loading FortiGate firmware image using TFTP Failed

Younes_ez · ‎06-28-2023

Hello everyone,

I have FortiGate 60D with no firmware installed, I'm trying to load the firmware image using TFTP, but it's failed.

Find Bellow the screenshot.

Can you help me solve this issue.

Best Regards

Younes

Younes_ez · ‎07-11-2023

After contacting the support, they proceed by changing the device with RMA.

Younes

View solution in original post

ndumaj · ‎06-28-2023

Hello Younes,

Please check the following article:
https://community.fortinet.com/t5/FortiGate/Technical-Note-TFTP-firmware-upload-on-FortiGate-60D-mod...

BR

- Happy to help, hit like and accept the solution -

Younes_ez · ‎06-28-2023

Hi Ndumaj ;

I followed the same article, but as you can see on my screenshot, the loading failed.

Best Regards

Younes

Toshi_Esumi · ‎06-28-2023

It's timing out. If you're sure the TFTP server is running properly wanting for requests, it's not reachable from the 60D with the IP (192.168.1.1). Check the parameter with [R] in the menu including the interface, local IP, then the image file name.

Toshi

Younes_ez · ‎06-28-2023

Hi Toshi,

The TFTP is reachable from the 60D, I checked that with Ping from the 60D menu and the TFTP is UP.

As you can see in my screenshot, the 60D is able to connect to the TFTP.

Best Regards

Younes

Toshi_Esumi · ‎06-28-2023

I doubt that. First TFTP is connectionless UDP protocol. Then "Connect to" actually mean "Connecting to..." so not connected. As a matter of fact, when I set an 60E with a wrong server IP address, I can see the same indication.

Enter C,R,T,F,I,B,Q,or H:

[C]: Configure TFTP parameters.
[R]: Review TFTP parameters.
[T]: Initiate TFTP firmware transfer.
[F]: Format boot device.
[I]: System information.
[B]: Boot with backup firmware and set as default.
[Q]: Quit menu and continue to boot.
[H]: Display this list of options.

Enter C,R,T,F,I,B,Q,or H:

Please connect TFTP server to Ethernet port 'WAN1'.

MAC: 90:6c:ac:a8:94:ac

Connect to tftp server 192.168.1.201 ...

T T T T T T T T T T T T T T T T T T T T
Retry count exceeded; starting again
MAC: 90:6c:ac:a8:94:ac

Connect to tftp server 192.168.1.201 ...

T T T T T T T T T T T T T T T T T

Younes_ez · ‎06-28-2023

Hi Toshi ;

for the IP of the TFTP server, it's Correct, and it's pinging from the FW.

When we initiate a TFTP firmware transfer, we can see on the TFTP server a window for the transfer opened but not copied.

I think maybe the host Firewall is Blocking the Transfer.

Younes

Toshi_Esumi · ‎06-28-2023

I noticed the screen showed it was using 'SWITCH ports'. 60D's image download port should be WAN1 by default. Like my 60E's.

Enter C,R,T,F,I,B,Q,or H: R

Image download port: WAN1
DHCP status: Disabled
Local VLAN ID: <NULL>
Local IP address: 192.168.1.1
Local subnet mask: <NULL>
Local gateway: <NULL>
TFTP server IP address: 192.168.1.200
Firmware file name: 60E-7013.out

Toshi_Esumi · ‎06-28-2023

And you keep saying "ping works", but how you can ping if the 60D doesn't have an image loaded?

Younes_ez · ‎06-28-2023

Yes I do the ping test with the option N

[P]: Set firmware download port.
[D]: Set DHCP mode.
[I]: Set local IP address.
[S]: Set local subnet mask.
[G]: Set local gateway.
[V]: Set local VLAN ID.
[T]: Set remote TFTP server IP address.
[F]: Set firmware file name.
[E]: Reset TFTP parameters to factory defaults.
[R]: Review TFTP parameters.
[N]: Diagnose networking(ping).
[Q]: Quit this menu.
[H]: Display this list of options.

Younes