Clean installing firmware
Clean installing the firmware can be useful if:
- you are unable to connect to the FortiMail unit using the web-based manager or the CLI
- you want to install firmware without preserving any existing configuration
- a firmware version that you want to install requires a different size of system partition (see the Release Notes accompanying the firmware)
- a firmware version that you want to install requires that you format the boot device (see the Release Notes accompanying the firmware).
Unlike upgrading or downgrading firmware, clean installing firmware re-images the boot device, including the signatures that were current at the time that the firmware image file was created. Also, a clean install can only be done during a boot interrupt, before network connectivity is available, and therefore requires a local console connection to the CLI. A clean install cannot be done through a network connection.
Back up your configuration before beginning this procedure, if possible. A clean install resets the configuration, including the IP addresses of network interfaces. For information on reconnecting to a FortiMail unit whose network interface configuration has been reset, see Reconnecting to the FortiMail unit. |
If you are reverting to a previous FortiMail version, you might not be able to restore your previous configuration from the backup configuration file. |
To clean install the firmware
- Download the firmware file from the Fortinet Technical Support web site, https://support.fortinet.com/.
- Connect your management computer to the FortiMail console port using a RJ-45 to DB-9 serial cable or a null-modem cable.
- Initiate a local console connection from your management computer to the CLI of the FortiMail unit, and log in as the
admin
administrator, or an administrator account that has system configuration read and write privileges. - Connect port1 of the FortiMail unit directly to the same subnet as a TFTP server.
- Copy the new firmware image file to the root directory of the TFTP server.
- Verify that the TFTP server is currently running, and that the FortiMail unit can reach the TFTP server.
- Enter the following command to restart the FortiMail unit:
- As the FortiMail units starts, a series of system startup messages are displayed.
- Immediately press a key to interrupt the system startup.
- If the firmware version requires that you first format the boot device before installing firmware, type
F
(format boot device) before continuing. - Type
G
to get the firmware image from the TFTP server. - Type the IP address of the TFTP server and press Enter.
- Type a temporary IP address that can be used by the FortiMail unit to connect to the TFTP server.
- Type the firmware image file name and press Enter.
- Type
D
. - Clear the cache of your web browser and restart it to ensure that it reloads the web UI and correctly displays all tab, button, and other changes.
- To verify that the firmware was successfully installed, log in to the CLI and type:
- Either reconfigure the FortiMail unit or restore the configuration file from a backup. For details, see Restoring the configuration.
- Update the attack definitions.
To use the FortiMail CLI to verify connectivity, if it is responsive, enter the following command:
execute ping 192.168.1.168
where 192.168.1.168
is the IP address of the TFTP server.
execute reboot
or power off and then power on the FortiMail unit.
Press any key to display configuration menu........
You have only three seconds to press a key. If you do not press a key soon enough, the FortiMail unit reboots and you must log in and repeat the |
If you successfully interrupt the startup process, the following messages appears:
[G]: Get firmware image from TFTP server.
[F]: Format boot device.
[B]: Boot with backup firmware and set as default.
[I]: Configuration and information.
[Q]: Quit menu and continue to boot with default firmware.
[H]: Display this list of options.
Enter G,F,B,I,Q,or H:
The following message appears:
Enter TFTP server address [192.168.1.168]:
The following message appears:
Enter Local Address [192.168.1.188]:
The following message appears:
Enter File Name [image.out]:
The FortiMail unit downloads the firmware image file from the TFTP server and displays a message similar to the following:
Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]
The FortiMail unit downloads the firmware image file from the TFTP server. The FortiMail unit installs the firmware and restarts. Time required varies by the size of the file and the speed of your network connection.
The FortiMail unit reverts the configuration to default values for that version of the firmware.
get system status
The firmware version number appears.
Installing firmware replaces the current FortiGuard Antivirus definitions with the definitions included with the firmware release you are installing. After you install new firmware, update the antivirus definitions. |