- Forums
- Knowledge Base
- Customer Service
- Internal Article Nominations
- FortiGate
- FortiClient
- FortiAP
- FortiADC
- FortiAnalyzer
- FortiBridge
- FortiAuthenticator
- FortiCache
- FortiCarrier
- FortiCASB
- FortiConnect
- FortiConverter
- FortiCNP
- FortiDDoS
- FortiDAST
- FortiDB
- FortiDNS
- FortiDeceptor
- FortiDevSec
- FortiDirector
- FortiEDR
- FortiGate Cloud
- FortiExtender
- FortiGuard
- FortiHypervisor
- FortiInsight
- FortiIsolator
- FortiMail
- FortiMonitor
- FortiManager
- FortiNAC
- FortiNAC-F
- FortiNDR (on-premise)
- FortiNDRCloud
- FortiPAM
- FortiPortal
- FortiProxy
- FortiRecorder
- FortiRecon
- FortiSandbox
- FortiScan
- FortiSASE
- FortiSIEM
- FortiSOAR
- FortiSwitch
- FortiTester
- FortiToken
- FortiVoice
- FortiWAN
- FortiWeb
- FortiWebCloud
- Wireless Controller
- RMA Information and Announcements
- FortiCloud Products
- ZTNA
- 4D Documents
- Customer Service
- Community Groups
- Blogs
Support Forum
The Forums are a place to find answers on a range of Fortinet products from peers and product experts.
- Fortinet Community
- Forums
- Support Forum
- Upgrading Fortigate FW Using Command Line Remotely...
Options
- Subscribe to RSS Feed
- Mark Topic as New
- Mark Topic as Read
- Float this Topic for Current User
- Bookmark
- Subscribe
- Mute
- Printer Friendly Page
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Upgrading Fortigate FW Using Command Line Remotely?
I am able to upload firmware from PC to remote firewall using GUI.
Is it possible to upload firmware from PC to remote firewall using CLI?
My target firewall is using accessed using an external ip address.
However my computer is seated far away at home - and of course using an internal ip.
As such, I cannot set up my comp as a tftp server and get it to ping me.
So is it possible to upgrade firewall at home using CLI?
I find that using the CLI is better as it enables me to see the error messages but in GUI i dont know what is going on.
Or is there an alternative way for me to download the firmware directly into the firewall instead of the PC?
Labels:
- Labels:
-
FortiGate
7 REPLIES 7
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Thank you for posting your query.
In order to upgarde FGT using the cli you will need TFTP server.
https://docs.fortinet.com/document/fortigate/6.2.15/cookbook/596131/upgrading-the-firmware
You can download firmware from the support portal or user the fortigate GUI option for the firmware upgrade.
Please refere below link for the different type of available firmware upgrade mathod
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
Created on 08-13-2023 07:55 AM Edited on 08-13-2023 07:58 AM
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
you are not answering the question!
How can i create a pingable tftp server when i am behind a home firewall.
cant ping from firewall to home pc.
you are not even reading the question!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
I gave you available option detail from the home network without any tunnel connection or TFTP server we will not be able to upload the firmware image on Fortigate. Yes, you need to be part of the internal network to set up the TFTP server.
Question:- So is it possible to upgrade firewall at home using CLI?
In your case from the home network, we will not be able to upload the image.
Question:- is there an alternative way for me to download the firmware directly into the firewall instead of the PC?
Not directly in the firewall, however, using the USB drive it is possible
While upgrading from the USB drive from the SSH connection you can see the cli error you observe. Once the firewall will go in restart you will not be able to see cli.
During the upgrade, it's best to have local access to the firewall if in case you come across any issue during the upgrade it can be reverted.
Before you install any new firmware, follow the below steps:
>> Understand the maturity level of the current and target firmware releases to help you determine whether to upgrade. See Firmware maturity levels.
>> Review the Release Notes for a new firmware release.
>> Review the Supported Upgrade Paths.
>> Download a copy of the currently installed firmware, in case you need to revert to it. See Downloading a firmware image and Downgrading individual device firmware for details.
>> Have a plan in place in case there is a critical failure, such as the FortiGate not coming back online after the update.
>> This could include having console access to the device (Connecting to the CLI), ensuring that your TFTP server is working (Installing firmware from system reboot), and preparing a USB drive (Restoring from a USB drive).
>> Back up the current configuration, including local certificates. The upgrade process prompts you to back up the current configuration. See also Configuration backups for details.
>> Test the new firmware until you are satisfied that it applies to your configuration. See Testing a firmware version and Using controlled upgrades for details.
>> Installing new firmware without reviewing release notes or testing the firmware may result in changes to settings and unexpected issues.
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Hi,
This reply is much better.
Is it possible to enter the url of the firmware in the cli so that the fortigate can auto download?
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
To answer your query yes on the FGT URL upgrade option available for the firmware upgrade.
# execute restore image ?
flash >> Restore image from flash.
ftp >> Load image from FTP server.
management-station Restore image from the Management station.
tftp >> Restore image from TFTP server.
url >> Restore image from URL with HTTP/HTTPS protocols. Decrypt image if needed.
usb >> Restore image from USB disk.
However, if you observe when we upgrade FortiGate from the GUI method it takes the firmware image from the FDS(Fortiguard server) server.
This is the reason if you have Fortiguard connectivity down you will not be able to update the firmware using the automatic option then manually firmware needs to upload or fix Fortigaurd connectivity issue first.
exec ping service.fortiguard.net
exec ping update.fortiguard.net
exec ping guard.fortinet.net
Regards
Priyanka
- Have you found a solution? Then give your helper a "Kudos" and mark the solution
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
Maybe it's just me, but what is the problem? You can always manage the FGT via GUI _and_ via CLI (ssh) at the same time. Use the GUI to upload the firmware and the CLI to monitor.
Even better would be to monitor the FGT's serial port, as a lot more messages only appear in the Console. I use an inexpensive USB-to-IP terminal server device for this, combined with the serial-to-USB cable provided with newer FGTs.
Of course, if you cripple the remote FGT up to the point where you lose WAN access, the serial connection won't help much. But usually, you'll see a lot more infos. You can even get into the boot menu.
If anybody else is using USB-to-network servers, please share your make and model here, as I am not 100% satisfied with my device (a noname from/via amazon).
Ede Kernel panic: Aiee, killing interrupt handler!
Ede Kernel panic: Aiee, killing interrupt handler!
Options
- Mark as New
- Bookmark
- Subscribe
- Mute
- Subscribe to RSS Feed
- Permalink
- Report Inappropriate Content
hi,
what is USB-to-network servers?
what is USB-to-IP terminal server ?
Is it oob?
I cant go to site as it is in another state so suggestions are appreciated.
Announcements
Select Forum Responses to become Knowledge Articles!
Select the “Nominate to Knowledge Base” button to recommend a forum post to become a knowledge article.
Related Posts
- FortiGate upgrade using FortiManager progress stuck... 61 Views
- What da heck is going on... 183 Views
- 2FA via E-Mail does not work... 156 Views
- Remote access to Fortigate configured with... 350 Views
- VPN tunnel connected but i can't... 209 Views
Labels
-
FortiGate
7,099 -
FortiClient
1,399 -
5.2
801 -
5.4
639 -
FortiManager
615 -
FortiAnalyzer
449 -
6.0
416 -
FortiAP
373 -
FortiSwitch
368 -
5.6
362 -
FortiClient EMS
288 -
FortiMail
276 -
6.2
251 -
FortiAuthenticator v5.5
234 -
5.0
196 -
FortiWeb
175 -
6.4
128 -
FortiNAC
124 -
FortiGuard
115 -
IPsec
107 -
SSL-VPN
100 -
FortiGateCloud
95 -
FortiSIEM
92 -
FortiCloud Products
88 -
FortiToken
76 -
Customer Service
71 -
Wireless Controller
64 -
4.0MR3
64 -
FortiProxy
49 -
SD-WAN
47 -
FortiADC
45 -
Fortivoice
44 -
FortiEDR
43 -
FortiDNS
38 -
FortiExtender
36 -
FortiGate v5.4
35 -
FortiAuthenticator
34 -
FortiSandbox
33 -
Firewall policy
33 -
FortiSwitch v6.4
32 -
VLAN
31 -
High Availability
31 -
DNS
24 -
FortiWAN
24 -
FortiConnect
24 -
ZTNA
23 -
BGP
21 -
FortiConverter
21 -
Certificate
20 -
SAML
19 -
FortiGate v5.2
19 -
FortiPortal
18 -
FortiSwitch v6.2
17 -
LDAP
17 -
Interface
17 -
VDOM
17 -
Routing
15 -
FortiMonitor
14 -
Authentication
14 -
FortiGate v5.0
14 -
FortiLink
14 -
Fortigate Cloud
14 -
Logging
14 -
FortiDDoS
13 -
RADIUS
12 -
FortiCASB
12 -
NAT
11 -
Web profile
11 -
Traffic shaping
10 -
Virtual IP
10 -
SSL SSH inspection
10 -
SSO
10 -
Application control
10 -
FortiRecorder
10 -
SSID
9 -
FortiWeb v5.0
9 -
FortiManager v5.0
9 -
WAN optimization
9 -
4.0MR2
9 -
IP address management - IPAM
8 -
FortiBridge
8 -
FortiGate v4.0 MR3
8 -
RMA Information and Announcements
7 -
FortiSOAR
7 -
FortiAnalyzer v5.0
7 -
SNMP
7 -
Web application firewall profile
7 -
Admin
7 -
4.0
7 -
Security profile
6 -
Proxy policy
6 -
Traffic shaping policy
6 -
FortiAP profile
6 -
OSPF
6 -
Static route
6 -
IPS signature
5 -
Packet capture
5 -
FortiPAM
5 -
Automation
5 -
trunk
5 -
FortiManager v4.0
5 -
FortiDirector
4 -
Port policy
4 -
Antivirus profile
4 -
DNS Filter
4 -
FortiTester
4 -
FortiCarrier
4 -
FortiCache
4 -
3.6
4 -
FortiScan
4 -
Web rating
4 -
Intrusion prevention
4 -
FortiDeceptor
3 -
NAC policy
3 -
Multicast routing
3 -
System settings
3 -
Fortinet Engage Partner Program
3 -
FortiToken Cloud
3 -
Traffic shaping profile
3 -
DLP sensor
3 -
FortiDB
3 -
DoS policy
3 -
Email filter profile
3 -
Netflow
2 -
FortiInsight
2 -
Users
2 -
Protocol option
2 -
FortiAI
2 -
Application signature
2 -
FortiHypervisor
2 -
DLP Dictionary
2 -
VoIP profile
2 -
DLP profile
2 -
Fabric connector
2 -
Multicast policy
1 -
4.0MR1
1 -
Zone
1 -
Subscription Renewal Policy
1 -
FortiCWP
1 -
FortiNDR
1 -
TACACS
1 -
Replacement messages
1 -
Schedule
1 -
SDN connector
1 -
Authentication rule and scheme
1 -
FortiManager-VM
1 -
Internet Service Database
1 -
Explicit proxy
1
Top Kudoed Authors
| User | Count |
|---|---|
| 1053 | |
| 870 | |
| 521 | |
| 441 | |
| 146 |
Broad. Integrated. Automated.
The Fortinet Security Fabric brings together the concepts of convergence and consolidation to provide comprehensive cybersecurity protection for all users, devices, and applications and across all network edges.
Security Research
Company
News & Articles
Copyright 2024 Fortinet, Inc. All Rights Reserved.