Fortinet black logo

FortiGate-6000 Handbook

Installing firmware from the BIOS after a reboot

Installing firmware from the BIOS after a reboot

A common method for resetting the configuration of a FortiGate involves installing firmware by restarting the FortiGate, interrupting the boot process, and using BIOS prompts to download a firmware image from a TFTP server. This process is also considered the best way to reset the configuration of your FortiGate.

Note Installing or upgrading FortiGate-6000 firmware from the BIOS after a reboot installs firmware on and resets the configuration of the management board only. FPCs will continue to operate with their current configuration and firmware build. The FortiGate-6000 system does not synchronize firmware upgrades that are performed from the BIOS. After you install firmware on the management board from the BIOS after a reboot, you must synchronize the new firmware build and configuration to the FPCs.

Use the following steps to upload firmware from a TFTP server to the management board. This procedure involves creating a connection between the TFTP server and one of the MGMT interfaces.

This procedure also involves connecting to the management board CLI using the FortiGate-6000 console port, rebooting the management board, interrupting the boot from the console session, and following BIOS prompts to install the firmware. During this procedure, the FortiGate-6000 will not be able to process traffic.

  1. Set up a TFTP server and copy the firmware file to the TFTP server default folder.
  2. Set up your network to allow traffic between the TFTP server and one of the management interfaces, (for example, MGMT1).
  3. Using the console cable supplied with your FortiGate 6000, connect the console port on the FortiGate to the RS-232 port on your management computer.
  4. Start a terminal emulation program on the management computer. Use these settings:
    Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control None.
  5. Log in to the management board CLI.
  6. To restart the management board, enter the execute reboot command.
  7. When the management board starts up, follow the boot process in the terminal session, and press any key when prompted to interrupt the boot process.
  8. To set up the TFTP configuration, press C.
  9. Use the BIOS menu to set the following.Change settings only if required.

    [P]: Set image download port: MGMT1 (the connected MGMT interface)

    [D]: Set DHCP mode: Disabled

    [I]: Set local IP address: The IP address of the MGMT interface that you want to use to connect to the TFTP server. This address can be the same as the FortiGate-6000 management IP address and cannot conflict with other addresses on your network.

    [S]: Set local Subnet Mask: Set as required for your network.

    [G]: Set local gateway: Set as required for your network.

    [V]: Local VLAN ID: Should be set to <none>. (use -1 to set the Local VLAN ID to <none>.)

    [T]: Set remote TFTP server IP address: The IP address of the TFTP server.

    [F]: Set firmware image file name: The name of the firmware image file that you want to install.

  10. To quit this menu, press Q.
  11. To review the configuration, press R.
    To make corrections, press C and make the changes as required. When the configuration is correct, proceed to the next step.
  12. To start the TFTP transfer, press T.
    The management board downloads the firmware image from the TFTP server and installs it on the management board. The management board then restarts with its configuration reset to factory defaults.
  13. Once the management board restarts, verify that the correct firmware is installed.
    You can do this from the management board GUI dashboard or from the CLI using the get system status command.
  14. Continue by Synchronizing the FPCs with the management board.

Installing firmware from the BIOS after a reboot

A common method for resetting the configuration of a FortiGate involves installing firmware by restarting the FortiGate, interrupting the boot process, and using BIOS prompts to download a firmware image from a TFTP server. This process is also considered the best way to reset the configuration of your FortiGate.

Note Installing or upgrading FortiGate-6000 firmware from the BIOS after a reboot installs firmware on and resets the configuration of the management board only. FPCs will continue to operate with their current configuration and firmware build. The FortiGate-6000 system does not synchronize firmware upgrades that are performed from the BIOS. After you install firmware on the management board from the BIOS after a reboot, you must synchronize the new firmware build and configuration to the FPCs.

Use the following steps to upload firmware from a TFTP server to the management board. This procedure involves creating a connection between the TFTP server and one of the MGMT interfaces.

This procedure also involves connecting to the management board CLI using the FortiGate-6000 console port, rebooting the management board, interrupting the boot from the console session, and following BIOS prompts to install the firmware. During this procedure, the FortiGate-6000 will not be able to process traffic.

  1. Set up a TFTP server and copy the firmware file to the TFTP server default folder.
  2. Set up your network to allow traffic between the TFTP server and one of the management interfaces, (for example, MGMT1).
  3. Using the console cable supplied with your FortiGate 6000, connect the console port on the FortiGate to the RS-232 port on your management computer.
  4. Start a terminal emulation program on the management computer. Use these settings:
    Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control None.
  5. Log in to the management board CLI.
  6. To restart the management board, enter the execute reboot command.
  7. When the management board starts up, follow the boot process in the terminal session, and press any key when prompted to interrupt the boot process.
  8. To set up the TFTP configuration, press C.
  9. Use the BIOS menu to set the following.Change settings only if required.

    [P]: Set image download port: MGMT1 (the connected MGMT interface)

    [D]: Set DHCP mode: Disabled

    [I]: Set local IP address: The IP address of the MGMT interface that you want to use to connect to the TFTP server. This address can be the same as the FortiGate-6000 management IP address and cannot conflict with other addresses on your network.

    [S]: Set local Subnet Mask: Set as required for your network.

    [G]: Set local gateway: Set as required for your network.

    [V]: Local VLAN ID: Should be set to <none>. (use -1 to set the Local VLAN ID to <none>.)

    [T]: Set remote TFTP server IP address: The IP address of the TFTP server.

    [F]: Set firmware image file name: The name of the firmware image file that you want to install.

  10. To quit this menu, press Q.
  11. To review the configuration, press R.
    To make corrections, press C and make the changes as required. When the configuration is correct, proceed to the next step.
  12. To start the TFTP transfer, press T.
    The management board downloads the firmware image from the TFTP server and installs it on the management board. The management board then restarts with its configuration reset to factory defaults.
  13. Once the management board restarts, verify that the correct firmware is installed.
    You can do this from the management board GUI dashboard or from the CLI using the get system status command.
  14. Continue by Synchronizing the FPCs with the management board.