Fortinet black logo

Administration Guide

Clean installing firmware

Clean installing firmware

Clean installing the firmware can be useful if:

  • you are unable to connect to the FortiMail unit using the web-based manager or the CLI
  • you want to install firmware without preserving any existing configuration
  • a firmware version that you want to install requires a different size of system partition (see the Release Notes accompanying the firmware)

A firmware version that you want to install requires that you format the boot device (see the Release Notes accompanying the firmware).

Unlike upgrading or downgrading firmware, clean installing firmware re-images the boot device, including the signatures that were current at the time that the firmware image file was created. Also, a clean install can only be done during a boot interrupt, before network connectivity is available, and therefore requires a local console connection to the CLI. A clean install cannot be done through a network connection.

Caution

Back up your configuration before beginning this procedure, if possible. A clean install resets the configuration, including the IP addresses of network interfaces. For information on reconnecting to a FortiMail unit whose network interface configuration has been reset, see Reconnecting to the FortiMail unit.

Caution

If you are reverting to a previous FortiMail version (for example, reverting from v3.0 to v2.80), you might not be able to restore your previous configuration from the backup configuration file.

To clean install the firmware
  1. Download the firmware file from the Fortinet Technical Support web site, https://support.fortinet.com/.
  2. Connect your management computer to the FortiMail console port using a RJ-45 to DB-9 serial cable or a null-modem cable.
  3. Initiate a local console connection from your management computer to the CLI of the FortiMail unit, and log in as the admin administrator, or an administrator account that has system configuration read and write privileges.
  4. Connect port1 of the FortiMail unit directly to the same subnet as a TFTP server.
  5. Copy the new firmware image file to the root directory of the TFTP server.
  6. Verify that the TFTP server is currently running, and that the FortiMail unit can reach the TFTP server.
  7. To use the FortiMail CLI to verify connectivity, if it is responsive, enter the following command:

    execute ping 192.168.1.168

    where 192.168.1.168 is the IP address of the TFTP server.

  8. Enter the following command to restart the FortiMail unit:
  9. execute reboot

    or power off and then power on the FortiMail unit.

  10. As the FortiMail units starts, a series of system startup messages are displayed.
  11. Press any key to display configuration menu........

  12. Immediately press a key to interrupt the system startup.
  13. Note

    You have only three seconds to press a key. If you do not press a key soon enough, the FortiMail unit reboots and you must log in and repeat the execute reboot command.

    If you successfully interrupt the startup process, the following messages appears:

    [G]: Get firmware image from TFTP server.

    [F]: Format boot device.

    [B]: Boot with backup firmware and set as default.

    [I]: Configuration and information.

    [Q]: Quit menu and continue to boot with default firmware.

    [H]: Display this list of options.

    Enter G,F,B,I,Q,or H:

  14. If the firmware version requires that you first format the boot device before installing firmware, type F. (Format boot device) before continuing.
  15. Type G to get the firmware image from the TFTP server.
  16. The following message appears:

    Enter TFTP server address [192.168.1.168]:

  17. Type the IP address of the TFTP server and press Enter.
  18. The following message appears:

    Enter Local Address [192.168.1.188]:

  19. Type a temporary IP address that can be used by the FortiMail unit to connect to the TFTP server.
  20. The following message appears:

    Enter File Name [image.out]:

  21. Type the firmware image file name and press Enter.
  22. The FortiMail unit downloads the firmware image file from the TFTP server and displays a message similar to the following:

    Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]

  23. Type D.
  24. The FortiMail unit downloads the firmware image file from the TFTP server. The FortiMail unit installs the firmware and restarts. Time required varies by the size of the file and the speed of your network connection.

    The FortiMail unit reverts the configuration to default values for that version of the firmware.

  25. Clear the cache of your web browser and restart it to ensure that it reloads the web UI and correctly displays all tab, button, and other changes.
  26. To verify that the firmware was successfully installed, log in to the CLI and type:
  27. get system status

    The firmware version number appears.

  28. Either reconfigure the FortiMail unit or restore the configuration file from a backup. For details, see Restoring the configuration.
  29. Update the attack definitions.
  30. Note

    Installing firmware replaces the current FortiGuard Antivirus definitions with the definitions included with the firmware release you are installing. After you install new firmware, update the antivirus definitions.

See also

Backup and restore

Restoring the configuration

Installing firmware

Clean installing firmware

Clean installing the firmware can be useful if:

  • you are unable to connect to the FortiMail unit using the web-based manager or the CLI
  • you want to install firmware without preserving any existing configuration
  • a firmware version that you want to install requires a different size of system partition (see the Release Notes accompanying the firmware)

A firmware version that you want to install requires that you format the boot device (see the Release Notes accompanying the firmware).

Unlike upgrading or downgrading firmware, clean installing firmware re-images the boot device, including the signatures that were current at the time that the firmware image file was created. Also, a clean install can only be done during a boot interrupt, before network connectivity is available, and therefore requires a local console connection to the CLI. A clean install cannot be done through a network connection.

Caution

Back up your configuration before beginning this procedure, if possible. A clean install resets the configuration, including the IP addresses of network interfaces. For information on reconnecting to a FortiMail unit whose network interface configuration has been reset, see Reconnecting to the FortiMail unit.

Caution

If you are reverting to a previous FortiMail version (for example, reverting from v3.0 to v2.80), you might not be able to restore your previous configuration from the backup configuration file.

To clean install the firmware
  1. Download the firmware file from the Fortinet Technical Support web site, https://support.fortinet.com/.
  2. Connect your management computer to the FortiMail console port using a RJ-45 to DB-9 serial cable or a null-modem cable.
  3. Initiate a local console connection from your management computer to the CLI of the FortiMail unit, and log in as the admin administrator, or an administrator account that has system configuration read and write privileges.
  4. Connect port1 of the FortiMail unit directly to the same subnet as a TFTP server.
  5. Copy the new firmware image file to the root directory of the TFTP server.
  6. Verify that the TFTP server is currently running, and that the FortiMail unit can reach the TFTP server.
  7. To use the FortiMail CLI to verify connectivity, if it is responsive, enter the following command:

    execute ping 192.168.1.168

    where 192.168.1.168 is the IP address of the TFTP server.

  8. Enter the following command to restart the FortiMail unit:
  9. execute reboot

    or power off and then power on the FortiMail unit.

  10. As the FortiMail units starts, a series of system startup messages are displayed.
  11. Press any key to display configuration menu........

  12. Immediately press a key to interrupt the system startup.
  13. Note

    You have only three seconds to press a key. If you do not press a key soon enough, the FortiMail unit reboots and you must log in and repeat the execute reboot command.

    If you successfully interrupt the startup process, the following messages appears:

    [G]: Get firmware image from TFTP server.

    [F]: Format boot device.

    [B]: Boot with backup firmware and set as default.

    [I]: Configuration and information.

    [Q]: Quit menu and continue to boot with default firmware.

    [H]: Display this list of options.

    Enter G,F,B,I,Q,or H:

  14. If the firmware version requires that you first format the boot device before installing firmware, type F. (Format boot device) before continuing.
  15. Type G to get the firmware image from the TFTP server.
  16. The following message appears:

    Enter TFTP server address [192.168.1.168]:

  17. Type the IP address of the TFTP server and press Enter.
  18. The following message appears:

    Enter Local Address [192.168.1.188]:

  19. Type a temporary IP address that can be used by the FortiMail unit to connect to the TFTP server.
  20. The following message appears:

    Enter File Name [image.out]:

  21. Type the firmware image file name and press Enter.
  22. The FortiMail unit downloads the firmware image file from the TFTP server and displays a message similar to the following:

    Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]

  23. Type D.
  24. The FortiMail unit downloads the firmware image file from the TFTP server. The FortiMail unit installs the firmware and restarts. Time required varies by the size of the file and the speed of your network connection.

    The FortiMail unit reverts the configuration to default values for that version of the firmware.

  25. Clear the cache of your web browser and restart it to ensure that it reloads the web UI and correctly displays all tab, button, and other changes.
  26. To verify that the firmware was successfully installed, log in to the CLI and type:
  27. get system status

    The firmware version number appears.

  28. Either reconfigure the FortiMail unit or restore the configuration file from a backup. For details, see Restoring the configuration.
  29. Update the attack definitions.
  30. Note

    Installing firmware replaces the current FortiGuard Antivirus definitions with the definitions included with the firmware release you are installing. After you install new firmware, update the antivirus definitions.

See also

Backup and restore

Restoring the configuration

Installing firmware