Fortinet black logo

Handbook

Home FortiDDoS-F 6.3.2 Handbook

Updating firmware

6.3.2
7.0.0
6.6.3
6.6.3
6.6.1
6.6.0
6.5.1
6.5.0
6.4.1
6.4.0
6.3.3
6.3.2
6.3.1
6.2.3
6.2.2
6.2.1
6.2.0
6.1.1
Copy Link
Copy Doc ID 7b437c33-fcc7-11ec-bb32-fa163e15d75b:282385
Download PDF

Updating firmware

This topic includes the following information:

Upgrade considerations

The following considerations help you determine whether to follow a standard or non-standard upgrade procedure:

  • HA—Updating firmware on an HA cluster requires some additions to the usual steps for a standalone appliance. See Updating firmware on an HA cluster
  • Downgrades—Special guidelines apply when you downgrade firmware to an earlier version. See Downgrading firmware. In some cases, the downgrade path requires reimaging. Take care to study the release notes for each version in your downgrade path.

Important: Read the Release notes for release-specific upgrade considerations.

Updating firmware using the web UI

Before you begin:
  • Download the firmware file from the Fortinet Technical Support website.
  • Read the release notes for the version you plan to install.
  • Important: Back up your configuration before beginning this procedure. If you revert to an earlier firmware version, the running configuration is erased, and you must restore a saved configuration. We recommend you restore a configuration you knew to be working effectively on the firmware version you revert to.
  • You must have super user permission (user admin) to upgrade firmware.
To install firmware:
  1. Go to System/Firmware.
  2. Under Upload Firmware, click Choose File and select the firmware file that you want to install. Then click the Update and Reboot icon.

Clear the cache of your web browser and restart it to ensure that it reloads the web UI.

In rare cases, the GUI server may not start after upgrade. Access the system via SSH and enter execute nginx-restart then log in via GUI.

Updating firmware using the CLI

This procedure is provided for CLI users.

Before you begin:
  • Read the release notes for the version you plan to install. If information in the release notes is different from this documentation, follow the instructions in the release notes.
  • You must be able to use FTP/TFTP to transfer the firmware file to the FortiDDoS system. If you do not have a TFTP server, download and install one, like tftpd, on a server located on the same subnet as the FortiDDoS system.
  • Download the firmware file from the Fortinet Technical Support website.
  • Copy the firmware image file to the root directory of the FTP/TFTP server.
  • Back up your configuration before beginning this procedure. Reverting to an earlier firmware version could reset settings that are not compatible with the new firmware.
  • Make a note of configurations that are disabled in your active configuration. Configurations that are not enabled are not preserved in the upgrade. For example, if a custom HTTP service port, log remote port, or event log port have been configured and then disabled in 4.1.11, the port information is not preserved in the upgrade to 4.2.1.
  • You must have super user permission (user admin) to upgrade firmware.
To install firmware via the CLI:
  1. Connect your management computer to the FortiDDoS-F console port using an RJ-45-to-DB-9 serial cable or a null-modem cable.
  2. Initiate a connection to the CLI and log in as the user admin.
  3. Use an Ethernet cable to connect FortiDDoS-F port1 to the FTP/TFTP server directly, or connect it to the same subnet as the FTP/TFTP server.
  4. If necessary, start the FTP/TFTP server.
  5. Enter the following command to transfer the firmware image to the FortiDDoS system:

    execute restore image tftp <filename_str> <tftp_ipv4>

    where <filename_str> is the name of the firmware image file and <tftp_ipv4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter:

    execute restore image tftp image.out 192.168.1.168

    One of the following message appears:

    This operation will replace the current firmware version!

    Do you want to continue? (y/n)

    or:


    Get image from tftp server OK.

    Check image OK.

    This operation will downgrade the current firmware version!

    Do you want to continue? (y/n)

  6. Type y.The system installs the firmware and restarts:

    MAC:00219B8F0D94

    ###########################

    Total 28385179 bytes data downloaded.

    Verifying the integrity of the firmware image.

    Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?

  7. To verify that the firmware was successfully installed, use the following command:get system status
    The firmware version number is displayed.

If the download fails after the integrity check with the error message invalid compressed format (err=1,but the firmware matches the integrity checksum on the Fortinet Technical Support website, try a different FTP/TFTP server.

TFTP is not secure, and it does not support authentication. You should run it only on trusted administrator-only networks, and never on computers directly connected to the Internet. Turn off tftpd immediately after completing this procedure.

Downgrading firmware

You can use the web UI or CLI to downgrade to a previous software image. The commands are the same as for upgrading. However, special guidelines apply:

  • Always keep a back up of the configuration before you change the software image (upgrade or downgrade).
  • FortiDDoS F-Series maintains 2 Firmware images and the configurations associated with those images. Use System > Firmware > Boot Alternate Firmware to downgrade to the most recent previous version and revert to its configuration.
    • Be aware that all configuration changes (including Threshold changes) made in the latest firmware version will be reverted to the previous firmware configuration.
    • To Boot Alternate Firmware from CLI:

      execute restore image alternative

  • Downgrading below the previous most recent firmware version is not recommended since it will result in the erasure of all configuration settings, including the management IP address.
    • You must use a console port connection to reconfigure the management interface.
    • After you have configured the management interface, you can restore the earlier configuration. We recommend you restore a configuration you knew to be working effectively on the firmware version you installed.
    • After restoring the configuration, the system reboots, and the restored configuration will be in effect.
Previous
Next

Updating firmware

This topic includes the following information:

Upgrade considerations

The following considerations help you determine whether to follow a standard or non-standard upgrade procedure:

  • HA—Updating firmware on an HA cluster requires some additions to the usual steps for a standalone appliance. See Updating firmware on an HA cluster
  • Downgrades—Special guidelines apply when you downgrade firmware to an earlier version. See Downgrading firmware. In some cases, the downgrade path requires reimaging. Take care to study the release notes for each version in your downgrade path.

Important: Read the Release notes for release-specific upgrade considerations.

Updating firmware using the web UI

Before you begin:
  • Download the firmware file from the Fortinet Technical Support website.
  • Read the release notes for the version you plan to install.
  • Important: Back up your configuration before beginning this procedure. If you revert to an earlier firmware version, the running configuration is erased, and you must restore a saved configuration. We recommend you restore a configuration you knew to be working effectively on the firmware version you revert to.
  • You must have super user permission (user admin) to upgrade firmware.
To install firmware:
  1. Go to System/Firmware.
  2. Under Upload Firmware, click Choose File and select the firmware file that you want to install. Then click the Update and Reboot icon.

Clear the cache of your web browser and restart it to ensure that it reloads the web UI.

In rare cases, the GUI server may not start after upgrade. Access the system via SSH and enter execute nginx-restart then log in via GUI.

Updating firmware using the CLI

This procedure is provided for CLI users.

Before you begin:
  • Read the release notes for the version you plan to install. If information in the release notes is different from this documentation, follow the instructions in the release notes.
  • You must be able to use FTP/TFTP to transfer the firmware file to the FortiDDoS system. If you do not have a TFTP server, download and install one, like tftpd, on a server located on the same subnet as the FortiDDoS system.
  • Download the firmware file from the Fortinet Technical Support website.
  • Copy the firmware image file to the root directory of the FTP/TFTP server.
  • Back up your configuration before beginning this procedure. Reverting to an earlier firmware version could reset settings that are not compatible with the new firmware.
  • Make a note of configurations that are disabled in your active configuration. Configurations that are not enabled are not preserved in the upgrade. For example, if a custom HTTP service port, log remote port, or event log port have been configured and then disabled in 4.1.11, the port information is not preserved in the upgrade to 4.2.1.
  • You must have super user permission (user admin) to upgrade firmware.
To install firmware via the CLI:
  1. Connect your management computer to the FortiDDoS-F console port using an RJ-45-to-DB-9 serial cable or a null-modem cable.
  2. Initiate a connection to the CLI and log in as the user admin.
  3. Use an Ethernet cable to connect FortiDDoS-F port1 to the FTP/TFTP server directly, or connect it to the same subnet as the FTP/TFTP server.
  4. If necessary, start the FTP/TFTP server.
  5. Enter the following command to transfer the firmware image to the FortiDDoS system:

    execute restore image tftp <filename_str> <tftp_ipv4>

    where <filename_str> is the name of the firmware image file and <tftp_ipv4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter:

    execute restore image tftp image.out 192.168.1.168

    One of the following message appears:

    This operation will replace the current firmware version!

    Do you want to continue? (y/n)

    or:


    Get image from tftp server OK.

    Check image OK.

    This operation will downgrade the current firmware version!

    Do you want to continue? (y/n)

  6. Type y.The system installs the firmware and restarts:

    MAC:00219B8F0D94

    ###########################

    Total 28385179 bytes data downloaded.

    Verifying the integrity of the firmware image.

    Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?

  7. To verify that the firmware was successfully installed, use the following command:get system status
    The firmware version number is displayed.

If the download fails after the integrity check with the error message invalid compressed format (err=1,but the firmware matches the integrity checksum on the Fortinet Technical Support website, try a different FTP/TFTP server.

TFTP is not secure, and it does not support authentication. You should run it only on trusted administrator-only networks, and never on computers directly connected to the Internet. Turn off tftpd immediately after completing this procedure.

Downgrading firmware

You can use the web UI or CLI to downgrade to a previous software image. The commands are the same as for upgrading. However, special guidelines apply:

  • Always keep a back up of the configuration before you change the software image (upgrade or downgrade).
  • FortiDDoS F-Series maintains 2 Firmware images and the configurations associated with those images. Use System > Firmware > Boot Alternate Firmware to downgrade to the most recent previous version and revert to its configuration.
    • Be aware that all configuration changes (including Threshold changes) made in the latest firmware version will be reverted to the previous firmware configuration.
    • To Boot Alternate Firmware from CLI:

      execute restore image alternative

  • Downgrading below the previous most recent firmware version is not recommended since it will result in the erasure of all configuration settings, including the management IP address.
    • You must use a console port connection to reconfigure the management interface.
    • After you have configured the management interface, you can restore the earlier configuration. We recommend you restore a configuration you knew to be working effectively on the firmware version you installed.
    • After restoring the configuration, the system reboots, and the restored configuration will be in effect.
Previous
Next