Update firmware from cli tftp: error code -39

luca1994 · ‎01-08-2024

Hello team,

I have a need to update my fortigate (VM on vSphere) firewall via cli. SO, I installed tftp on a windows server machine and assigned it an ip address in the same network as port2 of my fortigate.
From CLI the ping to tftp server work fine but then the transfer failed with error -39

FortiFirewall-VM64 # execute restore image tftp FGT_VM64_VMX-v7.2.5.F-build1517- FORTINET.out 192.168.X.X
This operation will replace the current firmware version!
Do you want to continue? (y/n)y

Please wait...

Connect to tftp server 192.168.x.x...
Transfer timed out.
Can not get image from tftp server via vdom root.
Command fail. Return code -39

FortiFirewall-VM64 # execute ping 192.168.X.X
PING 192.168.X.X (192.168.X.X): 56 data bytes
64 bytes from 192.168.X.X: icmp_seq=0 ttl=128 time=0.9 ms
64 bytes from 192.168.X.X: icmp_seq=1 ttl=128 time=0.7 ms

any suggestion?

Thanks for the support

BR

AEK · ‎01-08-2024

Hello Luca

According to the output I think the client couldn't even connect to tftp server, or the download didn't start.

Try the following:

Check Windows firewall of the tftp server host, probably tftp port is filtered
Check tftp server logs to see why the connection failed

AEK

luca1994 · ‎01-08-2024

Yes, thank you @AEK, i disabled the windows firewall and now Fortigte downloading the image from tftp server but now i have this error:

Connect to tftp server 192.168.X.X ...
#
###################################################################################

Get image from tftp server OK.
Verifying the signature of the firmware image.
Check image error.
Command fail. Return code -28

Thank you for the support.

luca1994 · ‎01-08-2024

can it be that it gives this error because the vm does not have an active license?
I explain what I should do. I should migrate a FortiVM d hyperv to vmware, so I deployed an ovf image downloaded from support.fortinet.com. Now my idea was to align the firmware versions of the firewalls and then import the configuration. Only if I try to access in GUI the new firewall deployed on vsphere it necessarily asks me for a license, so I thought of doing it all via cli.

ede_pfau · ‎01-08-2024

Please check the downloaded file's checksum. Compare the one you can download in the support portal (on the same line as the HTTP download button) with a checksum you create locally. In rare cases, they don't match. If so, download the image file again.

Ede Kernel panic: Aiee, killing interrupt handler!

luca1994 · ‎01-09-2024

Thank you @ede_pfau now the update work fine.

Now,

when I try to restore the configuration I try this command:

execute restore config tftp backup.conf 192.168.X.X

but I get this error returned

Please wait...
Connect to TFTP server 192.168.X.X ...

Get file from TFTP server OK.
Invalid config file
Command fail. Return code -39

AEK · ‎01-09-2024

Hello

The config file must be for the same model and for the same FOS version.

Open the file in notepad and check on the first line to find this info.

AEK

luca1994 · ‎01-10-2024

Hello @AEK ,

thanks,

in fact, I copied the first four lines of the firewall configuration into hyper-v and overwritten them in the fortigate conf file on vmware. Now the 'import is successful with no errors. I wanted to ask how do I go about transferring the license.

Thank you very much
BR

AEK · ‎01-10-2024

Hello Luca

To transfer the license you need to open a CS ticket.

AEK

luca1994 · ‎02-16-2024

Hello @AEK ,

I returned a few days ago after a period of absence. Thank you for the response.

So is it normal that after setting up the firewall on VMWare and I have the license in unlicense state I can't access it even if I reach it ? Once the license is migrated it should be back up and running ?

Thank you very much as always

Update firmware from cli tftp: error code -39

Nominate a Forum Post for Knowledge Article Creation

You are leaving our website