Abort Reading boot image... 1173664 bytes. Initializing firewall... System is started.
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi emnoc:
--Thanks for the info. This thing must be cursed. I cannot change the upload port; it always defaults to internal port four. Also, I' ve used known good crossover and regular cables with no joy. I also noticed that the status light stays lit whenever the unit it power on. I assume that' s by design when there' s no OS loaded?
--Finally, would you please clarify how to configure the Fortigate with an IP? I didn' t think that was possible w/o an OS or did I miss understand you? I simply set the iP on my laptop to 192.168.1.168 and entered 192.168.1.188 for the Fortigate (or another IP on the same subnet) during the upload procedure. Thanks again for the assist.
Best regards,
Patrick
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
The interface only becomes enabled after Fortigate TFTP data is entered and retrieval is attempted, via Internal 1. Observe:That' s my experience also. Once you get to the " Enter local address [ 192.168.1.188]: and after you enter the filename, the interface should come up hot. for the OP, do you have a warranty or support on the FWF30B? i remember mine was strange when doing a upgrade, but it was not as problematic as yours.
PCNSE
NSE
StrongSwan
PCNSE
NSE
StrongSwan
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
--Thanks a lot for all your help. I' m going to open a support ticket (now that the unit is properly registered). I suspect it' s a bad device. It' s not my config, cabling, etc. I can TFTP to a similar model w/o a problem. I also noted that the Status light stays lit when the unit is powered on. Thanks again.
P.
Related Posts
- Routing Problem to DHCP Relay 118 Views
- Fortigate consuming high memory after upgrade 81 Views
- Problems configuring the wan interface 91 Views
- SD-WAN problem Fortimanager 94 Views
- How to define Gateway on WAN... 133 Views
Labels
-
FortiGate
6,816 -
FortiClient
1,353 -
5.2
801 -
5.4
639 -
FortiManager
585 -
FortiAnalyzer
431 -
6.0
416 -
5.6
362 -
FortiAP
352 -
FortiSwitch
348 -
FortiClient EMS
277 -
FortiMail
266 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
164 -
6.4
128 -
FortiNAC
114 -
FortiGuard
108 -
FortiSIEM
92 -
FortiGateCloud
90 -
IPsec
90 -
FortiCloud Products
85 -
FortiToken
74 -
SSL-VPN
73 -
Customer Service
70 -
4.0MR3
64 -
Wireless Controller
62 -
FortiProxy
47 -
FortiADC
44 -
FortiEDR
42 -
Fortivoice
41 -
SD-WAN
37 -
FortiDNS
35 -
FortiExtender
34 -
FortiGate v5.4
34 -
FortiSandbox
33 -
FortiSwitch v6.4
30 -
Firewall policy
30 -
FortiAuthenticator
24 -
High Availability
24 -
FortiConnect
24 -
VLAN
23 -
FortiWAN
22 -
FortiConverter
21 -
ZTNA
20 -
FortiPortal
18 -
FortiSwitch v6.2
16 -
FortiGate v5.2
16 -
Certificate
16 -
SAML
15 -
DNS
15 -
LDAP
15 -
FortiMonitor
14 -
BGP
14 -
Interface
14 -
Logging
14 -
FortiGate v5.0
13 -
FortiDDoS
13 -
Routing
12 -
FortiCASB
12 -
VDOM
12 -
fortilink
11 -
RADIUS
10 -
Authentication
10 -
Virtual IP
10 -
FortiRecorder
10 -
FortiWeb v5.0
9 -
SSL SSH inspection
9 -
Traffic shaping
9 -
FortiManager v5.0
9 -
NAT
9 -
4.0MR2
9 -
SSID
8 -
Fortigate Cloud
8 -
SSO
8 -
Application control
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
Admin
7 -
4.0
7 -
IP address management - IPAM
7 -
Security profile
6 -
FortiBridge
6 -
SNMP
6 -
Web application firewall profile
6 -
Web profile
6 -
Proxy policy
5 -
Traffic shaping policy
5 -
FortiAP profile
5 -
FortiManager v4.0
5 -
Static route
5 -
FortiDirector
4 -
IPS signature
4 -
Packet capture
4 -
Antivirus profile
4 -
Automation
4 -
WAN optimization
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
3.6
4 -
FortiScan
4 -
Port policy
4 -
FortiToken Cloud
3 -
DoS policy
3 -
Email filter profile
3 -
Web rating
3 -
Intrusion prevention
3 -
FortiDB
3 -
trunk
3 -
FortiDeceptor
2 -
System settings
2 -
FortiInsight
2 -
NAC policy
2 -
Fortinet Engage Partner Program
2 -
Users
2 -
Traffic shaping profile
2 -
FortiPAM
2 -
VoIP profile
2 -
FortiAI
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Protocol option
2 -
4.0MR1
1 -
TACACS
1 -
Replacement messages
1 -
Subscription Renewal Policy
1 -
Schedule
1 -
FortiCWP
1 -
FortiNDR
1 -
SDN connector
1 -
Application signature
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Multicast routing
1 -
Explicit proxy
1 -
Zone
1
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.