Fortinet white logo
Fortinet white logo

Handbook

6.0.0

Installation from system reboot

Installation from system reboot

In the event that the firmware upgrade does not load properly and the FortiGate unit will not boot, or continuously reboots, it is best to perform a fresh install of the firmware from a reboot using the CLI.

This procedure installs a firmware image and resets the FortiGate unit to default settings. You can use this procedure to upgrade to a new firmware version, revert to an older firmware version, or re-install the current firmware.

To use this procedure, you must connect to the CLI using the FortiGate console port and a RJ-45 to DB-9, or null modem cable. This procedure reverts the FortiGate unit to its factory default configuration.

For this procedure you install a TFTP server that you can connect to from the FortiGate internal interface. The TFTP server should be on the same subnet as the internal interface.

Before beginning this procedure, ensure you backup the FortiGate unit configuration.

If you are reverting to a previous FortiOS version, you might not be able to restore the previous configuration from the backup configuration file.

Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date.

To install firmware from a system reboot:
  1. Connect to the CLI using the RJ-45 to DB-9 or null modem cable.
  2. Make sure the TFTP server is running.
  3. Copy the new firmware image file to the root directory of the TFTP server.
  4. Make sure the internal interface is connected to the same network as the TFTP server.
  5. To confirm the FortiGate unit can connect to the TFTP server, use the following command to ping the computer running the TFTP server. For example, if the IP address of the TFTP server is 192.168.1.168: execute ping 192.168.1.168
  6. Enter the following command to restart the FortiGate unit: execute reboot
  7. The FortiGate unit responds with the following message:

    This operation will reboot the system!

    Do you want to continue? (y/n)

  8. Type y. As the FortiGate unit starts, a series of system startup messages appears. When the following messages appears: Press any key to display configuration menu..........
  9. Immediately press any key to interrupt the system startup.

    note icon You have only three (3) seconds to press any key. If you do not press a key quickly enough, the FortiGate unit reboots and you must log in and repeat the execute reboot command.
  10. If you successfully interrupt the startup process, the following messages appears:

    [G]: Get firmware image from TFTP server.

    [F]: Format boot device.

    [B]: Boot with backup firmware and set as default

    [C]: Configuration and information

    [Q]: Quit menu and continue to boot with default firmware.

    [H]: Display this list of options.

    Enter G, F, Q, or H

  11. Type G to get to the new firmware image form the TFTP server. The following message appears: Enter TFTP server address [192.168.1.168]:
  12. Type the address of the TFTP server and press Enter. The following message appears: Enter Local Address [192.168.1.188]:
  13. Type an IP address the FortiGate unit can use to connect to the TFTP server. The IP address can be any IP address that is valid for the network to which the interface is connected.

    note icon

    Make sure you do not enter the IP address of another device on this network.

  14. The following message appears: Enter File Name [image.out]:
  15. Enter the firmware image filename and press Enter.The TFTP server uploads the firmware image file to the FortiGate unit and a message similar to the following appears: Save as Default firmware/Backup firmware/Run image without saving: [D/B/R]
  16. Type D. The FortiGate unit installs the new firmware image and restarts. The installation might take a few minutes to complete.

Installation from system reboot

Installation from system reboot

In the event that the firmware upgrade does not load properly and the FortiGate unit will not boot, or continuously reboots, it is best to perform a fresh install of the firmware from a reboot using the CLI.

This procedure installs a firmware image and resets the FortiGate unit to default settings. You can use this procedure to upgrade to a new firmware version, revert to an older firmware version, or re-install the current firmware.

To use this procedure, you must connect to the CLI using the FortiGate console port and a RJ-45 to DB-9, or null modem cable. This procedure reverts the FortiGate unit to its factory default configuration.

For this procedure you install a TFTP server that you can connect to from the FortiGate internal interface. The TFTP server should be on the same subnet as the internal interface.

Before beginning this procedure, ensure you backup the FortiGate unit configuration.

If you are reverting to a previous FortiOS version, you might not be able to restore the previous configuration from the backup configuration file.

Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date.

To install firmware from a system reboot:
  1. Connect to the CLI using the RJ-45 to DB-9 or null modem cable.
  2. Make sure the TFTP server is running.
  3. Copy the new firmware image file to the root directory of the TFTP server.
  4. Make sure the internal interface is connected to the same network as the TFTP server.
  5. To confirm the FortiGate unit can connect to the TFTP server, use the following command to ping the computer running the TFTP server. For example, if the IP address of the TFTP server is 192.168.1.168: execute ping 192.168.1.168
  6. Enter the following command to restart the FortiGate unit: execute reboot
  7. The FortiGate unit responds with the following message:

    This operation will reboot the system!

    Do you want to continue? (y/n)

  8. Type y. As the FortiGate unit starts, a series of system startup messages appears. When the following messages appears: Press any key to display configuration menu..........
  9. Immediately press any key to interrupt the system startup.

    note icon You have only three (3) seconds to press any key. If you do not press a key quickly enough, the FortiGate unit reboots and you must log in and repeat the execute reboot command.
  10. If you successfully interrupt the startup process, the following messages appears:

    [G]: Get firmware image from TFTP server.

    [F]: Format boot device.

    [B]: Boot with backup firmware and set as default

    [C]: Configuration and information

    [Q]: Quit menu and continue to boot with default firmware.

    [H]: Display this list of options.

    Enter G, F, Q, or H

  11. Type G to get to the new firmware image form the TFTP server. The following message appears: Enter TFTP server address [192.168.1.168]:
  12. Type the address of the TFTP server and press Enter. The following message appears: Enter Local Address [192.168.1.188]:
  13. Type an IP address the FortiGate unit can use to connect to the TFTP server. The IP address can be any IP address that is valid for the network to which the interface is connected.

    note icon

    Make sure you do not enter the IP address of another device on this network.

  14. The following message appears: Enter File Name [image.out]:
  15. Enter the firmware image filename and press Enter.The TFTP server uploads the firmware image file to the FortiGate unit and a message similar to the following appears: Save as Default firmware/Backup firmware/Run image without saving: [D/B/R]
  16. Type D. The FortiGate unit installs the new firmware image and restarts. The installation might take a few minutes to complete.