Description
This article describes how to download and install firmware from a local TFTP server via the BIOS, under CLI control.
It is also necessary to install firmware using the local TFTP server if ‘OPEN DEVICE BOOT FAILED’ message appears on console as follows:
Caution: Installing firmware from a local TFTP server under console control will reset the FortiGate unit to factory default settings.
If possible, consider backing up the configuration before starting the TFTP server firmware upgrade.
Components:
- A null modem, or RJ-45 to DB9 console cable, supplied with the FortiGate unit.
- An Ethernet RJ45 cable.
- A terminal client, such as a PC running HyperTerminal (Windows).
- A TFTP server.
Download the FortiGate firmware and verify the MD5 checksum:
- Download the required firmware from the Download Firmware Images page.
- Download and install the TFTP server on the computer. http://tftpd32.jounin.net/tftpd32.html.
- Disable Windows firewall.
- Create a directory and name it something like 'TFTP'.
- Move the firewall image to that directory.
- Rename the image file to 'image.out'.
- Set the system's ethernet interface IP as follows (the IP can be from any subnet):
IP address: 10.10.10.1 - Subnet mask: 255.255.255.0
- Connect the computer to the FortiGate unit using the null modem cable. For detailed steps for this connection, see Technical Tip: How to connect to the FortiGate console port.
Terminal client communication parameters:
8 bits
no parity
1 stop bit
9600 baud (the FortiGate-300 uses 115,000 baud)
Flow Control = None
- Restart the FortiGate.
- When the console displays 'Press any key to display configuration menu...', press any other key.
FortiGate-81E (12:47-03.03.2017)
Ver:05000007
Serial number: FGT81E*********1
CPU: 1000MHz
Total RAM: 2 GB
Initializing boot device...
Initializing MAC... nplite#0
Please wait for OS to boot, or press any key to display the configuration menu.
- When a list of choices with individual letters of the alphabet appears, press 'F' to format the device.
[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[I]: System information.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.
Enter C,R,T,F,I,B,Q,or H:
It will erase data in boot device. Continue? [yes/no]:yes
Formatting..........done
Done.
- After, the device will boot again.
- Again, a list of choices with letters will appear. Press 'R' to review TFTP parameters.
Enter C,R,T,F,I,B,Q,or H:
Image download port: WAN1 <- This port of the firewall should be connected to the computer ethernet port.
DHCP status: Disabled
Local VLAN ID: <NULL>
Local IP address: 10.1.1.115
Local subnet mask: 255.255.255.0
Local gateway: 10.1.1.1
TFTP server IP address: 10.1.1.1
Firmware file name: FGT_100F-v7.0.0-build0066-FORTINET.out
- Once again, a list of choices with letters will appear. Press 'C' to configure TFTP parameters.
[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[I]: System information.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.
Enter C,R,T,F,I,B,Q,or H:
- Change the parameters to be in line with the TFTP server configuration.
[P]: Set firmware download port.
[D]: Set DHCP mode.
[I]: Set local IP address.
[S]: Set local subnet mask.
[G]: Set local gateway.
[V]: Set local VLAN ID.
[T]: Set remote TFTP server IP address.
[F]: Set firmware file name.
[E]: Reset TFTP parameters to factory defaults.
[R]: Review TFTP parameters.
[N]: Diagnose networking(ping).
[Q]: Quit this menu.
[H]: Display this list of options.
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: <-- [I]: Set local IP address.
Enter local IP address [10.1.1.115]: 10.10.10.2
.done
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: <-- [S]: Set local subnet mask.
Enter local subnet mask [255.255.255.0]: 255.255.255.0
.done
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: <-- [G]: Set local gateway.
Enter remote TFTP server IP address [10.1.1.1]: 10.10.10.1
.done
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: <-- [T]: Set remote TFTP server IP address.
Enter remote TFTP server IP address [10.1.1.1]: 10.10.10.1
.done
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: <-- [F]: Set firmware file name.
Enter firmware file name [FGT_100F-v7.0.0-build0066-FORTINET.out]: image.out
.done
Enter P,D,I,S,G,V,T,F,E,R,N,Q,or H: <-- [Q]: Quit this menu.
- Now press 'T' to initiate TFTP firmware transfer.
Please connect TFTP server to Ethernet port 'WAN1'.
MAC: 94:ff:3c:6e:e9:66
Connect to tftp server 10.10.10.1 ...
#######################################################################################################################################################################################
Image Received.
Checking image... OK
This firmware image is certified!
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?D
Programming the boot device now. The system must re-layout the boot device to install this firmware.
The default and backup firmware will be lost.
Continue:[Y/N]?
.. OK
Verifying... OK
.done
Booting OS...
Initializing firewall...
System is starting...
Resizing shared data partition...done
Formatting shared data partition ... done!
Starting system maintenance...
Scanning /dev/mmcblk0p1... (100%)
Scanning /dev/mmcblk0p3... (100%)
FortiGate-81E login: admin
Password:
You are forced to change your password. Please input a new password.
New Password:
Confirm Password:
Welcome!
