Fortinet black logo

FortiGate-6000 Handbook

Home FortiGate-6000 6.0.4 FortiGate-6000 Handbook

Installing FortiGate-6000 firmware from the BIOS after a reboot

6.0.4
7.0.15
7.0.14
7.0.13
7.0.12
7.0.10
7.0.5
6.4.15
6.4.14
6.4.13
6.4.12
6.4.10
6.4.8
6.4.6
6.4.2
6.2.16
6.2.16
6.2.15
6.2.13
6.2.12
6.2.11
6.2.10
6.2.9
6.2.7
6.2.6
6.2.4
6.2.3
6.0.18
6.0.17
6.0.16
6.0.15
6.0.14
6.0.13
6.0.12
6.0.10
6.0.9
6.0.8
6.0.6
6.0.4
5.6.14
5.6.12
5.6.11
5.6.7
5.4.10
Copy Link
Copy Doc ID 25038b48-5585-11e9-81a4-00505692583a:811682
Download PDF

Installing FortiGate-6000 firmware from the BIOS after a reboot

A common method for resetting the configuration of a FortiGate involves installing firmware by restarting the FortiGate, interrupting the boot process, and using BIOS prompts to download a firmware image from a TFTP server. This process is also considered the best way to reset the configuration of your FortiGate.

Note Installing or upgrading FortiGate-6000 firmware from the BIOS after a reboot installs firmware on and resets the configuration of the management board only. FPCs will continue to operate with their current configuration and firmware build. The FortiGate-6000 system does not synchronize firmware upgrades that are performed from the BIOS. After you install firmware on the management board from the BIOS after a reboot, you must synchronize the new firmware build and configuration to the FPCs.

Use the following steps to upload firmware from a TFTP server to the management board. This procedure involves creating a connection between the TFTP server and one of the MGMT interfaces.

This procedure also involves connecting to the management board CLI using the FortiGate-6000 console port, rebooting the management board, interrupting the boot from the console session, and following BIOS prompts to install the firmware. During this procedure, the FortiGate-6000 will not be able to process traffic.

  1. Set up a TFTP server and copy the firmware file to the TFTP server default folder.
  2. Set up your network to allow traffic between the TFTP server and one of the management interfaces, (for example, MGMT1).
  3. Using the console cable supplied with your FortiGate 6000, connect the console port on the FortiGate to the RS-232 port on your management computer.
  4. Start a terminal emulation program on the management computer. Use these settings:
    Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control None.
  5. Log in to the management board CLI.
  6. To restart the management board, enter the execute reboot command.
  7. When the management board starts up, follow the boot process in the terminal session, and press any key when prompted to interrupt the boot process.
  8. To set up the TFTP configuration, press C.

  9. Use the BIOS menu to set the following.Change settings only if required.

    [P]: Set image download port: MGMT1 (the connected MGMT interface)

    [D]: Set DHCP mode: Disabled

    [I]: Set local IP address: The IP address of the MGMT interface that you want to use to connect to the TFTP server. This address can be the same as the FortiGate-6000 management IP address and cannot conflict with other addresses on your network.

    [S]: Set local Subnet Mask: Set as required for your network.

    [G]: Set local gateway: Set as required for your network.

    [V]: Local VLAN ID: Should be set to <none>. (use -1 to set the Local VLAN ID to <none>.)

    [T]: Set remote TFTP server IP address: The IP address of the TFTP server.

    [F]: Set firmware image file name: The name of the firmware image file that you want to install.

  10. To quit this menu, press Q.
  11. To review the configuration, press R.
    To make corrections, press C and make the changes as required. When the configuration is correct, proceed to the next step.
  12. To start the TFTP transfer, press T.
    The management board downloads the firmware image from the TFTP server and installs it on the management board. The management board then restarts with its configuration reset to factory defaults.
  13. Once the management board restarts, verify that the correct firmware is installed.
    You can do this from the management board GUI dashboard or from the CLI using the get system status command.
  14. Continue by Synchronizing the FPCs with the management board.

Synchronizing the FPCs with the management board

After you install firmware on the management board from the BIOS after a reboot, the firmware version and configuration of the management board will most likely not be synchronized with the FPCs. You can verify this from the management board CLI using the diagnose sys confsync status | grep in_sy command. The in_sync=0 entries in the following example output for a FortiGate-6301F show that the management board (serial number ending in 143) is not synchronized with the FPCs.

diagnose sys confsync status | grep in_sy
FPC6KFT018901327, Slave, uptime=59.44, priority=19, slot_id=1:1, idx=1, flag=0x4, in_sync=0
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901372, Slave, uptime=58.48, priority=20, slot_id=1:2, idx=1, flag=0x4, in_sync=0
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901346, Slave, uptime=58.44, priority=21, slot_id=1:3, idx=1, flag=0x4, in_sync=0
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901574, Slave, uptime=58.43, priority=22, slot_id=1:4, idx=1, flag=0x4, in_sync=0
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901345, Slave, uptime=57.40, priority=23, slot_id=1:5, idx=1, flag=0x4, in_sync=0
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901556, Slave, uptime=58.43, priority=24, slot_id=1:6, idx=1, flag=0x4, in_sync=0
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901327, Slave, uptime=59.44, priority=19, slot_id=1:1, idx=1, flag=0x4, in_sync=0
FPC6KFT018901345, Slave, uptime=57.40, priority=23, slot_id=1:5, idx=2, flag=0x4, in_sync=0
FPC6KFT018901346, Slave, uptime=58.44, priority=21, slot_id=1:3, idx=3, flag=0x4, in_sync=0
FPC6KFT018901372, Slave, uptime=58.48, priority=20, slot_id=1:2, idx=4, flag=0x4, in_sync=0
FPC6KFT018901556, Slave, uptime=58.43, priority=24, slot_id=1:6, idx=5, flag=0x4, in_sync=0
FPC6KFT018901574, Slave, uptime=58.43, priority=22, slot_id=1:4, idx=6, flag=0x4, in_sync=0

You can also verify the synchronization status from the management board Security Fabric dashboard widget.

To re-synchronize the FortiGate-6000, which has the effect of resetting all of the FPCs, re-install firmware on the management board.

Note You can also manually install firmware on each FPC from the BIOS after a reboot. This multi-step manual process is just as effective as installing the firmware for a second time on the management board to trigger synchronization to the FPCs, but takes much longer.

  1. Log in to the management board GUI.

  2. Install a firmware build on the management board from the GUI or CLI. The firmware build you install on the management board can either be the same firmware build or a different one.

    Installing firmware synchronizes the firmware build and configuration from the management board to the FPCs.

  3. Check the synchronization status from the Security Fabric dashboard widget or using the diagnose sys confsync status | grep in_sy command. The following example FortiGate-6301F output shows that the management board is synchronized with all of the FPCs because each line includes in_sync=1.

    diagnose sys confsync status | grep in_sy
FPC6KFT018901327, Slave, uptime=3773.96, priority=19, slot_id=1:1, idx=1, flag=0x4, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901372, Slave, uptime=3774.26, priority=20, slot_id=1:2, idx=1, flag=0x4, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901346, Slave, uptime=3774.68, priority=21, slot_id=1:3, idx=1, flag=0x4, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901574, Slave, uptime=3774.19, priority=22, slot_id=1:4, idx=1, flag=0x4, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901345, Slave, uptime=3773.59, priority=23, slot_id=1:5, idx=1, flag=0x4, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901556, Slave, uptime=3774.82, priority=24, slot_id=1:6, idx=1, flag=0x4, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901327, Slave, uptime=3773.96, priority=19, slot_id=1:1, idx=1, flag=0x24, in_sync=1
FPC6KFT018901345, Slave, uptime=3773.59, priority=23, slot_id=1:5, idx=2, flag=0x24, in_sync=1
FPC6KFT018901346, Slave, uptime=3774.68, priority=21, slot_id=1:3, idx=3, flag=0x24, in_sync=1
FPC6KFT018901372, Slave, uptime=3774.26, priority=20, slot_id=1:2, idx=4, flag=0x24, in_sync=1
FPC6KFT018901556, Slave, uptime=3774.82, priority=24, slot_id=1:6, idx=5, flag=0x24, in_sync=1
FPC6KFT018901574, Slave, uptime=3774.19, priority=22, slot_id=1:4, idx=6, flag=0x24, in_sync=1
Previous
Next

Installing FortiGate-6000 firmware from the BIOS after a reboot

A common method for resetting the configuration of a FortiGate involves installing firmware by restarting the FortiGate, interrupting the boot process, and using BIOS prompts to download a firmware image from a TFTP server. This process is also considered the best way to reset the configuration of your FortiGate.

Note Installing or upgrading FortiGate-6000 firmware from the BIOS after a reboot installs firmware on and resets the configuration of the management board only. FPCs will continue to operate with their current configuration and firmware build. The FortiGate-6000 system does not synchronize firmware upgrades that are performed from the BIOS. After you install firmware on the management board from the BIOS after a reboot, you must synchronize the new firmware build and configuration to the FPCs.

Use the following steps to upload firmware from a TFTP server to the management board. This procedure involves creating a connection between the TFTP server and one of the MGMT interfaces.

This procedure also involves connecting to the management board CLI using the FortiGate-6000 console port, rebooting the management board, interrupting the boot from the console session, and following BIOS prompts to install the firmware. During this procedure, the FortiGate-6000 will not be able to process traffic.

  1. Set up a TFTP server and copy the firmware file to the TFTP server default folder.
  2. Set up your network to allow traffic between the TFTP server and one of the management interfaces, (for example, MGMT1).
  3. Using the console cable supplied with your FortiGate 6000, connect the console port on the FortiGate to the RS-232 port on your management computer.
  4. Start a terminal emulation program on the management computer. Use these settings:
    Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control None.
  5. Log in to the management board CLI.
  6. To restart the management board, enter the execute reboot command.
  7. When the management board starts up, follow the boot process in the terminal session, and press any key when prompted to interrupt the boot process.
  8. To set up the TFTP configuration, press C.

  9. Use the BIOS menu to set the following.Change settings only if required.

    [P]: Set image download port: MGMT1 (the connected MGMT interface)

    [D]: Set DHCP mode: Disabled

    [I]: Set local IP address: The IP address of the MGMT interface that you want to use to connect to the TFTP server. This address can be the same as the FortiGate-6000 management IP address and cannot conflict with other addresses on your network.

    [S]: Set local Subnet Mask: Set as required for your network.

    [G]: Set local gateway: Set as required for your network.

    [V]: Local VLAN ID: Should be set to <none>. (use -1 to set the Local VLAN ID to <none>.)

    [T]: Set remote TFTP server IP address: The IP address of the TFTP server.

    [F]: Set firmware image file name: The name of the firmware image file that you want to install.

  10. To quit this menu, press Q.
  11. To review the configuration, press R.
    To make corrections, press C and make the changes as required. When the configuration is correct, proceed to the next step.
  12. To start the TFTP transfer, press T.
    The management board downloads the firmware image from the TFTP server and installs it on the management board. The management board then restarts with its configuration reset to factory defaults.
  13. Once the management board restarts, verify that the correct firmware is installed.
    You can do this from the management board GUI dashboard or from the CLI using the get system status command.
  14. Continue by Synchronizing the FPCs with the management board.

Synchronizing the FPCs with the management board

After you install firmware on the management board from the BIOS after a reboot, the firmware version and configuration of the management board will most likely not be synchronized with the FPCs. You can verify this from the management board CLI using the diagnose sys confsync status | grep in_sy command. The in_sync=0 entries in the following example output for a FortiGate-6301F show that the management board (serial number ending in 143) is not synchronized with the FPCs.

diagnose sys confsync status | grep in_sy
FPC6KFT018901327, Slave, uptime=59.44, priority=19, slot_id=1:1, idx=1, flag=0x4, in_sync=0
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901372, Slave, uptime=58.48, priority=20, slot_id=1:2, idx=1, flag=0x4, in_sync=0
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901346, Slave, uptime=58.44, priority=21, slot_id=1:3, idx=1, flag=0x4, in_sync=0
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901574, Slave, uptime=58.43, priority=22, slot_id=1:4, idx=1, flag=0x4, in_sync=0
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901345, Slave, uptime=57.40, priority=23, slot_id=1:5, idx=1, flag=0x4, in_sync=0
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901556, Slave, uptime=58.43, priority=24, slot_id=1:6, idx=1, flag=0x4, in_sync=0
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
F6KF31T018900143, Master, uptime=119.72, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901327, Slave, uptime=59.44, priority=19, slot_id=1:1, idx=1, flag=0x4, in_sync=0
FPC6KFT018901345, Slave, uptime=57.40, priority=23, slot_id=1:5, idx=2, flag=0x4, in_sync=0
FPC6KFT018901346, Slave, uptime=58.44, priority=21, slot_id=1:3, idx=3, flag=0x4, in_sync=0
FPC6KFT018901372, Slave, uptime=58.48, priority=20, slot_id=1:2, idx=4, flag=0x4, in_sync=0
FPC6KFT018901556, Slave, uptime=58.43, priority=24, slot_id=1:6, idx=5, flag=0x4, in_sync=0
FPC6KFT018901574, Slave, uptime=58.43, priority=22, slot_id=1:4, idx=6, flag=0x4, in_sync=0

You can also verify the synchronization status from the management board Security Fabric dashboard widget.

To re-synchronize the FortiGate-6000, which has the effect of resetting all of the FPCs, re-install firmware on the management board.

Note You can also manually install firmware on each FPC from the BIOS after a reboot. This multi-step manual process is just as effective as installing the firmware for a second time on the management board to trigger synchronization to the FPCs, but takes much longer.

  1. Log in to the management board GUI.

  2. Install a firmware build on the management board from the GUI or CLI. The firmware build you install on the management board can either be the same firmware build or a different one.

    Installing firmware synchronizes the firmware build and configuration from the management board to the FPCs.

  3. Check the synchronization status from the Security Fabric dashboard widget or using the diagnose sys confsync status | grep in_sy command. The following example FortiGate-6301F output shows that the management board is synchronized with all of the FPCs because each line includes in_sync=1.

    diagnose sys confsync status | grep in_sy
FPC6KFT018901327, Slave, uptime=3773.96, priority=19, slot_id=1:1, idx=1, flag=0x4, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901372, Slave, uptime=3774.26, priority=20, slot_id=1:2, idx=1, flag=0x4, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901346, Slave, uptime=3774.68, priority=21, slot_id=1:3, idx=1, flag=0x4, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901574, Slave, uptime=3774.19, priority=22, slot_id=1:4, idx=1, flag=0x4, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901345, Slave, uptime=3773.59, priority=23, slot_id=1:5, idx=1, flag=0x4, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901556, Slave, uptime=3774.82, priority=24, slot_id=1:6, idx=1, flag=0x4, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
F6KF31T018900143, Master, uptime=3837.25, priority=1, slot_id=1:0, idx=0, flag=0x0, in_sync=1
FPC6KFT018901327, Slave, uptime=3773.96, priority=19, slot_id=1:1, idx=1, flag=0x24, in_sync=1
FPC6KFT018901345, Slave, uptime=3773.59, priority=23, slot_id=1:5, idx=2, flag=0x24, in_sync=1
FPC6KFT018901346, Slave, uptime=3774.68, priority=21, slot_id=1:3, idx=3, flag=0x24, in_sync=1
FPC6KFT018901372, Slave, uptime=3774.26, priority=20, slot_id=1:2, idx=4, flag=0x24, in_sync=1
FPC6KFT018901556, Slave, uptime=3774.82, priority=24, slot_id=1:6, idx=5, flag=0x24, in_sync=1
FPC6KFT018901574, Slave, uptime=3774.19, priority=22, slot_id=1:4, idx=6, flag=0x24, in_sync=1
Previous
Next