Firmware
This section covers the following topics:
- Upgrading the firmware
- Verifying image integrity
- Setting the boot partition
- Restoring or upgrading the BIOS
Upgrading the firmware
Use these procedures to upgrade your FortiSwitch firmware.
Using the GUI
You can upgrade the firmware from the dashboard or from the System > Config > Firmware page.
If an unverified firmware image is uploaded to FortiSwitchOS, the following warning is displayed: “WARNING: This firmware failed signature validation.”
To upgrade the firmware from the dashboard:
- Go to System > Dashboard.
- Click the firmware version.
- Click Choose File and then navigate to the firmware image.
- Select Apply.
To upgrade the firmware from the system configuration page:
- Go to System > Config > Firmware.
- Click Choose File and then navigate to the firmware image.
- Select Apply.
Using the CLI
You can download a firmware image from an FTP server, from a FortiManager unit, or from a TFTP server. The FortiSwitch unit reboots and then loads the new firmware.
execute restore image ftp <filename_str> <server_ipv4_ipv6_fqdn[:port_int]> [<username_str> <password_str>]
execute restore image management-station <version_int>
execute restore image tftp <filename_str> <server_ipv4_ipv6_fqdn>
The following example shows how to upload a configuration file from a TFTP server to the FortiSwitch unit and restart the FortiSwitch unit with this configuration. The name of the configuration file on the TFTP server is backupconfig. The IP address of the TFTP server is 192.168.1.23.
execute restore config tftp backupconfig 192.168.1.23
You can also load a firmware image from an FTP or TFTP server without restarting the FortiSwitch unit:
execute stage image ftp <string> <ftp server>[:ftp port]
execute stage image tftp <string> <ip>
Verifying image integrity
To verify the integrity of the images in the primary and secondary (if applicable) flash partitions, use the following commands:
execute verify image primary
execute verify image secondary
If the image is corrupted or missing, the command fails with a return code of -1.
For example:
execute verify image primary
Verifying the image in flash......100%
No issue found!
execute verify image secondary
Verifying the image in flash......100%
Bad/corrupted image found in flash!
Command fail. Return code -1
Setting the boot partition
You can specify the flash partition for the next reboot. The system can use the boot image from either the primary or the secondary flash partition:
execute set-next-reboot <primary | secondary>
NOTE: You must disable image rotation before you can use the execute set-next-reboot command.
If your FortiSwitch model has dual flash memory, you can use the primary and backup partitions for image rotation. By default, this feature is enabled.
config system global
set image-rotation <enable | disable>
end
To list all of the flash partitions:
diagnose sys flash list
Restoring or upgrading the BIOS
You can restore or upgrade the basic input/output system (BIOS) if needed. After a BIOS upgrade, passwords for all FortiSwitch local users must be reconfigured using the config user local setting.
CAUTION: Only restore or upgrade the BIOS if Customer Support recommends it.
To upgrade or restore the BIOS from the CLI:
execute restore bios tftp <filename_str> <server_ipv4_ipv6_fqdn>
For example:
execute restore bios tftp PPC/FS-3032D/04000009/FS3D323Z14000004.bin 10.105.2.201
The example downloads the BIOS file from the TFTP server at the specified IPv4 address.
NOTE: If the BIOS upgrade fails, do not restart the FortiSwitch unit. Instead, try the CLI command again. If repeating the CLI command does not work, the FortiSwitch unit might require a return merchandise authorization (RMA).