- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiAP
- FortiClient
- FortiADC
- FortiAnalyzer
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDAST
- FortiDDoS
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiExtender
- FortiEDR
- FortiGate Cloud
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Upgrading Fortigate FW Using Command Line Remotely...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgrading Fortigate FW Using Command Line Remotely?
I am able to upload firmware from PC to remote firewall using GUI.
Is it possible to upload firmware from PC to remote firewall using CLI?
My target firewall is using accessed using an external ip address.
However my computer is seated far away at home - and of course using an internal ip.
As such, I cannot set up my comp as a tftp server and get it to ping me.
So is it possible to upgrade firewall at home using CLI?
I find that using the CLI is better as it enables me to see the error messages but in GUI i dont know what is going on.
Or is there an alternative way for me to download the firmware directly into the firewall instead of the PC?
Labels:
- Labels:
-
FortiGate
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for posting your query.
In order to upgarde FGT using the cli you will need TFTP server.
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/596131/upgrading-the-firmware
You can download firmware from the support portal or user the fortigate GUI option for the firmware upgrade.
Please refere below link for the different type of available firmware upgrade mathod
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
Created on 08-13-2023 07:55 AM Edited on 08-13-2023 07:58 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you are not answering the question!
How can i create a pingable tftp server when i am behind a home firewall.
cant ping from firewall to home pc.
you are not even reading the question!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I gave you available option detail from the home network without any tunnel connection or TFTP server we will not be able to upload the firmware image on Fortigate. Yes, you need to be part of the internal network to set up the TFTP server.
Question:- So is it possible to upgrade firewall at home using CLI?
In your case from the home network, we will not be able to upload the image.
Question:- is there an alternative way for me to download the firmware directly into the firewall instead of the PC?
Not directly in the firewall, however, using the USB drive it is possible
While upgrading from the USB drive from the SSH connection you can see the cli error you observe. Once the firewall will go in restart you will not be able to see cli.
During the upgrade, it's best to have local access to the firewall if in case you come across any issue during the upgrade it can be reverted.
Before you install any new firmware, follow the below steps:
>> Understand the maturity level of the current and target firmware releases to help you determine whether to upgrade. See Firmware maturity levels.
>> Review the Release Notes for a new firmware release.
>> Review the Supported Upgrade Paths.
>> Download a copy of the currently installed firmware, in case you need to revert to it. See Downloading a firmware image and Downgrading individual device firmware for details.
>> Have a plan in place in case there is a critical failure, such as the FortiGate not coming back online after the update.
>> This could include having console access to the device (Connecting to the CLI), ensuring that your TFTP server is working (Installing firmware from system reboot), and preparing a USB drive (Restoring from a USB drive).
>> Back up the current configuration, including local certificates. The upgrade process prompts you to back up the current configuration. See also Configuration backups for details.
>> Test the new firmware until you are satisfied that it applies to your configuration. See Testing a firmware version and Using controlled upgrades for details.
>> Installing new firmware without reviewing release notes or testing the firmware may result in changes to settings and unexpected issues.
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This reply is much better.
Is it possible to enter the url of the firmware in the cli so that the fortigate can auto download?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To answer your query yes on the FGT URL upgrade option available for the firmware upgrade.
# execute restore image ?
flash >> Restore image from flash.
ftp >> Load image from FTP server.
management-station Restore image from the Management station.
tftp >> Restore image from TFTP server.
url >> Restore image from URL with HTTP/HTTPS protocols. Decrypt image if needed.
usb >> Restore image from USB disk.
However, if you observe when we upgrade FortiGate from the GUI method it takes the firmware image from the FDS(Fortiguard server) server.
This is the reason if you have Fortiguard connectivity down you will not be able to update the firmware using the automatic option then manually firmware needs to upload or fix Fortigaurd connectivity issue first.
exec ping service.fortiguard.net
exec ping update.fortiguard.net
exec ping guard.fortinet.net
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maybe it's just me, but what is the problem? You can always manage the FGT via GUI _and_ via CLI (ssh) at the same time. Use the GUI to upload the firmware and the CLI to monitor.
Even better would be to monitor the FGT's serial port, as a lot more messages only appear in the Console. I use an inexpensive USB-to-IP terminal server device for this, combined with the serial-to-USB cable provided with newer FGTs.
Of course, if you cripple the remote FGT up to the point where you lose WAN access, the serial connection won't help much. But usually, you'll see a lot more infos. You can even get into the boot menu.
If anybody else is using USB-to-network servers, please share your make and model here, as I am not 100% satisfied with my device (a noname from/via amazon).
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
what is USB-to-network servers?
what is USB-to-IP terminal server ?
Is it oob?
I cant go to site as it is in another state so suggestions are appreciated.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- Remote access to Fortigate configured with... 319 Views
- VPN tunnel connected but i can't... 185 Views
- FortiOS and FSSO agent 197 Views
- Connect Fortigate to a remote FortiAnalyzer 192 Views
- Fortigate consuming high memory after upgrade 318 Views
Labels
-
FortiGate
7,035 -
FortiClient
1,387 -
5.2
801 -
5.4
639 -
FortiManager
610 -
FortiAnalyzer
446 -
6.0
416 -
FortiAP
369 -
FortiSwitch
368 -
5.6
362 -
FortiClient EMS
285 -
FortiMail
272 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
172 -
6.4
128 -
FortiNAC
123 -
FortiGuard
112 -
IPsec
104 -
SSL-VPN
94 -
FortiGateCloud
93 -
FortiSIEM
92 -
FortiCloud Products
88 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
48 -
FortiADC
45 -
Fortivoice
44 -
SD-WAN
43 -
FortiEDR
42 -
FortiDNS
37 -
FortiExtender
36 -
FortiGate v5.4
35 -
FortiSandbox
33 -
FortiAuthenticator
32 -
FortiSwitch v6.4
32 -
Firewall policy
32 -
VLAN
28 -
High Availability
28 -
FortiConnect
24 -
FortiWAN
23 -
ZTNA
21 -
DNS
21 -
FortiConverter
21 -
BGP
19 -
FortiGate v5.2
19 -
Certificate
19 -
SAML
18 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
LDAP
17 -
VDOM
16 -
FortiMonitor
14 -
Authentication
14 -
FortiLink
14 -
Interface
14 -
FortiDDoS
14 -
Logging
14 -
FortiGate v5.0
13 -
Fortigate Cloud
13 -
Routing
13 -
FortiCASB
12 -
RADIUS
11 -
NAT
11 -
Web profile
11 -
SSL SSH inspection
10 -
Traffic shaping
10 -
Virtual IP
10 -
SSO
10 -
Application control
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
WAN optimization
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
Admin
7 -
4.0
7 -
Proxy policy
6 -
Security profile
6 -
Traffic shaping policy
6 -
Static route
6 -
FortiDirector
5 -
IPS signature
5 -
Packet capture
5 -
FortiAP profile
5 -
Automation
5 -
FortiManager v4.0
5 -
FortiDeceptor
4 -
Antivirus profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
OSPF
4 -
Web rating
4 -
3.6
4 -
FortiScan
4 -
trunk
4 -
Port policy
4 -
System settings
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
FortiPAM
3 -
DoS policy
3 -
Email filter profile
3 -
FortiDB
3 -
Intrusion prevention
3 -
Protocol option
2 -
FortiInsight
2 -
NAC policy
2 -
Users
2 -
FortiAI
2 -
Application signature
2 -
VoIP profile
2 -
FortiHypervisor
2 -
Fabric connector
2 -
Netflow
2 -
Multicast routing
2 -
4.0MR1
1 -
TACACS
1 -
Subscription Renewal Policy
1 -
Replacement messages
1 -
FortiCWP
1 -
FortiNDR
1 -
Schedule
1 -
SDN connector
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
DLP sensor
1 -
Internet Service Database
1 -
Explicit proxy
1 -
Zone
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1041 | |
| 862 | |
| 512 | |
| 441 | |
| 146 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.