Upgrade Information
Before and after any firmware upgrade
Before any firmware upgrade, save a copy of your FortiSandbox configuration by going to Dashboard > System Configuration > Backup.
After any firmware upgrade, if you are using the web UI, clear the browser cache prior to login on the FortiSandbox unit to ensure proper display of the web UI screens.
Upgrading to 3.0.4
FortiSandbox 3.0.4 officially supports upgrading from version 3.0.0, 3.0.1, 3.0.2, and 3.0.3 to 3.0.4.
When upgrading to 3.0.4 from a version before 3.0.0, it is required that you upgrade to at least 3.0.0 first before upgrading to 3.0.4.
Upgrading cluster environments
In a cluster environment, it is recommended to upgrade the cluster in the following order:
Upgrade a unit after the previous one fully boots up. After upgrade, it is highly recommended to setup a cluster level fail-over IP set, so the fail-over between Master and Primary Slave can occur smoothly. |
Upgrade procedure
Upgrading FortiSandbox firmware consists of the following steps:
Step 1: Upgrade the firmware
- Download the firmware image from the Fortinet Customer Service & Support portal.
- When upgrading via the CLI, put the firmware image on a host that supports file copy with the SCP or FTP command. The FortiSandbox must be able to access the SCP or FTP server.
In a console window, enter the following command string to download and install the firmware image:
fw-upgrade -b -s<SCP/FTP server IP address> -u<user name> - p<password> -t<ftp|scp> -f<file path>
- When upgrading via the Web-based Manager, go to System > Dashboard . In the System Information widget, click the Update link next to Firmware Version. The Firmware Upgrade page is displayed. Browse to the firmware image on the management computer and select the Submit button.
- Microsoft Windows Sandbox VMs must be activated against the Microsoft activation server if they have not been already. This is done automatically after a system reboot. To ensure the activation is successful, port3 of the system must be able to access the Internet and the DNS servers should be able to resolve the Microsoft activation servers.
Step 2: Install Microsoft Windows VM package
If the unit does not have a Microsoft Windows VM package installed, they can be installed manually.
By default, FortiSandbox supports a base package of 4 Windows VM images. |
To manually download the package:
- FSA-1000D, FSA-3000D, and FSA-VM-BASE models:
Download the package from ftp://fsavm.fortinet.net/images/v3.00/general_base.pkg
FSA-2000E model:
Download the package from ftp://fsavm.fortinet.net/images/v3.00/2000E_base.pkg
FSA-VM00:
Download the package from ftp://fsavm.fortinet.net/images/v3.00/VM00_base.pkg
FSA-VMI:
Download the package from ftp://fsavm.fortinet.net/images/v3.00/VMI_base.pkg
Users can also purchase, download and install extra Android image packages. These packages can be downloaded from:
Android:
Download the package from ftp://fsavm.fortinet.net/images/v3.00/AndroidVM.pkg.7z
- Put the package on a host that supports file copy with the SCP or FTP command. The FortiSandbox must be able to access the SCP or FTP server.
- In a console window, enter the following command string to download and install the package:
fw-upgrade -v -s<SCP/FTP server IP address> -u<user name> -p<password> -t<ftp|scp> -f<file path>
Step 3: Install the Microsoft Office license file
- If the unit has no Office license file installed, download the Microsoft Office license file from the Fortinet Customer Service & Support portal.
- Log into the FortiSandbox and go to System > Dashboard . In the System Information widget, click the Upload License link next to Microsoft Office. The Microsoft Office License Upload page is displayed. Browse to the license file on the management computer and select the Submit button. The system will reboot.
- The Microsoft Office license must be activated against the Microsoft activation server. This is done automatically after a system reboot. To ensure the activation is successful, port3 must be able to access the Internet and the DNS servers should be able to resolve the Microsoft activation servers.
For FSA-3000D and FSA-1000D specific models, contact Fortinet Customer Service & Support to obtain the license file. |
Step 4: Install Windows 8.1 or Windows 10 license files
- If user purchases Windows 8.1 or Windows 10 support, download the Windows license file from the Fortinet Customer Service & Support portal
- Log into FortiSandbox and go to System > Dashboard. In the System Information widget, click the Upload License link next to Windows VM field. The Microsoft VM License Upload page is displayed. Browse to the license file on the management computer and click the Submit button. The system will reboot.
- The Microsoft Windows license must be activated against the Microsoft activation server. This is done automatically after a system reboot. To ensure the activation is successful, port3 must be able to access the Internet and the DNS servers should be able to resolve the Microsoft activation servers. Network configurations for port3 can be configure on the Scan Policy > General page.
Step 5: Check system settings
After upgrading, from a version prior to 2.2.0, the following settings should be checked in order for system to work as expected
- Check Network > System Routing page and Network > System DNS page to make sure the static routing and DNS settings are correct for non-guest VM traffic. As port3 is reserved for guest VM traffic, all existing static routings on port3 should be removed.
- Check Scan Policy > General to make sure the next hop Gateway, proxy server and DNS settings are correct for guest VM images to communicate externally.
- Check Virtual Machine > VM Images page to make sure the clone number of each VM type is expected.
- Check Scan Policy > Scan Profile page to make sure each file type is scanned by the correct VM type.
- Go to Scan Policy > URL Category page to make sure the checked URL categories should be excluded from the malicious list.
- Go to Log & Report > Log Servers to make sure the log servers are receiving expected levels of logs.
When upgrading from a previous release, the database will be rebuilt. The Database Not Ready message will be displayed on web pages. The rebuild time depends on the existing data volume. |
Downgrading to previous firmware versions
Downgrading to previous firmware versions is not supported.
FortiSandbox VM firmware
Fortinet provides FortiSandbox VM firmware images for VMware ESXi and Kernel Virtual Machine (KVM) virtualization environments.
For more information, see the VM Installation Guide in the Fortinet Document Library. |
Firmware image checksums
The MD5 checksums for all Fortinet software and firmware releases are available at the Fortinet Customer Service & Support portal located at https://support.fortinet.com. After logging in select Download > Firmware Image Checksums, enter the image file name including the extension, and select Get Checksum Code.