Fortinet black logo

Administration Guide

Installing firmware

Installing firmware

You can use either the web UI or the CLI to upgrade or downgrade the firmware of the FortiMail unit.

Administrators whose Domain is System and whose access profile contains Read-Write access in the Others category, such as the admin administrator, can change the FortiMail firmware.

Firmware changes are either:

  • an upgrade to a newer version
  • a reversion to an earlier version

To determine if you are upgrading or reverting your firmware image, examine the firmware version number. For example, if your current firmware version is FortiMail-400 3.00,build288,080327, changing to FortiMail-400 3.00,build266,071209, an earlier build number and date, indicates that you are reverting.

Reverting to an earlier version may cause the FortiMail unit to remove parts of the configuration that are not valid for that earlier version. In some cases, you may lose all mail data and configurations.

When upgrading, there may also be additional considerations. For details, see Upgrading the firmware.

Therefore, no matter you are upgrading or downgrading, it is always a good practice to back up the configuration and mail data.

To install firmware using the web UI
  1. Log in to the Fortinet Technical Support web site, https://support.fortinet.com/.
  2. Download the firmware image file to your management computer.
  3. Log in to the web UI as the admin administrator, or an administrator account that has system configuration read and write privileges.
  4. In the advanced mode of the web UI, install firmware in one of two ways:
  • Go to Dashboard > Status, and in the System Information area, in the Firmware version row, click Update. Click Browse to locate the firmware and then click Submit.
  • Go to System > Maintenance > Configuration, under Restore Firmware, check Local PC, and click Browse to locate the firmware. Then click Restore.

Your web browser uploads the firmware file to the FortiMail unit. The FortiMail unit installs the firmware and restarts. Time required varies by the size of the file and the speed of your network connection.

If you are downgrading the firmware to a previous version, the FortiMail unit reverts the configuration to default values for that version of the firmware. You must either reconfigure the FortiMail unit or restore the configuration file.

  • Clear the cache of your web browser and restart it to ensure that it reloads the web UI and correctly displays all changes.
  • To verify that the firmware was successfully installed, log in to the web UI and go to Dashboard > Status. Text appearing in the Firmware version row indicates the currently installed firmware version.
  • To install firmware using the CLI
    1. Log in to the Fortinet Technical Support web site, https://support.fortinet.com/.
    2. Download the firmware image file to your management computer.
    3. Connect your management computer to the FortiMail console port using a RJ-45 to DB-9 serial cable or a null-modem cable.
    4. Initiate a connection from your management computer to the CLI of the FortiMail unit, and log in as the admin administrator, or an administrator account that has system configuration read and write privileges.
    5. Connect port1 of the FortiMail unit directly or to the same subnet as a TFTP server.
    6. Copy the new firmware image file to the root directory of the TFTP server.
    7. Verify that the TFTP server is currently running, and that the FortiMail unit can reach the TFTP server.
    8. To use the FortiMail CLI to verify connectivity, enter the following command:

      execute ping 192.168.1.168

      where 192.168.1.168 is the IP address of the TFTP server.

    9. Enter the following command to download the firmware image from the TFTP server to the FortiMail unit:
    10. execute restore image tftp <name_str> <tftp_ipv4>

      where <name_str> is the name of the firmware image file and <tftp_ipv4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter:

      execute restore image tftp image.out 192.168.1.168

      One of the following message appears:

      This operation will replace the current firmware version!

      Do you want to continue? (y/n)

      or:

      Get image from tftp server OK.

      Check image OK.

      This operation will downgrade the current firmware version!

      Do you want to continue? (y/n)

    11. Type y.
    12. The FortiMail unit downloads the firmware image file from the TFTP server. The FortiMail unit installs the firmware and restarts. Time required varies by the size of the file and the speed of your network connection.

      If you are downgrading the firmware to a previous version, the FortiMail unit reverts the configuration to default values for that version of the firmware. You must either reconfigure the FortiMail unit or restore the configuration file.

    13. If you also use the web UI, clear the cache of your web browser and restart it to ensure that it reloads the web UI and correctly displays all tab, button, and other changes.
    14. To verify that the firmware was successfully installed, log in to the CLI and type:
    15. get system status

    16. If you have downgraded the firmware version, reconnect to the FortiMail unit using its default IP address for port1, 192.168.1.99, and restore the configuration file. For details, see Reconnecting to the FortiMail unit and Restoring the configuration.
    17. If you have upgraded the firmware version, to verify the conversion of the configuration file, see Verifying the configuration. If the upgrade is unsuccessful, you can downgrade the firmware to a previous version.

    18. Update the FortiGuard Antivirus definitions.
    19. Note

      Installing firmware replaces the current antivirus definitions with those included with the firmware release that you are installing. After you install the new firmware, make sure that your FortiGuard Antivirus definitions are up-to-date.

    20. After upgrading to FortiMail v3.0 from any older version, create new LDAP profiles. LDAP profiles cannot be automatically converted from the FortiMail v3.0 configuration format. For details, see Configuring LDAP profiles.
    See also

    Backup and restore

    Reconnecting to the FortiMail unit

    Restoring the configuration

    Verifying the configuration

    Reconnecting to the FortiMail unit

    After downgrading to a previous firmware version, the FortiMail unit reverts to default settings for the installed firmware version, including the IP addresses of network interfaces through which you connect to the FortiMail web UI and/or CLI.

    Use either of the following procedures if the FortiMail unit has been reset to a default configuration and you need to reconnect to the web UI.

    Note

    If your FortiMail unit has not been reset to its default configuration, but you cannot connect to the web UI or CLI, you can restore the firmware, resetting the FortiMail unit to its default configuration in order to reconnect using the default network interface IP address. For more information, see Clean installing firmware.

    To reconnect using the LCD panel
    Note

    This procedure requires a FortiMail model whose hardware includes a front LCD panel.

    1. Press Enter to display the Main Menu.
    2. Press Enter to display the interface list.
    3. Use the up or down arrows to highlight the network interface that is connected to your management computer, and press Enter.
    4. Press Enter for IP Address.
    5. Use the up and down arrows to increase or decrease each number of each IP address digit. Press Enter to go to the next IP address digit or press Esc to move to the previous digit.
    6. After selecting the last IP address digit, press Enter to save the IP address.
    7. Repeat steps Press Enter for IP Address. 4 to Reconnecting to the FortiMail unit6 to enter the netmask address for the network interface.
    8. After selecting the last netmask address digit, press Enter to save the netmask address.
    9. Press Esc to return to the Main Menu.

      The network interface’s IP address and netmask is saved. You can now reconnect to either the web UI or CLI through that network interface using. For information on restoring the configuration, see Restoring the configuration.

    To reconnect using the CLI
    1. Connect your management computer to the FortiMail console port using a RJ-45 to DB-9 serial cable or a null-modem cable.
    2. Start HyperTerminal, enter a name for the connection and click OK.
    3. Configure HyperTerminal to connect directly to the communications (COM) port on your computer and click OK.
    4. Select the following port settings and click OK:
    5. Bits per second

      9600

      Data bits

      8

      Parity

      None

      Stop bits

      1

      Flow control

      None

    6. Press Enter to connect to the FortiMail CLI.
    7. The login prompt appears.

    8. Type admin and press Enter twice.
    9. The following prompt appears:

      Welcome!

    10. Enter the following command:
    11. config system interface

      edit <interface_str>

      set ip <ip&netmask>

      end

      where:

    • <interface_str> is the name of the network interface, such as port1
    • <ip$netmask> is the IP address/netmask of the network interface, such as 192.168.1.10/24
  • Enter the following command:
  • config system interface

    edit <interface_str>

    set allowaccess {https | http | ssh | snmp | ping | telnet}

    end

    The network interface’s IP address and netmask is saved. You can now reconnect to either the web UI or CLI through that network interface. For information on restoring the configuration, see Restoring the configuration.

    See also

    Restoring the configuration

    Restoring the configuration

    You can restore a backup copy of the configuration file from your local PC using either the web UI or CLI.

    If you have just downgraded or restored the firmware of the FortiMail unit, restoring the configuration file can be used to reconfigure the FortiMail unit from its default settings.

    To restore the configuration file using the web UI
    1. Clear your browser’s cache. If your browser is currently displaying the web UI, also refresh the page.
    2. Log in to the web UI.
    3. In the advanced management mode, go to System > Maintenance > Configuration.
    4. Click Restore Configuration to locate and select the configuration file that you want to restore, then click Restore.
    5. The FortiMail unit restores the configuration file and reboots.Time required varies by the size of the file and the speed of your network connection.

    6. After restoring the configuration file, verify that the settings have been successfully loaded. For details on verifying the configuration restoration, see Verifying the configuration.
    To restore the configuration file using the CLI
    Note

    The following procedure restores only the core configuration file, which does not include items such as the Bayesian databases, dictionary database, and other items. To restore backups of those items, use the web UI.

    1. Initiate a connection from your management computer to the CLI of the FortiMail unit, and log in as the admin administrator, or an administrator account that has system configuration read and write privileges.
    2. Connect a network interface of the FortiMail unit directly or to the same subnet as a TFTP server.
    3. Copy the new firmware image file to the root directory of the TFTP server.
    4. Verify that the TFTP server is currently running, and that the FortiMail unit can reach the TFTP server.
    5. To use the (Undefined variable: FortiMail Amin Guide.FortiProduct) CLI to verify connectivity, enter the following command:

      execute ping 192.168.1.168

      where 192.168.1.168 is the IP address of the TFTP server.

    6. Enter the following command:
    7. execute restore config tftp <file_name> <tftp_ipv4>

      The following message appears:

      This operation will overwrite the current settings!
      (The current admin password will be preserved.)
      Do you want to continue? (y/n)

    8. Enter y.
    9. The FortiMail unit restores the configuration file and reboots. Time required varies by the size of the file and the speed of your network connection.

    10. After restoring the configuration file, verify that the settings have been successfully loaded. For details on verifying the configuration restoration, see Verifying the configuration.
    See also

    Backup and restore

    Verifying the configuration

    Installing firmware

    Clean installing firmware

    Verifying the configuration

    After installing a new firmware file, you should verify that the configuration has been successfully converted to the format required by the new firmware and that no configuration data has been lost.

    In addition to verifying successful conversion, verifying the configuration also provides familiarity with new and changed features.

    To verify the configuration upgrade
    1. Clear your browser’s cache.
    2. Log in to the web UI using the admin administrator account.
    3. Other administrator accounts may not have sufficient privileges to completely review the configuration.

    4. Review the configuration and compare it with your configuration backup to verify that the configuration has been correctly converted.

    Upgrading the firmware

    If you are upgrading, it is especially important to note that the upgrade process may require a specific path. Very old versions of the firmware may not be supported by the configuration upgrade scripts that are used by the newest firmware. As a result, you may need to upgrade to an intermediate version of the firmware first, before upgrading to your intended version. Upgrade paths are described in the Release Notes.

    Before upgrading the firmware of the FortiMail unit, for the most current upgrade information, review the Release Notes for the new firmware version.

    Release Notes are available from http://support.fortinet.com when downloading the firmware image file.

    Release Notes may contain late-breaking information that was not available at the time this Administration Guide was prepared.

    See also

    Backup and restore

    Restoring the configuration

    Installing firmware

    Installing firmware

    You can use either the web UI or the CLI to upgrade or downgrade the firmware of the FortiMail unit.

    Administrators whose Domain is System and whose access profile contains Read-Write access in the Others category, such as the admin administrator, can change the FortiMail firmware.

    Firmware changes are either:

    • an upgrade to a newer version
    • a reversion to an earlier version

    To determine if you are upgrading or reverting your firmware image, examine the firmware version number. For example, if your current firmware version is FortiMail-400 3.00,build288,080327, changing to FortiMail-400 3.00,build266,071209, an earlier build number and date, indicates that you are reverting.

    Reverting to an earlier version may cause the FortiMail unit to remove parts of the configuration that are not valid for that earlier version. In some cases, you may lose all mail data and configurations.

    When upgrading, there may also be additional considerations. For details, see Upgrading the firmware.

    Therefore, no matter you are upgrading or downgrading, it is always a good practice to back up the configuration and mail data.

    To install firmware using the web UI
    1. Log in to the Fortinet Technical Support web site, https://support.fortinet.com/.
    2. Download the firmware image file to your management computer.
    3. Log in to the web UI as the admin administrator, or an administrator account that has system configuration read and write privileges.
    4. In the advanced mode of the web UI, install firmware in one of two ways:
    • Go to Dashboard > Status, and in the System Information area, in the Firmware version row, click Update. Click Browse to locate the firmware and then click Submit.
    • Go to System > Maintenance > Configuration, under Restore Firmware, check Local PC, and click Browse to locate the firmware. Then click Restore.

    Your web browser uploads the firmware file to the FortiMail unit. The FortiMail unit installs the firmware and restarts. Time required varies by the size of the file and the speed of your network connection.

    If you are downgrading the firmware to a previous version, the FortiMail unit reverts the configuration to default values for that version of the firmware. You must either reconfigure the FortiMail unit or restore the configuration file.

  • Clear the cache of your web browser and restart it to ensure that it reloads the web UI and correctly displays all changes.
  • To verify that the firmware was successfully installed, log in to the web UI and go to Dashboard > Status. Text appearing in the Firmware version row indicates the currently installed firmware version.
  • To install firmware using the CLI
    1. Log in to the Fortinet Technical Support web site, https://support.fortinet.com/.
    2. Download the firmware image file to your management computer.
    3. Connect your management computer to the FortiMail console port using a RJ-45 to DB-9 serial cable or a null-modem cable.
    4. Initiate a connection from your management computer to the CLI of the FortiMail unit, and log in as the admin administrator, or an administrator account that has system configuration read and write privileges.
    5. Connect port1 of the FortiMail unit directly or to the same subnet as a TFTP server.
    6. Copy the new firmware image file to the root directory of the TFTP server.
    7. Verify that the TFTP server is currently running, and that the FortiMail unit can reach the TFTP server.
    8. To use the FortiMail CLI to verify connectivity, enter the following command:

      execute ping 192.168.1.168

      where 192.168.1.168 is the IP address of the TFTP server.

    9. Enter the following command to download the firmware image from the TFTP server to the FortiMail unit:
    10. execute restore image tftp <name_str> <tftp_ipv4>

      where <name_str> is the name of the firmware image file and <tftp_ipv4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter:

      execute restore image tftp image.out 192.168.1.168

      One of the following message appears:

      This operation will replace the current firmware version!

      Do you want to continue? (y/n)

      or:

      Get image from tftp server OK.

      Check image OK.

      This operation will downgrade the current firmware version!

      Do you want to continue? (y/n)

    11. Type y.
    12. The FortiMail unit downloads the firmware image file from the TFTP server. The FortiMail unit installs the firmware and restarts. Time required varies by the size of the file and the speed of your network connection.

      If you are downgrading the firmware to a previous version, the FortiMail unit reverts the configuration to default values for that version of the firmware. You must either reconfigure the FortiMail unit or restore the configuration file.

    13. If you also use the web UI, clear the cache of your web browser and restart it to ensure that it reloads the web UI and correctly displays all tab, button, and other changes.
    14. To verify that the firmware was successfully installed, log in to the CLI and type:
    15. get system status

    16. If you have downgraded the firmware version, reconnect to the FortiMail unit using its default IP address for port1, 192.168.1.99, and restore the configuration file. For details, see Reconnecting to the FortiMail unit and Restoring the configuration.
    17. If you have upgraded the firmware version, to verify the conversion of the configuration file, see Verifying the configuration. If the upgrade is unsuccessful, you can downgrade the firmware to a previous version.

    18. Update the FortiGuard Antivirus definitions.
    19. Note

      Installing firmware replaces the current antivirus definitions with those included with the firmware release that you are installing. After you install the new firmware, make sure that your FortiGuard Antivirus definitions are up-to-date.

    20. After upgrading to FortiMail v3.0 from any older version, create new LDAP profiles. LDAP profiles cannot be automatically converted from the FortiMail v3.0 configuration format. For details, see Configuring LDAP profiles.
    See also

    Backup and restore

    Reconnecting to the FortiMail unit

    Restoring the configuration

    Verifying the configuration

    Reconnecting to the FortiMail unit

    After downgrading to a previous firmware version, the FortiMail unit reverts to default settings for the installed firmware version, including the IP addresses of network interfaces through which you connect to the FortiMail web UI and/or CLI.

    Use either of the following procedures if the FortiMail unit has been reset to a default configuration and you need to reconnect to the web UI.

    Note

    If your FortiMail unit has not been reset to its default configuration, but you cannot connect to the web UI or CLI, you can restore the firmware, resetting the FortiMail unit to its default configuration in order to reconnect using the default network interface IP address. For more information, see Clean installing firmware.

    To reconnect using the LCD panel
    Note

    This procedure requires a FortiMail model whose hardware includes a front LCD panel.

    1. Press Enter to display the Main Menu.
    2. Press Enter to display the interface list.
    3. Use the up or down arrows to highlight the network interface that is connected to your management computer, and press Enter.
    4. Press Enter for IP Address.
    5. Use the up and down arrows to increase or decrease each number of each IP address digit. Press Enter to go to the next IP address digit or press Esc to move to the previous digit.
    6. After selecting the last IP address digit, press Enter to save the IP address.
    7. Repeat steps Press Enter for IP Address. 4 to Reconnecting to the FortiMail unit6 to enter the netmask address for the network interface.
    8. After selecting the last netmask address digit, press Enter to save the netmask address.
    9. Press Esc to return to the Main Menu.

      The network interface’s IP address and netmask is saved. You can now reconnect to either the web UI or CLI through that network interface using. For information on restoring the configuration, see Restoring the configuration.

    To reconnect using the CLI
    1. Connect your management computer to the FortiMail console port using a RJ-45 to DB-9 serial cable or a null-modem cable.
    2. Start HyperTerminal, enter a name for the connection and click OK.
    3. Configure HyperTerminal to connect directly to the communications (COM) port on your computer and click OK.
    4. Select the following port settings and click OK:
    5. Bits per second

      9600

      Data bits

      8

      Parity

      None

      Stop bits

      1

      Flow control

      None

    6. Press Enter to connect to the FortiMail CLI.
    7. The login prompt appears.

    8. Type admin and press Enter twice.
    9. The following prompt appears:

      Welcome!

    10. Enter the following command:
    11. config system interface

      edit <interface_str>

      set ip <ip&netmask>

      end

      where:

    • <interface_str> is the name of the network interface, such as port1
    • <ip$netmask> is the IP address/netmask of the network interface, such as 192.168.1.10/24
  • Enter the following command:
  • config system interface

    edit <interface_str>

    set allowaccess {https | http | ssh | snmp | ping | telnet}

    end

    The network interface’s IP address and netmask is saved. You can now reconnect to either the web UI or CLI through that network interface. For information on restoring the configuration, see Restoring the configuration.

    See also

    Restoring the configuration

    Restoring the configuration

    You can restore a backup copy of the configuration file from your local PC using either the web UI or CLI.

    If you have just downgraded or restored the firmware of the FortiMail unit, restoring the configuration file can be used to reconfigure the FortiMail unit from its default settings.

    To restore the configuration file using the web UI
    1. Clear your browser’s cache. If your browser is currently displaying the web UI, also refresh the page.
    2. Log in to the web UI.
    3. In the advanced management mode, go to System > Maintenance > Configuration.
    4. Click Restore Configuration to locate and select the configuration file that you want to restore, then click Restore.
    5. The FortiMail unit restores the configuration file and reboots.Time required varies by the size of the file and the speed of your network connection.

    6. After restoring the configuration file, verify that the settings have been successfully loaded. For details on verifying the configuration restoration, see Verifying the configuration.
    To restore the configuration file using the CLI
    Note

    The following procedure restores only the core configuration file, which does not include items such as the Bayesian databases, dictionary database, and other items. To restore backups of those items, use the web UI.

    1. Initiate a connection from your management computer to the CLI of the FortiMail unit, and log in as the admin administrator, or an administrator account that has system configuration read and write privileges.
    2. Connect a network interface of the FortiMail unit directly or to the same subnet as a TFTP server.
    3. Copy the new firmware image file to the root directory of the TFTP server.
    4. Verify that the TFTP server is currently running, and that the FortiMail unit can reach the TFTP server.
    5. To use the (Undefined variable: FortiMail Amin Guide.FortiProduct) CLI to verify connectivity, enter the following command:

      execute ping 192.168.1.168

      where 192.168.1.168 is the IP address of the TFTP server.

    6. Enter the following command:
    7. execute restore config tftp <file_name> <tftp_ipv4>

      The following message appears:

      This operation will overwrite the current settings!
      (The current admin password will be preserved.)
      Do you want to continue? (y/n)

    8. Enter y.
    9. The FortiMail unit restores the configuration file and reboots. Time required varies by the size of the file and the speed of your network connection.

    10. After restoring the configuration file, verify that the settings have been successfully loaded. For details on verifying the configuration restoration, see Verifying the configuration.
    See also

    Backup and restore

    Verifying the configuration

    Installing firmware

    Clean installing firmware

    Verifying the configuration

    After installing a new firmware file, you should verify that the configuration has been successfully converted to the format required by the new firmware and that no configuration data has been lost.

    In addition to verifying successful conversion, verifying the configuration also provides familiarity with new and changed features.

    To verify the configuration upgrade
    1. Clear your browser’s cache.
    2. Log in to the web UI using the admin administrator account.
    3. Other administrator accounts may not have sufficient privileges to completely review the configuration.

    4. Review the configuration and compare it with your configuration backup to verify that the configuration has been correctly converted.

    Upgrading the firmware

    If you are upgrading, it is especially important to note that the upgrade process may require a specific path. Very old versions of the firmware may not be supported by the configuration upgrade scripts that are used by the newest firmware. As a result, you may need to upgrade to an intermediate version of the firmware first, before upgrading to your intended version. Upgrade paths are described in the Release Notes.

    Before upgrading the firmware of the FortiMail unit, for the most current upgrade information, review the Release Notes for the new firmware version.

    Release Notes are available from http://support.fortinet.com when downloading the firmware image file.

    Release Notes may contain late-breaking information that was not available at the time this Administration Guide was prepared.

    See also

    Backup and restore

    Restoring the configuration

    Installing firmware