Fortinet black logo

FortiGate-6000 and FortiGate-7000 Release Notes

Formatting an FIM boot device and installing new firmware

Formatting an FIM boot device and installing new firmware

You can use the following steps to format an FIM boot device and install new firmware from a TFTP server.

  1. Set up a TFTP server and copy the firmware file to the TFTP server default folder.

  2. Set up your network to allow traffic between the TFTP server and one of the FIM MGMT interfaces.

  3. Using the console cable supplied with your FortiGate-7000, connect the SMM Console 1 port on the FortiGate-7000 to the USB port on your management computer.

  4. Start a terminal emulation program on the management computer. Use these settings:

    Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control None.

  5. Press Ctrl-T to enter console switch mode.

  6. Repeat pressing Ctrl-T until you have connected to the FIM to be updated. Example prompt for the FIM in slot 2:

    <Switching to Console: FIM02 (9600)>

  7. Optionally log in to the FIM's CLI.

  8. Reboot the FIM.

    You can do this using the execute reboot command from the CLI or by pressing the power switch on the FIM front panel.

  9. When the FIM starts up, follow the boot process in the terminal session, and press any key when prompted to interrupt the boot process.

  10. To format the FIM boot disk, press F.
  11. Press Y to confirm that you want to erase all data on the boot disk and format it.

    When the formatting is complete the FIM restarts.

  12. Follow the boot process in the terminal session, and press any key when prompted to interrupt the boot process.

  13. To set up the TFTP configuration, press C.

  14. Use the BIOS menu to set the following. Change settings only if required.

    [P]: Set image download port: MGMT1 (the connected MGMT interface.)

    [D]: Set DHCP mode: Disabled

    [I]: Set local IP address: The IP address of the MGMT interface that you want to use to connect to the TFTP server. This address must not be the same as the FortiGate-7000 management IP address and cannot conflict with other addresses on your network.

    [S]: Set local Subnet Mask: Set as required for your network.

    [G]: Set local gateway: Set as required for your network.

    [V]: Local VLAN ID: Should be set to <none>. (use -1 to set the Local VLAN ID to <none>.)

    [T]: Set remote TFTP server IP address: The IP address of the TFTP server.

    [F]: Set firmware image file name: The name of the firmware image file that you want to install.

  15. To quit this menu, press Q.

  16. To review the configuration, press R.
    To make corrections, press C and make the changes as required. When the configuration is correct, proceed to the next step.

  17. To start the TFTP transfer, press T.

    The firmware image is uploaded from the TFTP server and installed on the FIM. The FIM then restarts with its configuration reset to factory defaults. After restarting, the FIM configuration is synchronized to match the configuration of the primary FIM. The FIM restarts again and can start processing traffic.

  18. Once the FIM restarts, verify that the correct firmware is installed.

    You can do this from the FIM GUI dashboard or from the FPM CLI using the get system status command.

  19. Enter the diagnose sys confsync status | grep in_sy command to verify that the configuration has been synchronized. The field in_sync=1 indicates that the configurations of the FIMs and FPMs are synchronized.

    FIMs and FPMs that are missing or that show in_sync=0 are not synchronized. To synchronize an FIM or FPM that is not synchronized, log into the CLI of the FIM or FPM and restart it using the execute reboot command. If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com.

    If you enter the diagnose sys confsync status | grep in_sy command before the FIM has restarted, it will not appear in the command output. As well, the Configuration Sync Monitor will temporarily show that it is not synchronized.

Formatting an FIM boot device and installing new firmware

You can use the following steps to format an FIM boot device and install new firmware from a TFTP server.

  1. Set up a TFTP server and copy the firmware file to the TFTP server default folder.

  2. Set up your network to allow traffic between the TFTP server and one of the FIM MGMT interfaces.

  3. Using the console cable supplied with your FortiGate-7000, connect the SMM Console 1 port on the FortiGate-7000 to the USB port on your management computer.

  4. Start a terminal emulation program on the management computer. Use these settings:

    Baud Rate (bps) 9600, Data bits 8, Parity None, Stop bits 1, and Flow Control None.

  5. Press Ctrl-T to enter console switch mode.

  6. Repeat pressing Ctrl-T until you have connected to the FIM to be updated. Example prompt for the FIM in slot 2:

    <Switching to Console: FIM02 (9600)>

  7. Optionally log in to the FIM's CLI.

  8. Reboot the FIM.

    You can do this using the execute reboot command from the CLI or by pressing the power switch on the FIM front panel.

  9. When the FIM starts up, follow the boot process in the terminal session, and press any key when prompted to interrupt the boot process.

  10. To format the FIM boot disk, press F.
  11. Press Y to confirm that you want to erase all data on the boot disk and format it.

    When the formatting is complete the FIM restarts.

  12. Follow the boot process in the terminal session, and press any key when prompted to interrupt the boot process.

  13. To set up the TFTP configuration, press C.

  14. Use the BIOS menu to set the following. Change settings only if required.

    [P]: Set image download port: MGMT1 (the connected MGMT interface.)

    [D]: Set DHCP mode: Disabled

    [I]: Set local IP address: The IP address of the MGMT interface that you want to use to connect to the TFTP server. This address must not be the same as the FortiGate-7000 management IP address and cannot conflict with other addresses on your network.

    [S]: Set local Subnet Mask: Set as required for your network.

    [G]: Set local gateway: Set as required for your network.

    [V]: Local VLAN ID: Should be set to <none>. (use -1 to set the Local VLAN ID to <none>.)

    [T]: Set remote TFTP server IP address: The IP address of the TFTP server.

    [F]: Set firmware image file name: The name of the firmware image file that you want to install.

  15. To quit this menu, press Q.

  16. To review the configuration, press R.
    To make corrections, press C and make the changes as required. When the configuration is correct, proceed to the next step.

  17. To start the TFTP transfer, press T.

    The firmware image is uploaded from the TFTP server and installed on the FIM. The FIM then restarts with its configuration reset to factory defaults. After restarting, the FIM configuration is synchronized to match the configuration of the primary FIM. The FIM restarts again and can start processing traffic.

  18. Once the FIM restarts, verify that the correct firmware is installed.

    You can do this from the FIM GUI dashboard or from the FPM CLI using the get system status command.

  19. Enter the diagnose sys confsync status | grep in_sy command to verify that the configuration has been synchronized. The field in_sync=1 indicates that the configurations of the FIMs and FPMs are synchronized.

    FIMs and FPMs that are missing or that show in_sync=0 are not synchronized. To synchronize an FIM or FPM that is not synchronized, log into the CLI of the FIM or FPM and restart it using the execute reboot command. If this does not solve the problem, contact Fortinet Support at https://support.fortinet.com.

    If you enter the diagnose sys confsync status | grep in_sy command before the FIM has restarted, it will not appear in the command output. As well, the Configuration Sync Monitor will temporarily show that it is not synchronized.