Fortinet black logo

Administration Guide

Home FortiRecorder 6.4.0 Administration Guide
6.4.0
7.2.0
7.0.3
7.0.2
7.0.1
7.0.0
6.4.0
6.0.0
2.7.2
2.7.1
2.7.0
2.6.0

Updating the Firmware

Updating the Firmware

The FortiRecorder appliance come with the latest operating system (firmware); however, if a new version has been released since your appliance was received, install the latest firmware before continuing the installation of your FortiRecorder. (Camera firmware can be updated later, after you have connected your cameras to the appliance.

Fortinet periodically releases FortiRecorder firmware updates to include enhancements and address issues. After you register your FortiRecorder appliance, FortiRecorder firmware is available for download at:

https://support.fortinet.com

Installing new firmware overwrites attack signature packages using the versions of the packages that were current at the time that the firmware image was built. To avoid repeat updates, update the firmware before updating your FortiGuard packages. New firmware can introduce new features which you must configure for the first time.

For late-breaking information specific to the firmware release version, see the Release Notes available with that release.

Note

In addition to major releases that contain new features, Fortinet releases patch releases that resolve specific issues without containing new features and/or changes to existing features. It is recommended to download and install patch releases as soon as they are available.

Before you can download firmware updates for your FortiRecorder appliance, you must first register your FortiRecorder appliance with Fortinet Technical Support. For details, go to https://support.fortinet.com/ or contact Fortinet Technical Support.

Installing FortiRecorder firmware

You can use either the web UI or the CLI to upgrade or downgrade the appliance’s operating system.

Firmware changes are either:

  • an update to a newer version
  • a reversion to an earlier version

To determine if you are updating or reverting the firmware, go to Dashboard > Status and in the System Information widget, see the Firmware Version row. (Alternatively, in the CLI, enter the command get system status.)

For example, if your current firmware version is:

FortiRecorder-200D v1.0,build0065,120821

changing to

FortiRecorder-200D v1.0,build0066,120824

an earlier build number (65) and date (120821 means August 21, 2012), indicates that you are reverting.

Caution

Back up your configuration before beginning this procedure. Reverting to an earlier firmware version could reset settings that are not compatible with the new firmware.

Note

If you are installing a firmware version that requires a different size of system partition, you may be required to format the boot device before installing the firmware by re-imaging the boot device. Consult the Release Notes. In that case, do not install the firmware using this procedure.

To install firmware using the web UI

  1. Download the firmware file from the Fortinet Technical Support web site: https://support.fortinet.com/
  2. Log in to the web UI of the FortiRecorder appliance as the admin administrator.
  3. Go to Dashboard > Status.
  4. In the System Information widget, in the Firmware version row, select Update.The Choose Firmware dialog appears.
  5. Select Browse to locate and select the firmware file that you want to install, then select OK.
  6. Select OK.

    Your management computer uploads the firmware image to the FortiRecorder appliance. The FortiRecorder appliance installs the firmware and restarts. The time required varies by the size of the file and the speed of your network connection, and by the amount of time that the specific model requires to reboot. Over a LAN connection, it should only take a couple minutes until the appliance becomes available again.

    Note

    If you are downgrading the firmware to a previous version, and the settings are not fully backwards compatible, the FortiRecorder appliance may either remove incompatible settings, or use the feature’s default values for that version of the firmware. You may need to reconfigure some settings.
  7. Clear the cache of your web browser and restart it to ensure that it reloads the web UI and correctly displays all interface changes. For details, see your browser's documentation.
  8. To verify that the firmware was successfully installed, log in to the web UI and go to Dashboard > Status. In the System Information widget, the Firmware version row indicates the currently installed firmware version.
  9. If you want to install alternate firmware on the secondary partition, follow “Installing alternate firmware”.
  10. Continue with “Setting the “admin” account password”.

To install firmware using the CLI

  1. Download the firmware file from the Fortinet Technical Support web site: https://support.fortinet.com/
  2. Copy the new firmware image file to the root directory of the TFTP server.
  3. Connect your management computer to the FortiRecorder console port using a RJ-45-to-DB-9 serial cable or a null-modem cable.
  4. Connect port1 of the FortiRecorder appliance directly or to the same subnet as a TFTP server.
  5. Initiate a connection from your management computer to the CLI of the FortiRecorder appliance, and log in as the admin administrator.
  6. If necessary, start your TFTP server. (If you do not have one, you can temporarily install and run one such as tftpd (Windows, Mac OS X, or Linux) on your management computer.
    Caution

    Because TFTP is not secure, and because it does not support authentication and could allow anyone to have read and write access, you should only run it on trusted administrator-only networks, never on computers directly connected to the Internet. If possible, immediately turn off TFTP off when you are done.
  7. Verify that the TFTP server is currently running, and that the FortiRecorder appliance can reach the TFTP server.
    To use the FortiRecorder CLI to verify connectivity, enter the following command:
    execute ping 192.168.1.168
    where 192.168.1.168 is the IP address of the TFTP server.
  8. Enter the following command to download the firmware image from the TFTP server to the FortiRecorder appliance:

    execute restore image tftp <name_str> <tftp_ipv4>

    where <name_str> is the name of the firmware image file and <tftp_ipv4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter:

    execute restore image tftp image.out 192.168.1.168

    One of the following message appears:

    • This operation will replace the current firmware version!
      Do you want to continue? (y/n)
    • Get image from tftp server OK.
      Check image OK.
      This operation will downgrade the current firmware version!
      Do you want to continue? (y/n)
  9. Type y.

    The FortiRecorder appliance downloads the firmware image file from the TFTP server. The FortiRecorder appliance installs the firmware and restarts. The time required varies by the size of the file and the speed of your network connection

    Note

    If you are downgrading the firmware to a previous version, the FortiRecorder appliance reverts the configuration to default values for that version of the firmware. You will need to reconfigure the FortiRecorder appliance or restore the configuration file from a backup. For details, see “Connecting to FortiRecorder web UI” and, if you opt to restore the configuration, “Restoring a previous configuration”.
  10. To verify that the firmware was successfully installed, log in to the CLI and type:

    get system status

    The firmware version number is displayed.

  11. If you want to install alternate firmware on the secondary partition, follow “Installing alternate firmware”.
  12. Continue with “Setting the “admin” account password”.

Installing alternative firmware

You can install alternate firmware which can be loaded from its separate partition if the primary firmware fails. This can be accomplished via the web UI or CLI.

To install alternate firmware via the CLI

  1. Download the firmware file from the Fortinet Technical Support web site:
    https://support.fortinet.com/
  2. Copy the new firmware image file to the root directory of the TFTP server.
  3. Connect your management computer to the FortiRecorder console port using a RJ-45-to-DB-9 serial cable or a null-modem cable.
  4. Connect port1 of the FortiRecorder appliance directly or to the same subnet as a TFTP server.
  5. Initiate a connection from your management computer to the CLI of the FortiRecorder appliance, and log in as the admin administrator.
    For details, see “Connecting to FortiRecorder web UI”.
  6. If necessary, start your TFTP server. (If you do not have one, you can temporarily install and run one such as tftpd (Windows, Mac OS X, or Linux) on your management computer.)
    Caution

    Because TFTP is not secure, and because it does not support authentication and could allow anyone to have read and write access, you should only run it on trusted administrator-only networks, never on computers directly connected to the Internet. If possible, immediately turn off tftpd off when you are done.
  7. Verify that the TFTP server is currently running, and that the FortiRecorder appliance can reach the TFTP server. To use the FortiRecorder CLI to verify connectivity, enter the following command: class="CLI_0">execute ping 192.168.1.168 where 192.168.1.168 is the IP address of the TFTP server.
  8. Enter the following command to restart the FortiRecorder appliance:

    execute reboot

  9. As the FortiRecorder appliances starts, a series of system startup messages appear.

    Press any key to display configuration menu........

  10. Immediately press a key to interrupt the system startup
    Note

    You have only 3 seconds to press a key. If you do not press a key soon enough, the FortiRecorder appliance reboots and you must log in and repeat the execute reboot command.

    If you successfully interrupt the startup process, the following messages appears:

    [G]: Get firmware image from TFTP server.

    [F]: Format boot device.

    [B]: Boot with backup firmware and set as default.

    [Q]: Quit menu and continue to boot with default firmware.

    [H]: Display this list of options.

    Enter G,F,B,Q,or H:

    Please connect TFTP server to Ethernet port "1".

  11. Type G to get the firmware image from the TFTP server.

    The following message appears:

    Enter TFTP server address [192.168.1.168]:

  12. Type the IP address of the TFTP server and press Enter.

    The following message appears:

    Enter local address [192.168.1.188]:

  13. Type a temporary IP address that can be used by the FortiRecorder appliance to connect to the TFTP server.

    The following message appears:

    Enter firmware image file name [image.out]:

  14. Type the firmware image file name and press Enter.

    The FortiRecorder appliance downloads the firmware image file from the TFTP server and displays a message similar to the following:

    Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?

  15. Type B.

    The FortiRecorder appliance saves the backup firmware image and restarts. When the FortiRecorder appliance reboots, it is running the primary firmware.

Booting from the alternate partition

Each appliance can have up to two firmware versions installed. Each firmware version is stored in a separate disk partition.

To boot into alternative firmware through the local console CLI

  1. Install firmware onto the alternate partition (see “Installing alternate firmware”).
  2. Connect your management computer to the FortiRecorder console port using a RJ-45-to-DB-9 serial cable or a null-modem cable.
  3. Initiate a connection from your management computer to the CLI of the FortiRecorder appliance, and log in as the admin administrator.
  4. Enter the following command to restart the FortiRecorder appliance:

    execute reboot

  5. As the FortiRecorder appliances starts, a series of system startup messages appear.

    Press any key to display configuration menu........

    Immediately press a key to interrupt the system startup

    Note

    You have only 3 seconds to press a key. If you do not press a key soon enough, the FortiRecorder appliance reboots and you must log in and repeat the execute reboot command.

    If you successfully interrupt the startup process, the following messages appears:

    [G]: Get firmware image from TFTP server.

    [F]: Format boot device.

    [B]: Boot with backup firmware and set as default.

    [Q]: Quit menu and continue to boot with default firmware.

    [H]: Display this list of options.

    Enter G,F,B,Q,or H:

    Please connect TFTP server to Ethernet port "1".

  6. Type B to reboot and use the backup firmware.
Previous
Next

Updating the Firmware

The FortiRecorder appliance come with the latest operating system (firmware); however, if a new version has been released since your appliance was received, install the latest firmware before continuing the installation of your FortiRecorder. (Camera firmware can be updated later, after you have connected your cameras to the appliance.

Fortinet periodically releases FortiRecorder firmware updates to include enhancements and address issues. After you register your FortiRecorder appliance, FortiRecorder firmware is available for download at:

https://support.fortinet.com

Installing new firmware overwrites attack signature packages using the versions of the packages that were current at the time that the firmware image was built. To avoid repeat updates, update the firmware before updating your FortiGuard packages. New firmware can introduce new features which you must configure for the first time.

For late-breaking information specific to the firmware release version, see the Release Notes available with that release.

Note

In addition to major releases that contain new features, Fortinet releases patch releases that resolve specific issues without containing new features and/or changes to existing features. It is recommended to download and install patch releases as soon as they are available.

Before you can download firmware updates for your FortiRecorder appliance, you must first register your FortiRecorder appliance with Fortinet Technical Support. For details, go to https://support.fortinet.com/ or contact Fortinet Technical Support.

Installing FortiRecorder firmware

You can use either the web UI or the CLI to upgrade or downgrade the appliance’s operating system.

Firmware changes are either:

  • an update to a newer version
  • a reversion to an earlier version

To determine if you are updating or reverting the firmware, go to Dashboard > Status and in the System Information widget, see the Firmware Version row. (Alternatively, in the CLI, enter the command get system status.)

For example, if your current firmware version is:

FortiRecorder-200D v1.0,build0065,120821

changing to

FortiRecorder-200D v1.0,build0066,120824

an earlier build number (65) and date (120821 means August 21, 2012), indicates that you are reverting.

Caution

Back up your configuration before beginning this procedure. Reverting to an earlier firmware version could reset settings that are not compatible with the new firmware.

Note

If you are installing a firmware version that requires a different size of system partition, you may be required to format the boot device before installing the firmware by re-imaging the boot device. Consult the Release Notes. In that case, do not install the firmware using this procedure.

To install firmware using the web UI

  1. Download the firmware file from the Fortinet Technical Support web site: https://support.fortinet.com/
  2. Log in to the web UI of the FortiRecorder appliance as the admin administrator.
  3. Go to Dashboard > Status.
  4. In the System Information widget, in the Firmware version row, select Update.The Choose Firmware dialog appears.
  5. Select Browse to locate and select the firmware file that you want to install, then select OK.
  6. Select OK.

    Your management computer uploads the firmware image to the FortiRecorder appliance. The FortiRecorder appliance installs the firmware and restarts. The time required varies by the size of the file and the speed of your network connection, and by the amount of time that the specific model requires to reboot. Over a LAN connection, it should only take a couple minutes until the appliance becomes available again.

    Note

    If you are downgrading the firmware to a previous version, and the settings are not fully backwards compatible, the FortiRecorder appliance may either remove incompatible settings, or use the feature’s default values for that version of the firmware. You may need to reconfigure some settings.
  7. Clear the cache of your web browser and restart it to ensure that it reloads the web UI and correctly displays all interface changes. For details, see your browser's documentation.
  8. To verify that the firmware was successfully installed, log in to the web UI and go to Dashboard > Status. In the System Information widget, the Firmware version row indicates the currently installed firmware version.
  9. If you want to install alternate firmware on the secondary partition, follow “Installing alternate firmware”.
  10. Continue with “Setting the “admin” account password”.

To install firmware using the CLI

  1. Download the firmware file from the Fortinet Technical Support web site: https://support.fortinet.com/
  2. Copy the new firmware image file to the root directory of the TFTP server.
  3. Connect your management computer to the FortiRecorder console port using a RJ-45-to-DB-9 serial cable or a null-modem cable.
  4. Connect port1 of the FortiRecorder appliance directly or to the same subnet as a TFTP server.
  5. Initiate a connection from your management computer to the CLI of the FortiRecorder appliance, and log in as the admin administrator.
  6. If necessary, start your TFTP server. (If you do not have one, you can temporarily install and run one such as tftpd (Windows, Mac OS X, or Linux) on your management computer.
    Caution

    Because TFTP is not secure, and because it does not support authentication and could allow anyone to have read and write access, you should only run it on trusted administrator-only networks, never on computers directly connected to the Internet. If possible, immediately turn off TFTP off when you are done.
  7. Verify that the TFTP server is currently running, and that the FortiRecorder appliance can reach the TFTP server.
    To use the FortiRecorder CLI to verify connectivity, enter the following command:
    execute ping 192.168.1.168
    where 192.168.1.168 is the IP address of the TFTP server.
  8. Enter the following command to download the firmware image from the TFTP server to the FortiRecorder appliance:

    execute restore image tftp <name_str> <tftp_ipv4>

    where <name_str> is the name of the firmware image file and <tftp_ipv4> is the IP address of the TFTP server. For example, if the firmware image file name is image.out and the IP address of the TFTP server is 192.168.1.168, enter:

    execute restore image tftp image.out 192.168.1.168

    One of the following message appears:

    • This operation will replace the current firmware version!
      Do you want to continue? (y/n)
    • Get image from tftp server OK.
      Check image OK.
      This operation will downgrade the current firmware version!
      Do you want to continue? (y/n)
  9. Type y.

    The FortiRecorder appliance downloads the firmware image file from the TFTP server. The FortiRecorder appliance installs the firmware and restarts. The time required varies by the size of the file and the speed of your network connection

    Note

    If you are downgrading the firmware to a previous version, the FortiRecorder appliance reverts the configuration to default values for that version of the firmware. You will need to reconfigure the FortiRecorder appliance or restore the configuration file from a backup. For details, see “Connecting to FortiRecorder web UI” and, if you opt to restore the configuration, “Restoring a previous configuration”.
  10. To verify that the firmware was successfully installed, log in to the CLI and type:

    get system status

    The firmware version number is displayed.

  11. If you want to install alternate firmware on the secondary partition, follow “Installing alternate firmware”.
  12. Continue with “Setting the “admin” account password”.

Installing alternative firmware

You can install alternate firmware which can be loaded from its separate partition if the primary firmware fails. This can be accomplished via the web UI or CLI.

To install alternate firmware via the CLI

  1. Download the firmware file from the Fortinet Technical Support web site:
    https://support.fortinet.com/
  2. Copy the new firmware image file to the root directory of the TFTP server.
  3. Connect your management computer to the FortiRecorder console port using a RJ-45-to-DB-9 serial cable or a null-modem cable.
  4. Connect port1 of the FortiRecorder appliance directly or to the same subnet as a TFTP server.
  5. Initiate a connection from your management computer to the CLI of the FortiRecorder appliance, and log in as the admin administrator.
    For details, see “Connecting to FortiRecorder web UI”.
  6. If necessary, start your TFTP server. (If you do not have one, you can temporarily install and run one such as tftpd (Windows, Mac OS X, or Linux) on your management computer.)
    Caution

    Because TFTP is not secure, and because it does not support authentication and could allow anyone to have read and write access, you should only run it on trusted administrator-only networks, never on computers directly connected to the Internet. If possible, immediately turn off tftpd off when you are done.
  7. Verify that the TFTP server is currently running, and that the FortiRecorder appliance can reach the TFTP server. To use the FortiRecorder CLI to verify connectivity, enter the following command: class="CLI_0">execute ping 192.168.1.168 where 192.168.1.168 is the IP address of the TFTP server.
  8. Enter the following command to restart the FortiRecorder appliance:

    execute reboot

  9. As the FortiRecorder appliances starts, a series of system startup messages appear.

    Press any key to display configuration menu........

  10. Immediately press a key to interrupt the system startup
    Note

    You have only 3 seconds to press a key. If you do not press a key soon enough, the FortiRecorder appliance reboots and you must log in and repeat the execute reboot command.

    If you successfully interrupt the startup process, the following messages appears:

    [G]: Get firmware image from TFTP server.

    [F]: Format boot device.

    [B]: Boot with backup firmware and set as default.

    [Q]: Quit menu and continue to boot with default firmware.

    [H]: Display this list of options.

    Enter G,F,B,Q,or H:

    Please connect TFTP server to Ethernet port "1".

  11. Type G to get the firmware image from the TFTP server.

    The following message appears:

    Enter TFTP server address [192.168.1.168]:

  12. Type the IP address of the TFTP server and press Enter.

    The following message appears:

    Enter local address [192.168.1.188]:

  13. Type a temporary IP address that can be used by the FortiRecorder appliance to connect to the TFTP server.

    The following message appears:

    Enter firmware image file name [image.out]:

  14. Type the firmware image file name and press Enter.

    The FortiRecorder appliance downloads the firmware image file from the TFTP server and displays a message similar to the following:

    Save as Default firmware/Backup firmware/Run image without saving:[D/B/R]?

  15. Type B.

    The FortiRecorder appliance saves the backup firmware image and restarts. When the FortiRecorder appliance reboots, it is running the primary firmware.

Booting from the alternate partition

Each appliance can have up to two firmware versions installed. Each firmware version is stored in a separate disk partition.

To boot into alternative firmware through the local console CLI

  1. Install firmware onto the alternate partition (see “Installing alternate firmware”).
  2. Connect your management computer to the FortiRecorder console port using a RJ-45-to-DB-9 serial cable or a null-modem cable.
  3. Initiate a connection from your management computer to the CLI of the FortiRecorder appliance, and log in as the admin administrator.
  4. Enter the following command to restart the FortiRecorder appliance:

    execute reboot

  5. As the FortiRecorder appliances starts, a series of system startup messages appear.

    Press any key to display configuration menu........

    Immediately press a key to interrupt the system startup

    Note

    You have only 3 seconds to press a key. If you do not press a key soon enough, the FortiRecorder appliance reboots and you must log in and repeat the execute reboot command.

    If you successfully interrupt the startup process, the following messages appears:

    [G]: Get firmware image from TFTP server.

    [F]: Format boot device.

    [B]: Boot with backup firmware and set as default.

    [Q]: Quit menu and continue to boot with default firmware.

    [H]: Display this list of options.

    Enter G,F,B,Q,or H:

    Please connect TFTP server to Ethernet port "1".

  6. Type B to reboot and use the backup firmware.
Previous
Next