In the event that the firmware upgrade does not load properly and the FortiGate unit will not boot, or continuously reboots, it is best to perform a fresh install of the firmware from a reboot using the CLI.
This procedure installs a firmware image and resets the FortiGate unit to factory default settings. You can use this procedure to upgrade to a new firmware version, revert to an older firmware version, or re-install the current firmware.
To use this procedure, you must connect to the CLI using the FortiGate console port and a RJ-45 to DB-9, or null modem cable. You must also install a TFTP server that you can connect to from the FortiGate internal interface. The TFTP server should be on the same subnet as the internal interface.
Before beginning this procedure, ensure that you backup the FortiGate unit configuration. See Configuration backups for details. If you are reverting to a previous FortiOS version, you might not be able to restore the previous configuration from the backup configuration file.
Installing firmware replaces your current antivirus and attack definitions, along with the definitions included with the firmware release you are installing. After you install new firmware, make sure that antivirus and attack definitions are up to date.
- Connect to the CLI using the RJ-45 to DB-9 or null modem cable.
- Ensure that the TFTP server is running.
- Copy the new firmware image file to the root directory of the TFTP server.
Ensure that the FortiGate unit can connect to the TFTP server using the
- Restart the FortiGate unit:
execute reboot. The following message is shown:
This operation will reboot the system!
Do you want to continue? (y/n)
y. As the FortiGate unit starts, a series of system startup messages appears.
- When the following messages appears:
Press any key to display configuration menu..........
Immediately press any key to interrupt the system startup.
You have only three seconds to press any key. If you do not press a key during this time, the FortiGate will reboot, and you will have to log in and repeat the
If you successfully interrupt the startup process, the following messages appears:
[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[B]: Boot with backup firmware and set as default
[C]: Configuration and information
[Q]: Quit menu and continue to boot with default firmware.
[H]: Display this list of options.
Enter G, F, Q, or H:
- Type G to get the new firmware image from the TFTP server. The following message appears:
Enter TFTP server address [192.168.1.168]:
- Type the address of the TFTP server, then press Enter. The following message appears:
Enter Local Address [192.168.1.188]:
- Type the IP address of the FortiGate unit to connect to the TFTP server.
The IP address must be on the same network as the TFTP server.
Make sure that you do not enter the IP address of another device on this network.
The following message appears:
Enter File Name [image.out]:
- Enter the firmware image file name then press Enter. The TFTP server uploads the firmware image file to the FortiGate unit and the following message appears:
Save as Default firmware/Backup firmware/Run image without saving: [D/B/R]
- Type D. The FortiGate unit installs the new firmware image and restarts. The installation might take a few minutes to complete.