Fortinet black logo

Handbook

Updating firmware

Updating firmware

This topic includes the following information:

Upgrade considerations

The following considerations help you determine whether to follow a standard or non-standard upgrade procedure:

  • HA—Updating firmware on an HA cluster requires some additions to the usual steps for a standalone appliance. For details, see Updating firmware for an HA cluster.
  • Re-imaging—If you are installing a firmware version that requires a different size of system partition, you might be required to re-image the boot device. Consult the release notes. In that case, do not install the firmware using this procedure. Instead, see Restoring firmware (“clean install”).
  • Downgrades—If you are downgrading the firmware to a previous version, and the settings are not fully backwards compatible, the system might remove incompatible settings or use the default values for that version of the firmware. You might need to reconfigure some settings.

Important: Read the release notes for release-specific upgrade considerations.

Updating firmware using the web UI

Firmware can be loaded on two disk partitions: the active partition and the alternate partition. The upgrade procedure:

  • Updates the firmware on the inactive partition and then makes it the active partition.
  • Copies the firmware on the active partition, upgrades it, and installs it in place of the configuration on the inactive partition.

For example, if partition 1 is active, and you perform the upgrade procedure:

  • Partition 2 is upgraded and becomes the active partition; partition 1 becomes the alternate partition.
  • The configuration on partition 1 remains in place; it is copied, upgraded, and installed in place of the configuration on partition 2.

The reason for this is to preserve the working system state in the event upgrade fails or is aborted.

Before you begin:

  • Download the firmware file from the Fortinet Customer Service & Support website: https://support.fortinet.com/
  • Read the release notes for the version you plan to install.
  • Back up your configuration before beginning this procedure. Reverting to an earlier firmware version could reset settings that are not compatible with the new firmware.
  • You must have super user permission (user admin) to upgrade firmware.
To boot the firmware on the alternate partition:
  • Click Boot Alternate Firmware.

The system reboots, the alternate becomes the active firmware, and the active becomes the alternate firmware.

To update firmware:
  1. Go to System > Settings.
  2. Click the Maintenance tab.
  3. Scroll to the Upgrade section.
  4. Click Choose File to locate and select the file.
  5. Click to upload the firmware and reboot.

The system replaces the firmware on the alternate partition and reboots. The alternate (upgraded) partition becomes the active, and the active becomes the alternate.

When you update software, you are also updating the web UI. To ensure the web UI displays the updated pages correctly:

  • Clear your browser cache.
  • Refresh the page.

In most environments, press Ctrl-F5 to force the browser to get a new copy of the content from the web application. See the Wikipedia article on browser caching issues for a summary of tips for many environments:

https://en.wikipedia.org/wiki/Wikipedia:Bypass_your_cache.

Updating firmware using the CLI

The CLI upgrade procedure replaces the firmware on the alternate partition and reboots. The alternate (upgraded) partition becomes the active, and the active becomes the alternate.

Note: The CLI does not have an equivalent of the web UI Boot Alternative Firmware command.

Before you begin:

  • Read the release notes for the version you plan to install. If information in the release notes is different from this documentation, follow the instructions in the release notes.
  • You must be able to use TFTP to transfer the firmware file to the FortiADC. Download and install a TFTP server, like tftpd (Windows, Mac OS X, or Linux), on a server on the same subnet as the FortiADC.
  • Download the firmware file from the Fortinet Customer Service & Support website: https://support.fortinet.com/
  • Copy the firmware image file to the root directory of the TFTP server.
  • Back up your configuration before beginning this procedure.
  • You must have super user permission (user admin) to upgrade firmware.

caution icon TFTP is not secure, and it does not support authentication. You should run it only on trusted administrator-only networks, and never on computers directly connected to the Internet. Turn off tftpd off immediately after completing this procedure.
To install firmware via the CLI:
  1. Connect your management computer to the FortiADC console port using an RJ-45-to-DB-9 serial cable or a null-modem cable.
  2. Initiate a connection to the CLI and log in as the user admin.
  3. Use an Ethernet cable to connect FortiADC port1 to the TFTP server directly, or connect it to the same subnet as the TFTP server.
  4. If necessary, start the TFTP server.
  5. Use the following command to transfer the firmware image to the FortiADC system:
  6. execute restore image tftp <filename> <tftp_ipv4>

    The following example shows an upgrade:

    FortiADC-VM # execute restore image tftp FAD_VM-v400-build0308-FORTINET.out 192.0.2.1

    This operation will replace the current firmware version!

    Do you want to continue? (y/n)y

    Connect to tftp server 192.0.2.1 ...

    Please wait...

    ##############################################################

    Get image from tftp server OK.

    Check image trailer OK.

    Check image OK.

    FortiADC-VM #

    The following example shows a downgrade:

    FortiADC-VM # execute restore image tftp FAD_VM-v400-build0307-FORTINET.out 192.0.2.1

    This operation will replace the current firmware version!

    Do you want to continue? (y/n)y

    Connect to tftp server 192.0.2.1 ...

    Please wait...

    #############################################################

    Get image from tftp server OK.

    Check image trailer OK.

    This operation will downgrade the current firmware version!

    Do you want to continue? (y/n)y

    FortiADC-VM #

  7. To verify the upgrade, display the system version number:

FortiADC-VM # get system status

Version: FortiADC-VM v4.2.0,build0307,150209

VM Registration: Valid: License has been successfully authenticated with registration servers.

VM License File: License file and resources are valid.

VM Resources: 1 CPU/1 allowed, 1620 MB RAM/2048 MB allowed, 23 GB Disk/1024 GB allowed

...

If the download fails after the integrity check with the error message invalid compressed format (err=1, but the firmware matches the integrity checksum on the Fortinet Customer Service & Support website, try a different TFTP server.

Updating firmware

This topic includes the following information:

Upgrade considerations

The following considerations help you determine whether to follow a standard or non-standard upgrade procedure:

  • HA—Updating firmware on an HA cluster requires some additions to the usual steps for a standalone appliance. For details, see Updating firmware for an HA cluster.
  • Re-imaging—If you are installing a firmware version that requires a different size of system partition, you might be required to re-image the boot device. Consult the release notes. In that case, do not install the firmware using this procedure. Instead, see Restoring firmware (“clean install”).
  • Downgrades—If you are downgrading the firmware to a previous version, and the settings are not fully backwards compatible, the system might remove incompatible settings or use the default values for that version of the firmware. You might need to reconfigure some settings.

Important: Read the release notes for release-specific upgrade considerations.

Updating firmware using the web UI

Firmware can be loaded on two disk partitions: the active partition and the alternate partition. The upgrade procedure:

  • Updates the firmware on the inactive partition and then makes it the active partition.
  • Copies the firmware on the active partition, upgrades it, and installs it in place of the configuration on the inactive partition.

For example, if partition 1 is active, and you perform the upgrade procedure:

  • Partition 2 is upgraded and becomes the active partition; partition 1 becomes the alternate partition.
  • The configuration on partition 1 remains in place; it is copied, upgraded, and installed in place of the configuration on partition 2.

The reason for this is to preserve the working system state in the event upgrade fails or is aborted.

Before you begin:

  • Download the firmware file from the Fortinet Customer Service & Support website: https://support.fortinet.com/
  • Read the release notes for the version you plan to install.
  • Back up your configuration before beginning this procedure. Reverting to an earlier firmware version could reset settings that are not compatible with the new firmware.
  • You must have super user permission (user admin) to upgrade firmware.
To boot the firmware on the alternate partition:
  • Click Boot Alternate Firmware.

The system reboots, the alternate becomes the active firmware, and the active becomes the alternate firmware.

To update firmware:
  1. Go to System > Settings.
  2. Click the Maintenance tab.
  3. Scroll to the Upgrade section.
  4. Click Choose File to locate and select the file.
  5. Click to upload the firmware and reboot.

The system replaces the firmware on the alternate partition and reboots. The alternate (upgraded) partition becomes the active, and the active becomes the alternate.

When you update software, you are also updating the web UI. To ensure the web UI displays the updated pages correctly:

  • Clear your browser cache.
  • Refresh the page.

In most environments, press Ctrl-F5 to force the browser to get a new copy of the content from the web application. See the Wikipedia article on browser caching issues for a summary of tips for many environments:

https://en.wikipedia.org/wiki/Wikipedia:Bypass_your_cache.

Updating firmware using the CLI

The CLI upgrade procedure replaces the firmware on the alternate partition and reboots. The alternate (upgraded) partition becomes the active, and the active becomes the alternate.

Note: The CLI does not have an equivalent of the web UI Boot Alternative Firmware command.

Before you begin:

  • Read the release notes for the version you plan to install. If information in the release notes is different from this documentation, follow the instructions in the release notes.
  • You must be able to use TFTP to transfer the firmware file to the FortiADC. Download and install a TFTP server, like tftpd (Windows, Mac OS X, or Linux), on a server on the same subnet as the FortiADC.
  • Download the firmware file from the Fortinet Customer Service & Support website: https://support.fortinet.com/
  • Copy the firmware image file to the root directory of the TFTP server.
  • Back up your configuration before beginning this procedure.
  • You must have super user permission (user admin) to upgrade firmware.

caution icon TFTP is not secure, and it does not support authentication. You should run it only on trusted administrator-only networks, and never on computers directly connected to the Internet. Turn off tftpd off immediately after completing this procedure.
To install firmware via the CLI:
  1. Connect your management computer to the FortiADC console port using an RJ-45-to-DB-9 serial cable or a null-modem cable.
  2. Initiate a connection to the CLI and log in as the user admin.
  3. Use an Ethernet cable to connect FortiADC port1 to the TFTP server directly, or connect it to the same subnet as the TFTP server.
  4. If necessary, start the TFTP server.
  5. Use the following command to transfer the firmware image to the FortiADC system:
  6. execute restore image tftp <filename> <tftp_ipv4>

    The following example shows an upgrade:

    FortiADC-VM # execute restore image tftp FAD_VM-v400-build0308-FORTINET.out 192.0.2.1

    This operation will replace the current firmware version!

    Do you want to continue? (y/n)y

    Connect to tftp server 192.0.2.1 ...

    Please wait...

    ##############################################################

    Get image from tftp server OK.

    Check image trailer OK.

    Check image OK.

    FortiADC-VM #

    The following example shows a downgrade:

    FortiADC-VM # execute restore image tftp FAD_VM-v400-build0307-FORTINET.out 192.0.2.1

    This operation will replace the current firmware version!

    Do you want to continue? (y/n)y

    Connect to tftp server 192.0.2.1 ...

    Please wait...

    #############################################################

    Get image from tftp server OK.

    Check image trailer OK.

    This operation will downgrade the current firmware version!

    Do you want to continue? (y/n)y

    FortiADC-VM #

  7. To verify the upgrade, display the system version number:

FortiADC-VM # get system status

Version: FortiADC-VM v4.2.0,build0307,150209

VM Registration: Valid: License has been successfully authenticated with registration servers.

VM License File: License file and resources are valid.

VM Resources: 1 CPU/1 allowed, 1620 MB RAM/2048 MB allowed, 23 GB Disk/1024 GB allowed

...

If the download fails after the integrity check with the error message invalid compressed format (err=1, but the firmware matches the integrity checksum on the Fortinet Customer Service & Support website, try a different TFTP server.