Hello team,
I have a need to update my fortigate (VM on vSphere) firewall via cli. SO, I installed tftp on a windows server machine and assigned it an ip address in the same network as port2 of my fortigate.
From CLI the ping to tftp server work fine but then the transfer failed with error -39
FortiFirewall-VM64 # execute restore image tftp FGT_VM64_VMX-v7.2.5.F-build1517- FORTINET.out 192.168.X.X
This operation will replace the current firmware version!
Do you want to continue? (y/n)y
Please wait...
Connect to tftp server 192.168.x.x...
Transfer timed out.
Can not get image from tftp server via vdom root.
Command fail. Return code -39
FortiFirewall-VM64 # execute ping 192.168.X.X
PING 192.168.X.X (192.168.X.X): 56 data bytes
64 bytes from 192.168.X.X: icmp_seq=0 ttl=128 time=0.9 ms
64 bytes from 192.168.X.X: icmp_seq=1 ttl=128 time=0.7 ms
any suggestion?
Thanks for the support
BR
Hello Luca
According to the output I think the client couldn't even connect to tftp server, or the download didn't start.
Try the following:
Created on 01-08-2024 01:39 PM Edited on 01-08-2024 01:39 PM
Yes, thank you @AEK, i disabled the windows firewall and now Fortigte downloading the image from tftp server but now i have this error:
Connect to tftp server 192.168.X.X ...
#
###################################################################################
Get image from tftp server OK.
Verifying the signature of the firmware image.
Check image error.
Command fail. Return code -28
Thank you for the support.
can it be that it gives this error because the vm does not have an active license?
I explain what I should do. I should migrate a FortiVM d hyperv to vmware, so I deployed an ovf image downloaded from support.fortinet.com. Now my idea was to align the firmware versions of the firewalls and then import the configuration. Only if I try to access in GUI the new firewall deployed on vsphere it necessarily asks me for a license, so I thought of doing it all via cli.
Please check the downloaded file's checksum. Compare the one you can download in the support portal (on the same line as the HTTP download button) with a checksum you create locally. In rare cases, they don't match. If so, download the image file again.
Thank you @ede_pfau now the update work fine.
Now,
when I try to restore the configuration I try this command:
execute restore config tftp backup.conf 192.168.X.X
but I get this error returned
Please wait...
Connect to TFTP server 192.168.X.X ...
Get file from TFTP server OK.
Invalid config file
Command fail. Return code -39
Hello
The config file must be for the same model and for the same FOS version.
Open the file in notepad and check on the first line to find this info.
Hello @AEK ,
thanks,
in fact, I copied the first four lines of the firewall configuration into hyper-v and overwritten them in the fortigate conf file on vmware. Now the 'import is successful with no errors. I wanted to ask how do I go about transferring the license.
Thank you very much
BR
Hello Luca
To transfer the license you need to open a CS ticket.
Hello @AEK ,
I returned a few days ago after a period of absence. Thank you for the response.
So is it normal that after setting up the firewall on VMWare and I have the license in unlicense state I can't access it even if I reach it ? Once the license is migrated it should be back up and running ?
Thank you very much as always
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
User | Count |
---|---|
1739 | |
1108 | |
752 | |
447 | |
240 |
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Copyright 2024 Fortinet, Inc. All Rights Reserved.