FortiGate Next Generation Firewall utilizes purpose-built security processors and threat intelligence security services from FortiGuard labs to deliver top-rated protection and high performance, including encrypted traffic.
Article Id 268486

This article describes the required tools for restoring firmware and configuration to numerous Fortinet products after an RMA.

Scope FortiGate, FortiMail, FortiSandbox, FortiSwitch.

Below are the tools required for this operation.


Console Cable



A serial console cable and possibly a USB/Serial adapter are required.


This will connect the technician's computer to the FortiGate console port.


RJ45 Cable




An RJ45 cable is required.

It will connect the technician's computer to the FortiGate Ethernet management port.


Terminal emulator client


A terminal emulator client is required.

PuTTY is a well-known client and is a good fit for the job. Download it from the official website by selecting 'Download PuTTY' and choosing 'putty.exe'.




The above image shows the default view after opening PuTTY.

The default connection mode is SSH.

The IP must be entered in the 'Host Name (or IP address)' field.

Afterwards, select 'Open' to start the session.


For console serial access, the COM port number is required.

To find out the COM port number on Windows OS, perform the following steps:

  • Windows Key + R.
  • Enter 'devmgmt.msc' then select 'OK.
  • Scroll to the section 'Ports (COM & LPT)'.
  • Retrieve the COM port number.
  • It is 3 in this example.




Once the COM port number is known, select 'Serial' and then change the 'Serial line' value if necessary to the value found out previously. Run the connection by selecting 'Open'.

Connection speed should not be changed as 9600 is the appropriate value to access the FortiGate console.

For FortiSwitch, the Speed is 115200.




Console output can be saved in a text file if required. It is usually recommended to have a backup of the operation as a text file.


To do so, 'right-click' on the title bar and select 'Change Settings'. Go to logging and then select 'All session output' and the target file.






TFTP server setup


If a firmware upgrade is required for the operation, the technician should have a TFTP server ready to serve a firmware image to the FortiGate.


The Tftpd64 application will accomplish this.

To download the application, go to the GitHub page and select 'Download page'.

Choose either 'tftpd64…exe' or 'tftpd32…exe' and install it.


After that, create the 'C:\temp\images' directory and 'Browse' in the application to select the new directory. This will be the root directory of the TFTP server.




All images and configurations that should be uploaded to the FortiGate should be in the TFTP root directory folder.

Related article:
Technical Tip: Formatting and loading FortiGate firmware image using TFTP