Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
luca1994
New Contributor III

Update firmware from cli tftp: error code -39

Hello team,

 

I have a need to update my fortigate (VM on vSphere) firewall via cli. SO, I installed tftp on a windows server machine and assigned it an ip address in the same network as port2 of my fortigate.
From CLI the ping to tftp server work fine but then the transfer failed with error -39

 

FortiFirewall-VM64 # execute restore image tftp FGT_VM64_VMX-v7.2.5.F-build1517- FORTINET.out 192.168.X.X
This operation will replace the current firmware version!
Do you want to continue? (y/n)y

Please wait...

Connect to tftp server 192.168.x.x...
Transfer timed out.
Can not get image from tftp server via vdom root.
Command fail. Return code -39

 

FortiFirewall-VM64 # execute ping 192.168.X.X
PING 192.168.X.X (192.168.X.X): 56 data bytes
64 bytes from 192.168.X.X: icmp_seq=0 ttl=128 time=0.9 ms
64 bytes from 192.168.X.X: icmp_seq=1 ttl=128 time=0.7 ms

 

any suggestion?

Thanks for the support

BR

15 REPLIES 15
AEK
SuperUser
SuperUser

Hello Luca

According to the output I think the client couldn't even connect to tftp server, or the download didn't start.

Try the following:

  • Check Windows firewall of the tftp server host, probably tftp port is filtered
  • Check tftp server logs to see why the connection failed
AEK
AEK
luca1994
New Contributor III

Yes, thank you @AEK, i disabled the windows firewall and now Fortigte downloading the image from tftp server but now i have this error:

 

Connect to tftp server 192.168.X.X ...
#
###################################################################################

Get image from tftp server OK.
Verifying the signature of the firmware image.
Check image error.
Command fail. Return code -28

 

Thank you for the support.

 

luca1994
New Contributor III

can it be that it gives this error because the vm does not have an active license?
I explain what I should do. I should migrate a FortiVM d hyperv to vmware, so I deployed an ovf image downloaded from support.fortinet.com. Now my idea was to align the firmware versions of the firewalls and then import the configuration. Only if I try to access in GUI the new firewall deployed on vsphere it necessarily asks me for a license, so I thought of doing it all via cli.

ede_pfau
SuperUser
SuperUser

Please check the downloaded file's checksum. Compare the one you can download in the support portal (on the same line as the HTTP download button) with a checksum you create locally. In rare cases, they don't match. If so, download the image file again.

Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
luca1994
New Contributor III

Thank you @ede_pfau now the update work fine.

Now,

when I try to restore the configuration I try this command:

execute restore config tftp backup.conf 192.168.X.X

but I get this error returned

Please wait...
Connect to TFTP server 192.168.X.X ...

Get file from TFTP server OK.
Invalid config file
Command fail. Return code -39

AEK

Hello

The config file must be for the same model and for the same FOS version.

Open the file in notepad and check on the first line to find this info.

AEK
AEK
luca1994
New Contributor III

Hello @AEK ,

 

thanks,

in fact, I copied the first four lines of the firewall configuration into hyper-v and overwritten them in the fortigate conf file on vmware. Now the 'import is successful with no errors. I wanted to ask how do I go about transferring the license.

Thank you very much
BR

AEK

Hello Luca

To transfer the license you need to open a CS ticket.

cs.png

AEK
AEK
luca1994
New Contributor III

Hello @AEK ,

 

I returned a few days ago after a period of absence. Thank you for the response.

So is it normal that after setting up the firewall on VMWare and I have the license in unlicense state I can't access it even if I reach it ? Once the license is migrated it should be back up and running ?

 

Thank you very much as always

Announcements

Select Forum Responses to become Knowledge Articles!

Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.

Labels
Top Kudoed Authors