The integrity of firmware images downloaded from Fortinet's support portal can be verified using a file checksum. A file checksum that does not match the expected value indicates a corrupt file. The corruption could be caused by errors in transfer or by file modification. A list of expected checksum values for each build of released code is available on Fortinet’s support portal.
Image integrity is also verified when the FortiGate is booting up. This integrity check is done through a cyclic redundancy check (CRC). If the CRC fails, the FortiGate unit will encounter an error during the boot process.
Firmware images are signed and the signature is attached to the code as it is built. When upgrading an image, the running OS will generate a signature and compare it with the signature attached to the image. If the signatures do not match, the new OS will not load.
FortiOS lets you test a new firmware image by installing the firmware image from a system reboot and saving it to system memory. After completing this procedure, the FortiGate unit operates using the new firmware image with the current configuration. The new firmware image is not permanently installed. The next time the FortiGate unit restarts, it operates with the originally installed firmware image using the current configuration. If the new firmware image operates successfully, you can install it permanently using the procedure explained in Upgrading the firmware.
For this procedure, you must install a TFTP server that you can connect to from the FortiGate internal interface. The TFTP server should be on the same subnet as the internal interface.
- Connect to the CLI using an RJ-45 to USB (or DB-9) or null modem cable.
- Ensure that the TFTP server is running.
- Copy the new firmware image file to the root directory on the TFTP server.
- Ensure that the FortiGate unit can connect to the TFTP server using the
- Restart the FortiGate unit:
execute reboot. The following message is shown:
This operation will reboot the system!
Do you want to continue? (y/n)
y. As the FortiGate unit starts, a series of system startup messages appears.
- When the following messages appears:
Press any key to display configuration menu..........
Immediately press any key to interrupt the system startup.