A common method for resetting the configuration of a FortiGate involves installing firmware by restarting the FortiGate, interrupting the boot process, and using BIOS prompts to download a firmware image from a TFTP server. This process is also considered the best way to reset the configuration of your FortiGate.
Installing or upgrading FortiGate-6000 firmware from the BIOS after a reboot installs firmware on and resets the configuration of the management board only. FPCs will continue to operate with their current configuration and firmware build. The FortiGate-6000 system does not synchronize firmware upgrades that are performed from the BIOS. After you install firmware on the management board from the BIOS after a reboot, you must synchronize the new firmware build and configuration to the FPCs.
Installing or upgrading FortiGate-6301F or FortiGate-6501F firmware from the BIOS after a reboot disables the log disk RAID configuration. You must rebuild the RAID configuration for normal log disk operation. If the FortiGate-6301F or FortiGate-6501F is part of an FGCP HA cluster, both FortiGates in the cluster must have the same log disk RAID configuration. See Changing the FortiGate-6301F and 6501F log disk and RAID configuration.
Use the following steps to upload firmware from a TFTP server to the management board. This procedure involves creating a connection between the TFTP server and one of the MGMT interfaces.
This procedure also involves connecting to the management board CLI using the FortiGate-6000 console port, rebooting the management board, interrupting the boot from the console session, and following BIOS prompts to install the firmware. During this procedure, the FortiGate-6000 will not be able to process traffic.
- Set up a TFTP server and copy the firmware file to the TFTP server default folder.
- Set up your network to allow traffic between the TFTP server and one of the management interfaces, (for example, MGMT1).
- Using the console cable supplied with your FortiGate 6000, connect the console port on the FortiGate to a USB port on your management computer.
- Start a terminal emulation program on the management computer. Use these settings:
Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control None.
- Log in to the management board CLI.
- To restart the management board, enter the
- When the management board starts up, follow the boot process in the terminal session, and press any key when prompted to interrupt the boot process.
- To set up the TFTP configuration, press C.
Use the BIOS menu to set the following.Change settings only if required.
[P]: Set image download port:MGMT1 (the connected MGMT interface)
[D]: Set DHCP mode:Disabled
[I]: Set local IP address:The IP address of the MGMT interface that you want to use to connect to the TFTP server. This address can be the same as the FortiGate-6000 management IP address and cannot conflict with other addresses on your network.
[S]: Set local Subnet Mask: Set as required for your network.
[G]: Set local gateway: Set as required for your network.
[V]: Local VLAN ID: Should be set to
<none>. (use -1 to set the Local VLAN ID to
[T]: Set remote TFTP server IP address: The IP address of the TFTP server.
[F]: Set firmware image file name: The name of the firmware image file that you want to install.
- To quit this menu, press Q.
- To review the configuration, press R.
To make corrections, press C and make the changes as required. When the configuration is correct, proceed to the next step.
- To start the TFTP transfer, press T.
The management board downloads the firmware image from the TFTP server and installs it on the management board. The management board then restarts with its configuration reset to factory defaults.
- Once the management board restarts, verify that the correct firmware is installed.
You can do this from the management board GUI dashboard or from the CLI using the
get system statuscommand.
If you are installing firmware on a FortiGate-6301F or FortiGate-6501F, the log disk RAID configuration will be disabled once the management board restarts. You must rebuild the RAID configuration for normal log disk operation. If the FortiGate-6301F or FortiGate-6501F is part of an FGCP HA cluster, both FortiGates in the cluster must have the same log disk RAID configuration. See Changing the FortiGate-6301F and 6501F log disk and RAID configuration.
- Continue by Synchronizing the FPCs with the management board.